Solved Search.fast-find.net (Google Hijacker/Redirector) and blue screen

Status
Not open for further replies.
E

ENDZYM3

Posts: 43   +0
I've tried fixing this problem on my own, but to no avail.
I already completed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions.
I first noticed something wrong when my computer blue screened.
No symptoms before that.
Also worth noting, this thing doesn't like Techspot.
I was unable to post a thread (this thread) on my own computer (It would say that the page couldn't be loaded).
And it then blue screened after repeated attempts at posting.
I'm posting this now on my dad's computer.

Just got this problem yesterday, so it's pretty fresh in my system.
A big thank you to those who take my request into consideration, and the help that later comes with it. :)

mbam-log-2010-10-17 (12-20-53).txt

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4861

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/17/2010 12:20:53 PM
mbam-log-2010-10-17 (12-20-53).txt

Scan type: Quick scan
Objects scanned: 150838
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




DDS.txt

DDS (Ver_10-10-10.03) - NTFSx86
Run by ENDZYM3 at 12:41:49.05 on Sun 10/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1935 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\LxrSII1s.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ENDZYM3\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\users\endzym3\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [LxrAutorun] c:\users\endzym3\appdata\local\lexar media\LxrAutorun.exe
mRun: [WireLessMouse] c:\program files\mouse driver\StartAutorun.exe MouseDrv.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [exe.exe] c:\windows\temp\exe.exe
StartupFolder: c:\users\endzym3\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\endzym3\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\endzym3\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\endzym3\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-17 165584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-17 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-17 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2010-9-14 63448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-28 16472]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]

=============== Created Last 30 ================

2010-10-17 15:11:18 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-17 15:10:41 38848 ----a-w- c:\windows\avastSS.scr
2010-10-17 14:34:31 -------- d-----w- c:\users\endzym3\appdata\roaming\Malwarebytes
2010-10-17 14:34:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 14:34:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 14:34:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
2010-10-17 14:34:06 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-17 02:52:19 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-17 02:27:52 -------- d-----w- c:\progra~2\Update
2010-10-17 02:27:48 -------- d-----w- c:\users\endzym3\appdata\roaming\Wyyr
2010-10-17 02:27:48 -------- d-----w- c:\users\endzym3\appdata\roaming\Acgi
2010-10-16 23:57:26 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2fac1885-57a4-463c-9e81-13086c8182c4}\mpengine.dll
2010-10-16 23:22:40 187 ----a-w- c:\users\endzym3\appdata\roaming\7775.bat
2010-10-16 23:22:39 70144 ----a-w- c:\windows\system32\wdmaudr.dll
2010-10-16 23:22:07 -------- d-----w- c:\users\endzym3\appdata\roaming\Zoni
2010-10-16 23:22:07 -------- d-----w- c:\users\endzym3\appdata\roaming\Ymfel
2010-10-16 06:06:09 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-16 06:05:33 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2010-10-16 06:05:05 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2010-10-14 05:21:29 -------- d-----w- c:\program files\Winamp Detect
2010-10-14 02:38:23 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-10-14 02:38:23 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-10-14 02:38:23 155408 ----a-w- c:\windows\system32\LMRT.dll
2010-10-14 02:38:19 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-10-14 02:38:19 217984 ----a-w- c:\windows\system32\strmdll.dll
2010-10-14 02:38:19 109840 ----a-w- c:\program files\windows media player\mplayer2.exe
2010-10-14 02:37:40 -------- d-----w- C:\TELL ME MORE NV
2010-10-13 23:37:00 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-13 23:36:58 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 23:14:17 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 23:13:41 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 23:13:27 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 23:13:10 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:13:10 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:12:12 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 23:12:10 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:11:26 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:11:18 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 23:11:18 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 23:11:18 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 23:11:18 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 23:10:49 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:10:07 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-12 04:12:16 -------- d-----w- c:\windows\system32\appmgmt
2010-10-12 02:36:04 -------- d-----w- c:\program files\Rosetta Stone
2010-10-08 22:23:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-07 18:32:12 -------- d-----w- c:\progra~2\Rosetta Stone
2010-10-02 21:04:46 -------- d-----w- c:\progra~2\2DBoy
2010-10-02 19:32:56 -------- dc-h--w- c:\progra~2\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-10-02 19:32:43 -------- d-----w- c:\program files\Stardock
2010-09-29 10:00:56 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 07:30:33 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 07:29:11 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-26 23:18:35 -------- d-----w- c:\users\endzym3\.dvdcss
2010-09-26 23:14:20 -------- d-----w- c:\program files\PS3 Media Server
2010-09-26 23:12:43 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2010-09-26 23:11:17 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2010-09-26 23:07:38 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2010-09-26 23:07:08 588096 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-09-26 23:03:53 -------- d-----w- c:\users\endzym3\appdata\local\Microsoft Games
2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-23 01:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-10-02 20:02:34 20521984 ----a-w- c:\windows\system32\imageres.dll
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 15:14:12 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-27 15:14:00 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-27 15:08:34 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 15:07:56 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-27 15:03:20 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 15:03:20 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 15:03:18 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-27 14:55:50 37518 ----a-w- c:\windows\system32\Repository.reg

============= FINISH: 12:42:40.33 ===============
 

Attachments

  • attach.txt
    492 bytes · Views: 0
  • dds.txt
    486 bytes · Views: 0
  • gmer.log
    488 bytes · Views: 0
  • mbam-log-2010-10-17 (12-20-53).txt
    546 bytes · Views: 0
Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/24/2010 3:17:47 PM
System Uptime: 10/17/2010 12:08:09 PM (0 hours ago)

Motherboard: Acer | | Aspire 5532
Processor: AMD Athlon(tm) Processor TF-20 | Socket S1G1 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 55.966 GiB free.
D: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP108: 10/12/2010 2:33:10 AM - Windows Update
RP109: 10/13/2010 6:33:22 PM - Windows Update
RP110: 10/13/2010 7:33:20 PM - Windows Update
RP111: 10/16/2010 3:07:48 AM - Windows Update
RP112: 10/17/2010 8:01:33 AM - avast! Free Antivirus Setup
RP113: 10/17/2010 8:10:11 AM - avast! Free Antivirus Setup

==== Installed Programs ======================

µTorrent
abgx360 v1.0.2
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.0
Akamai NetSession Interface
Algodoo v1.7.1
Apple Application Support
Apple Software Update
Arena
ASIO4ALL
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Babylon
Cakewalk Rapture Expansion Pack 1
Cakewalk Rapture Expansion Pack 2
CameraHelperMsi
CCleaner
Combined Community Codec Pack 2009-09-09
Crayon Physics Deluxe - release 51
Daggerfall
Definition update for Microsoft Office 2010 (KB982726)
erLT
FL Studio 9
GNU Aspell 0.50-3
Google Talk (remove only)
Google Talk Plugin
Guitar Pro 6
Hardcore
IconPackager
IL Download Manager
ImgBurn
Java(TM) 6 Update 17
JDownloader
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
MediaCoder 0.7.5.4740
Medieval CUE Splitter
Messenger Plus! Live
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mouse Driver
Mozilla Firefox (3.6.10)
MSVCRT
Pando Media Booster
PDF Settings CS5
PeerBlock 1.0.0 (r181)
PoiZone
PxMergeModule
QuickTime
Rainmeter (remove only)
Rapture 1.0
reFX Nexus 1.0.9
SAMSUNG Intelli-studio
Sawer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Word 2010 (KB2345000)
Snagit 9.1.3
TeLL me More
Toxic Biohazard
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
VLC media player 1.1.2
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Sync ActiveX Control for Remote Connections
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

==== Event Viewer Messages From Past Week ========

10/17/2010 8:53:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/17/2010 8:53:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
10/17/2010 8:50:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2010 8:35:46 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended.
10/17/2010 12:08:55 PM, Error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
10/17/2010 12:08:29 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
10/17/2010 12:08:29 PM, Error: atikmdag [43029] - Display is not active
10/17/2010 12:06:50 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
10/16/2010 7:35:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
10/16/2010 7:34:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
10/16/2010 7:32:17 PM, Error: Service Control Manager [7000] - The WinUSB service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:16 PM, Error: Service Control Manager [7000] - The Wd service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:15 PM, Error: Service Control Manager [7000] - The Wacom Serial Pen HID Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:15 PM, Error: Service Control Manager [7000] - The vsmraid service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:13 PM, Error: Service Control Manager [7000] - The Virtual Machine Bus service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:12 PM, Error: Service Control Manager [7000] - The viaide service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:11 PM, Error: Service Control Manager [7000] - The VIA C7 Processor Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:10 PM, Error: Service Control Manager [7000] - The VIA AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:08 PM, Error: Service Control Manager [7000] - The vhdmp service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:05 PM, Error: Service Control Manager [7000] - The Microsoft USB Universal Host Controller Miniport Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:04 PM, Error: Service Control Manager [7000] - The USB Mass Storage Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:03 PM, Error: Service Control Manager [7000] - The Microsoft USB PRINTER Class service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:02 PM, Error: Service Control Manager [7000] - The eHome Infrared Receiver (USBCIR) service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:01 PM, Error: Service Control Manager [7000] - The Microsoft USB Generic Parent Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:32:00 PM, Error: Service Control Manager [7000] - The USB Audio Driver (WDM) service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:59 PM, Error: Service Control Manager [7000] - The Microsoft UMPass Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:58 PM, Error: Service Control Manager [7000] - The Uli AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:57 PM, Error: Service Control Manager [7000] - The Microsoft AGPv3.5 Filter service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:50 PM, Error: Service Control Manager [7000] - The storvsc service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:49 PM, Error: Service Control Manager [7000] - The stexstor service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:48 PM, Error: Service Control Manager [7000] - The SiSRaid4 service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:47 PM, Error: Service Control Manager [7000] - The SiSRaid2 service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:46 PM, Error: Service Control Manager [7000] - The SIS AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:45 PM, Error: Service Control Manager [7000] - The High-Capacity Floppy Disk Drive service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:44 PM, Error: Service Control Manager [7000] - The SFF Storage Protocol Driver for SDBus service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:43 PM, Error: Service Control Manager [7000] - The SFF Storage Protocol Driver for MMC service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:43 PM, Error: Service Control Manager [7000] - The SFF Storage Class Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:42 PM, Error: Service Control Manager [7000] - The Serial Mouse Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:40 PM, Error: Service Control Manager [7000] - The Serenum Filter Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:39 PM, Error: Service Control Manager [7000] - The sbp2port service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:38 PM, Error: Service Control Manager [7000] - The s3cap service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:37 PM, Error: Service Control Manager [7000] - The ql40xx service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:36 PM, Error: Service Control Manager [7000] - The ql2300 service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:35 PM, Error: Service Control Manager [7000] - The Processor Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:33 PM, Error: Service Control Manager [7000] - The pcmcia service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:30 PM, Error: Service Control Manager [7000] - The pciide service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:21 PM, Error: Service Control Manager [7000] - The 1394 OHCI Compliant Host Controller (Legacy) service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:17 PM, Error: Service Control Manager [7000] - The NVIDIA nForce AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:15 PM, Error: Service Control Manager [7000] - The nvstor service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:13 PM, Error: Service Control Manager [7000] - The nvraid service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:10 PM, Error: Service Control Manager [7000] - The nfrd960 service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:07 PM, Error: Service Control Manager [7000] - The Microsoft Input Configuration Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:31:03 PM, Error: Service Control Manager [7000] - The msdsm service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:56 PM, Error: Service Control Manager [7000] - The mpio service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:50 PM, Error: Service Control Manager [7000] - The MegaSR service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:47 PM, Error: Service Control Manager [7000] - The megasas service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:43 PM, Error: Service Control Manager [7000] - The Logitech HD Webcam C510(UVC) service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:40 PM, Error: Service Control Manager [7000] - The Logitech RightSound Filter Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:37 PM, Error: Service Control Manager [7000] - The LSI_SCSI service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:34 PM, Error: Service Control Manager [7000] - The LSI_SAS2 service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:31 PM, Error: Service Control Manager [7000] - The LSI_SAS service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:29 PM, Error: Service Control Manager [7000] - The LSI_FC service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:24 PM, Error: Service Control Manager [7000] - The iScsiPort Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:21 PM, Error: Service Control Manager [7000] - The isapnp service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:18 PM, Error: Service Control Manager [7000] - The IPMIDRV service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:15 PM, Error: Service Control Manager [7000] - The Intel Processor Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:12 PM, Error: Service Control Manager [7000] - The intelide service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:09 PM, Error: Service Control Manager [7000] - The iirsp service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:04 PM, Error: Service Control Manager [7000] - The iaStorV service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:30:01 PM, Error: Service Control Manager [7000] - The HpSAMD service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:44 PM, Error: Service Control Manager [7000] - The HID UPS Battery Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:40 PM, Error: Service Control Manager [7000] - The Hauppauge Consumer Infrared Receiver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:33 PM, Error: Service Control Manager [7000] - The Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:29 PM, Error: Service Control Manager [7000] - The Floppy Disk Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:25 PM, Error: Service Control Manager [7000] - The Floppy Disk Controller Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:22 PM, Error: Service Control Manager [7000] - The Microsoft Hardware Error Device Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:18 PM, Error: Service Control Manager [7000] - The elxstor service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:15 PM, Error: Service Control Manager [7000] - The Broadcom NetXtreme II 10 GigE VBD service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:12 PM, Error: Service Control Manager [7000] - The Microsoft Trusted Audio Drivers service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:10 PM, Error: Service Control Manager [7000] - The CrystalSysInfo service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:08 PM, Error: Service Control Manager [7000] - The cmdide service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:03 PM, Error: Service Control Manager [7000] - The Consumer IR Devices service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:29:00 PM, Error: Service Control Manager [7000] - The Bluetooth Serial Communications Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:57 PM, Error: Service Control Manager [7000] - The Brother MFC USB Serial WDM Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:54 PM, Error: Service Control Manager [7000] - The Brother MFC USB Fax Only Modem service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:48 PM, Error: Service Control Manager [7000] - The Brother WDM Serial driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:43 PM, Error: Service Control Manager [7000] - The Brother MFC Serial Port Interface Driver (WDM) service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:41 PM, Error: Service Control Manager [7000] - The Brother USB Mass-Storage Upper Filter Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:38 PM, Error: Service Control Manager [7000] - The Brother USB Mass-Storage Lower Filter Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:35 PM, Error: Service Control Manager [7000] - The Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:32 PM, Error: Service Control Manager [7000] - The Broadcom NetXtreme II VBD service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:28 PM, Error: Service Control Manager [7000] - The arcsas service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:21 PM, Error: Service Control Manager [7000] - The arc service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:17 PM, Error: Service Control Manager [7000] - The amdsbs service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:16 PM, Error: Service Control Manager [7000] - The amdsata service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:15 PM, Error: Service Control Manager [7000] - The AMD Processor Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:14 PM, Error: Service Control Manager [7000] - The amdide service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:12 PM, Error: Service Control Manager [7000] - The AMD AGP Bus Filter Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:11 PM, Error: Service Control Manager [7000] - The aliide service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:10 PM, Error: Service Control Manager [7000] - The Intel AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:10 PM, Error: Service Control Manager [7000] - The aic78xx service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:09 PM, Error: Service Control Manager [7000] - The adpu320 service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:08 PM, Error: Service Control Manager [7000] - The adpahci service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:07 PM, Error: Service Control Manager [7000] - The adp94xx service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:06 PM, Error: Service Control Manager [7000] - The ACPI Power Meter Driver service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:28:05 PM, Error: Service Control Manager [7000] - The 1394 OHCI Compliant Host Controller service failed to start due to the following error: The system cannot find the file specified.
10/16/2010 7:27:51 PM, Error: Service Control Manager [7023] - The FastUserSwitchingCompatibility service terminated with the following error: The specified module could not be found.
10/16/2010 6:14:23 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
10/16/2010 4:56:08 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
10/16/2010 4:39:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/16/2010 4:37:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/16/2010 4:37:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/16/2010 4:37:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/16/2010 4:37:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/16/2010 4:37:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/16/2010 4:37:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi discache spldr sptd Wanarpv6
10/16/2010 4:37:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000076, 0x00000002, 0x00000001, 0x82a8c784). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101610-35084-01.
10/16/2010 4:36:55 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/16/2010 4:27:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000be (0x8a63368f, 0x037b6121, 0x807f3790, 0x0000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101610-34382-01.
10/15/2010 8:07:42 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9EF6DFC1-AE19-4820-9167-682575DBE925} because another computer on the network has the same name. The server could not start.
10/13/2010 7:34:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Zune Software 4.7.
10/13/2010 6:41:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2360131).
10/13/2010 6:41:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 (KB979687).
10/11/2010 8:08:45 AM, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting.
10/11/2010 8:08:45 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: After starting, the service hung in a start-pending state.

==== End Of File ===========================
 
gmer.log

GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-17 12:40:56
Windows 6.1.7600
Running: 40elus7d.exe; Driver: C:\Users\ENDZYM3\AppData\Local\Temp\fgrdyfow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FFA1BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8FFA19D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8FFA1B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7E599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82BDC291 7 Bytes JMP 8FFA1B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C43FBF 5 Bytes JMP 8FF9D5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82C5DCF3 5 Bytes JMP 8FF9F012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82C6BD63 7 Bytes JMP 8FFA19D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82D15EAC 7 Bytes JMP 8FFA1BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spzo.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90014000, 0x2D5378, 0xE8000020]
.text USBPORT.SYS!DllUnload 909D2CA0 5 Bytes JMP 863C91D8
.text ak66v8bh.SYS 9060B000 12 Bytes [44, 98, A0, 82, EE, 96, A0, ...]
.text ak66v8bh.SYS 9060B00D 9 Bytes [77, A0, 82, 48, 9B, A0, 82, ...] {JA 0xffffffffffffffa2; OR BYTE [EAX-0x65], -0x60; ADD BYTE [EAX], 0x0}
.text ak66v8bh.SYS 9060B017 170 Bytes [00, DE, 77, 33, 83, E6, 75, ...]
.text ak66v8bh.SYS 9060B0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ak66v8bh.SYS 9060B0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 77355380 5 Bytes JMP 003E000A
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory 77355F00 5 Bytes JMP 003F000A
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!KiUserExceptionDispatcher 77356448 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[988] ole32.dll!CoCreateInstance 765B590C 5 Bytes JMP 005F000A
.text C:\Windows\system32\svchost.exe[988] USER32.dll!GetCursorPos 75ADC198 5 Bytes JMP 005B000A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 764D3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\Explorer.EXE[2028] ntdll.dll!NtProtectVirtualMemory 77355380 5 Bytes JMP 01AF000A
.text C:\Windows\Explorer.EXE[2028] ntdll.dll!NtWriteVirtualMemory 77355F00 5 Bytes JMP 01B0000A
.text C:\Windows\Explorer.EXE[2028] ntdll.dll!KiUserExceptionDispatcher 77356448 5 Bytes JMP 0078000A
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2580] kernel32.dll!SetUnhandledExceptionFilter 764D3162 5 Bytes JMP 660B85A4 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2580] ole32.dll!OleLoadFromStream 76565BF6 5 Bytes JMP 6669940D C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text C:\Windows\system32\wuauclt.exe[3132] ntdll.dll!NtProtectVirtualMemory 77355380 5 Bytes JMP 002F000A
.text C:\Windows\system32\wuauclt.exe[3132] ntdll.dll!NtWriteVirtualMemory 77355F00 5 Bytes JMP 0030000A
.text C:\Windows\system32\wuauclt.exe[3132] ntdll.dll!KiUserExceptionDispatcher 77356448 5 Bytes JMP 0029000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8323B042] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8323B6D6] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8323B800] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8323B13E] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851BE1F8
Device \Driver\volmgr \Device\VolMgrControl 851B91F8
Device \Driver\usbohci \Device\USBPDO-0 863FA1F8
Device \Driver\usbohci \Device\USBPDO-1 863FA1F8
Device \Driver\usbehci \Device\USBPDO-2 863D51F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BABE11A9-747D-47C9-BA71-3E1435A1D613} 8628B1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\volmgr \Device\HarddiskVolume1 851B91F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\sptd \Device\2770641978 spzo.sys
Device \Driver\PCI_PNP3971 \Device\00000059 spzo.sys
Device \Driver\cdrom \Device\CdRom0 863191F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-2 86095292
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 851BB1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86095292
Device \Driver\atapi \Device\Ide\IdePort0 851BB1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86095292
Device \Driver\atapi \Device\Ide\IdePort1 851BB1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86095292
Device \Driver\atapi \Device\Ide\IdePort2 851BB1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 86095292
Device \Driver\atapi \Device\Ide\IdePort3 851BB1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 86095292
Device \Driver\atapi \Device\Ide\IdePort4 851BB1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 86095292
Device \Driver\atapi \Device\Ide\IdePort5 851BB1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 851BC1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 851BC1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel2 851BC1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel3 851BC1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 851BC1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 851BC1F8
Device \Driver\cdrom \Device\CdRom1 863191F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8628B1F8
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{9EF6DFC1-AE19-4820-9167-682575DBE925} 8628B1F8
Device \Driver\usbohci \Device\USBFDO-0 863FA1F8
Device \Driver\usbohci \Device\USBFDO-1 863FA1F8
Device \Driver\usbehci \Device\USBFDO-2 863D51F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C881DEA6-2AD2-4FA9-9694-1C96561ED0F6} 8628B1F8
Device \Driver\ak66v8bh \Device\Scsi\ak66v8bh1 864281F8
Device \Driver\ak66v8bh \Device\Scsi\ak66v8bh1Port6Path0Target0Lun0 864281F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x3D 0x84 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0xF4 0x6D 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x62 0x13 0x29 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x3D 0x84 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0xF4 0x6D 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x62 0x13 0x29 0x81 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\ENDZYM3\Downloads\ 1

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


So far, I don't see much....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Here you go, sir.


MBRCheck_10.17.10_15.05.19.txt

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5532
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 160):
0x82A3A000 \SystemRoot\system32\ntkrnlpa.exe
0x82A03000 \SystemRoot\system32\halmacpi.dll
0x86303000 \SystemRoot\system32\kdcom.dll
0x8300F000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8301A000 \SystemRoot\system32\PSHED.dll
0x8302B000 \SystemRoot\system32\BOOTVID.dll
0x83033000 \SystemRoot\system32\CLFS.SYS
0x83075000 \SystemRoot\system32\CI.dll
0x83120000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83191000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83237000 \SystemRoot\System32\Drivers\spes.sys
0x8332A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x83333000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x83359000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x833A1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x833A9000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x833B4000 \SystemRoot\system32\DRIVERS\pci.sys
0x833DE000 \SystemRoot\System32\drivers\partmgr.sys
0x833EF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x83200000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8320B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8319F000 \SystemRoot\System32\drivers\volmgrx.sys
0x8321B000 \SystemRoot\System32\drivers\mountmgr.sys
0x833F7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8A627000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8A64A000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8A654000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8A662000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8A66B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A69F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A6B0000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A6BA000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A804000 \SystemRoot\System32\Drivers\msrpc.sys
0x8A82F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A842000 \SystemRoot\System32\Drivers\cng.sys
0x8A89F000 \SystemRoot\System32\drivers\pcw.sys
0x8A8AD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8A8B6000 \SystemRoot\system32\drivers\ndis.sys
0x8A96D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A9AB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8AA38000 \SystemRoot\System32\drivers\tcpip.sys
0x8AB81000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8ABB2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8ABBB000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8AA00000 \SystemRoot\System32\Drivers\spldr.sys
0x8AA08000 \SystemRoot\System32\drivers\rdyboost.sys
0x8A9D0000 \SystemRoot\System32\Drivers\mup.sys
0x8A9E0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8AC0F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8AC41000 \SystemRoot\system32\DRIVERS\disk.sys
0x8AC52000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8ACAA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8ACC9000 \SystemRoot\System32\Drivers\Null.SYS
0x8ACD0000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ACD7000 \SystemRoot\System32\drivers\vga.sys
0x8ACE3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AD04000 \SystemRoot\System32\drivers\watchdog.sys
0x8AD11000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8AD19000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8AD21000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8AD29000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8AD34000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AD42000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8AD59000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AD64000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8AD6E000 \SystemRoot\system32\drivers\afd.sys
0x8ADC8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8ADCD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8AC00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8A600000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8A9E8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8A7E9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x831EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FE2F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FE3F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FE80000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FE8A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FE94000 \SystemRoot\System32\drivers\discache.sys
0x8FEA0000 \SystemRoot\system32\drivers\csc.sys
0x8FF04000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FF1C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8FF2A000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8FF51000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FF72000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x90010000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x90525000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FF84000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9063D000 \SystemRoot\system32\DRIVERS\athr.sys
0x9076A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90774000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
0x90784000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x9078E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x907D9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9061F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x907E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x905DC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FFBD000 \SystemRoot\System32\Drivers\astggatb.SYS
0x907F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90637000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x905E9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8FE12000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90C07000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90C29000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90C41000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90C58000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90C6F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x90C79000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90C7B000 \SystemRoot\system32\DRIVERS\ks.sys
0x90CAF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90CBD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90D01000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90D12000 \SystemRoot\system32\drivers\HdAudio.sys
0x90D62000 \SystemRoot\system32\drivers\portcls.sys
0x90D91000 \SystemRoot\system32\drivers\drmk.sys
0x90DAA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90DB7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90DC2000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x90DCC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x959A0000 \SystemRoot\System32\win32k.sys
0x90DDD000 \SystemRoot\System32\drivers\Dxapi.sys
0x90DE7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95800000 \SystemRoot\System32\TSDDD.dll
0x95830000 \SystemRoot\System32\cdd.dll
0x95850000 \SystemRoot\System32\ATMFD.DLL
0x8AC77000 \SystemRoot\system32\drivers\luafv.sys
0x95E01000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x95E38000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x95E3B000 \SystemRoot\system32\drivers\WudfPf.sys
0x95E55000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95E65000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95EAB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95EBB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x95ECE000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x95ED7000 \SystemRoot\system32\drivers\HTTP.sys
0x95F5C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95F75000 \SystemRoot\System32\drivers\mpsdrv.sys
0x95F87000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95FAA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95FE5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x90DF2000 \??\C:\Windows\System32\Drivers\LxrSII1d.sys
0xA2416000 \SystemRoot\system32\drivers\peauth.sys
0xA24AD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA24B7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA24D8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA24E5000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2534000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2585000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x77970000 \Windows\System32\ntdll.dll
0x47F20000 \Windows\System32\smss.exe
0x77BB0000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x006E0000 \Windows\System32\autochk.exe
0x77770000 \Windows\System32\iertutil.dll
0x77B00000 \Windows\System32\advapi32.dll
0x77610000 \Windows\System32\ole32.dll
0x77470000 \Windows\System32\setupapi.dll
0x773D0000 \Windows\System32\usp10.dll

Processes (total 51):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
348 csrss.exe
420 C:\Windows\System32\wininit.exe
432 csrss.exe
488 C:\Windows\System32\winlogon.exe
504 C:\Windows\System32\services.exe
512 C:\Windows\System32\lsass.exe
520 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\svchost.exe
708 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\atiesrxx.exe
836 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\audiodg.exe
1124 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\atieclxx.exe
1332 C:\Windows\System32\svchost.exe
1408 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1568 C:\Windows\System32\dwm.exe
1580 C:\Windows\explorer.exe
1752 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
1760 C:\Program Files\Google\Google Talk\googletalk.exe
1792 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1800 C:\Program Files\DAEMON Tools Lite\DTLite.exe
1816 C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe
1956 C:\Program Files\Mouse Driver\MouseDrv.exe
1992 C:\Users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2012 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
996 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
652 C:\Windows\System32\spoolsv.exe
1204 C:\Windows\System32\taskhost.exe
1728 C:\Windows\System32\svchost.exe
2084 C:\Windows\System32\svchost.exe
2140 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
2180 C:\Windows\System32\LxrSII1s.exe
2220 C:\Windows\System32\svchost.exe
2480 C:\Windows\System32\SearchIndexer.exe
2556 C:\Windows\System32\svchost.exe
2728 C:\Windows\System32\svchost.exe
2908 C:\Windows\System32\svchost.exe
724 C:\Program Files\Windows Media Player\wmpnetwk.exe
3636 C:\Windows\System32\wuauclt.exe
3668 C:\Program Files\Mozilla Firefox\firefox.exe
1152 C:\Windows\System32\SearchProtocolHost.exe
2960 C:\Windows\System32\SearchFilterHost.exe
3140 C:\Users\ENDZYM3\Desktop\MBRCheck.exe
2232 C:\Windows\System32\conhost.exe
2216 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`069e5800 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Looks good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Okay, it said error when I ran it, but then it booted and did the scan just fine, or so it would seem.

combofix log

ComboFix 10-10-17.01 - ENDZYM3 10/17/2010 15:38:49.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1999 [GMT -7:00]
Running from: c:\users\ENDZYM3\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\users\ENDZYM3\AppData\Roaming\Ymfel
c:\users\ENDZYM3\AppData\Roaming\Ymfel\syas.exe
c:\users\ENDZYM3\Documents\cc_20101011_224246.reg
c:\users\Guest\AppData\Roaming\Syixob
c:\users\Guest\AppData\Roaming\Syixob\iqaz.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 22:54 . 2010-10-17 22:54 -------- d-----w- c:\users\ENDZYM3\AppData\Local\temp
2010-10-17 22:54 . 2010-10-17 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-17 15:11 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-17 15:11 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-17 15:11 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-17 15:11 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-17 15:11 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-17 15:10 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-17 15:10 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-17 15:10 . 2010-10-17 15:10 -------- d-----w- c:\program files\Alwil Software
2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Malwarebytes
2010-10-17 14:34 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\programdata\Malwarebytes
2010-10-17 14:34 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 02:52 . 2010-10-17 14:33 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-17 02:27 . 2010-10-17 14:50 -------- d-----w- c:\programdata\Update
2010-10-17 02:27 . 2010-10-17 14:50 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Acgi
2010-10-17 02:27 . 2010-10-17 02:28 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Wyyr
2010-10-17 02:27 . 2010-10-17 02:27 148480 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\evuvk.exe
2010-10-16 23:57 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FAC1885-57A4-463C-9E81-13086C8182C4}\mpengine.dll
2010-10-16 23:22 . 2010-10-16 23:22 187 ----a-w- c:\users\ENDZYM3\AppData\Roaming\7775.bat
2010-10-16 23:22 . 2010-10-16 23:22 70144 ----a-w- c:\windows\system32\wdmaudr.dll
2010-10-16 23:22 . 2010-10-16 23:22 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Zoni
2010-10-16 06:06 . 2010-10-16 06:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-16 06:05 . 2010-10-16 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-16 06:05 . 2010-10-16 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-10-14 05:21 . 2010-10-14 05:21 -------- d-----w- c:\program files\Winamp Detect
2010-10-14 02:38 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-10-14 02:38 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
2010-10-14 02:38 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-10-14 02:38 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-10-14 02:38 . 1998-09-02 08:02 109840 ----a-w- c:\program files\Windows Media Player\mplayer2.exe
2010-10-14 02:38 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
2010-10-14 02:37 . 2010-10-14 02:39 -------- d-----w- C:\TELL ME MORE NV
2010-10-13 23:37 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 23:36 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 23:14 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 23:13 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 23:13 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 23:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:12 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 23:12 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:11 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:11 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 23:11 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 23:11 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 23:11 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 23:10 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:10 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-12 02:36 . 2010-10-12 02:36 -------- d-----w- c:\program files\Rosetta Stone
2010-10-08 22:23 . 2004-01-12 07:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-07 18:33 . 2010-10-12 02:34 -------- d-----w- c:\programdata\FLEXnet
2010-10-07 18:32 . 2010-10-12 04:11 -------- d-----w- c:\programdata\Rosetta Stone
2010-10-02 21:04 . 2010-10-02 21:04 -------- d-----w- c:\programdata\2DBoy
2010-10-02 19:32 . 2010-10-02 19:32 -------- dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-10-02 19:32 . 2010-10-02 19:32 -------- d-----w- c:\program files\Stardock
2010-09-29 10:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 07:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 07:29 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-26 23:18 . 2010-10-12 01:58 -------- d-----w- c:\users\ENDZYM3\.dvdcss
2010-09-26 23:14 . 2010-09-26 23:14 -------- d-----w- c:\program files\PS3 Media Server
2010-09-26 23:12 . 2010-10-17 14:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-09-26 23:11 . 2010-10-17 14:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-09-26 23:07 . 2010-10-17 14:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-09-26 23:07 . 2010-09-26 23:07 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-26 23:03 . 2010-09-26 23:04 -------- d-----w- c:\users\ENDZYM3\AppData\Local\Microsoft Games
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-09-20 00:52 . 2010-09-20 00:52 -------- d-----w- c:\programdata\Apple Computer
2010-09-18 02:51 . 2010-10-17 00:50 -------- d-----w- c:\users\Guest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-30 136176]
"LxrAutorun"="c:\users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe" [2009-12-18 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\users\ENDZYM3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
evuvk.exe [2010-10-16 148480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2009-08-18 02:46 3730832 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 21:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-06 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63448]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000Core.job
- c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000UA.job
- c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8600D446]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x85203dc0
QueryNameProcedure -> 0x85203f50
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-17 15:59:28
ComboFix-quarantined-files.txt 2010-10-17 22:59

Pre-Run: 59,022,217,216 bytes free
Post-Run: 58,939,572,224 bytes free

- - End Of File - - 03403F961983CFCB64C1944BBF778A11
 
Delete your Combofix file, download fresh one and....

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\evuvk.exe
c:\users\ENDZYM3\AppData\Roaming\7775.bat


Folder::
c:\users\ENDZYM3\AppData\Roaming\Acgi
c:\users\ENDZYM3\AppData\Roaming\Wyyr
c:\users\ENDZYM3\AppData\Roaming\Zoni


Driver::
Akamai


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix.txt

ComboFix 10-10-17.01 - ENDZYM3 10/17/2010 16:40:10.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.2210 [GMT -7:00]
Running from: c:\users\ENDZYM3\Desktop\ComboFix.exe
Command switches used :: c:\users\ENDZYM3\Desktop\CFScript.txt

FILE ::
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\evuvk.exe"
"c:\users\ENDZYM3\AppData\Roaming\7775.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\evuvk.exe
c:\users\ENDZYM3\AppData\Roaming\7775.bat
c:\users\ENDZYM3\AppData\Roaming\Acgi
c:\users\ENDZYM3\AppData\Roaming\Wyyr
c:\users\ENDZYM3\AppData\Roaming\Zoni
c:\users\ENDZYM3\AppData\Roaming\Zoni\roeq.pii

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Akamai


((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 23:55 . 2010-10-17 23:57 -------- d-----w- c:\users\ENDZYM3\AppData\Local\temp
2010-10-17 15:11 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-17 15:11 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-17 15:11 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-17 15:11 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-17 15:11 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-17 15:10 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-17 15:10 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-17 15:10 . 2010-10-17 15:10 -------- d-----w- c:\program files\Alwil Software
2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Malwarebytes
2010-10-17 14:34 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\programdata\Malwarebytes
2010-10-17 14:34 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 02:52 . 2010-10-17 14:33 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-17 02:27 . 2010-10-17 14:50 -------- d-----w- c:\programdata\Update
2010-10-16 23:57 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FAC1885-57A4-463C-9E81-13086C8182C4}\mpengine.dll
2010-10-16 23:22 . 2010-10-16 23:22 70144 ----a-w- c:\windows\system32\wdmaudr.dll
2010-10-16 06:06 . 2010-10-16 06:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-16 06:05 . 2010-10-16 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-16 06:05 . 2010-10-16 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-10-14 05:21 . 2010-10-14 05:21 -------- d-----w- c:\program files\Winamp Detect
2010-10-14 02:38 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-10-14 02:38 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
2010-10-14 02:38 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-10-14 02:38 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-10-14 02:38 . 1998-09-02 08:02 109840 ----a-w- c:\program files\Windows Media Player\mplayer2.exe
2010-10-14 02:38 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
2010-10-14 02:37 . 2010-10-14 02:39 -------- d-----w- C:\TELL ME MORE NV
2010-10-13 23:37 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 23:36 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 23:14 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 23:13 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 23:13 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 23:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:12 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 23:12 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:11 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:11 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 23:11 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 23:11 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 23:11 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 23:10 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:10 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-12 02:36 . 2010-10-12 02:36 -------- d-----w- c:\program files\Rosetta Stone
2010-10-08 22:23 . 2004-01-12 07:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-07 18:33 . 2010-10-12 02:34 -------- d-----w- c:\programdata\FLEXnet
2010-10-07 18:32 . 2010-10-12 04:11 -------- d-----w- c:\programdata\Rosetta Stone
2010-10-02 21:04 . 2010-10-02 21:04 -------- d-----w- c:\programdata\2DBoy
2010-10-02 19:32 . 2010-10-02 19:32 -------- dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-10-02 19:32 . 2010-10-02 19:32 -------- d-----w- c:\program files\Stardock
2010-09-29 10:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 07:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 07:29 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-26 23:18 . 2010-10-12 01:58 -------- d-----w- c:\users\ENDZYM3\.dvdcss
2010-09-26 23:14 . 2010-09-26 23:14 -------- d-----w- c:\program files\PS3 Media Server
2010-09-26 23:12 . 2010-10-17 14:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-09-26 23:11 . 2010-10-17 14:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-09-26 23:07 . 2010-10-17 14:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-09-26 23:07 . 2010-09-26 23:07 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-26 23:03 . 2010-09-26 23:04 -------- d-----w- c:\users\ENDZYM3\AppData\Local\Microsoft Games
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-09-20 00:52 . 2010-09-20 00:52 -------- d-----w- c:\programdata\Apple Computer
2010-09-18 02:51 . 2010-10-17 00:50 -------- d-----w- c:\users\Guest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-30 136176]
"LxrAutorun"="c:\users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe" [2009-12-18 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\users\ENDZYM3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2009-08-18 02:46 3730832 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 21:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-06 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63448]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000Core.job
- c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000UA.job
- c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86009446]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x85203dc0
QueryNameProcedure -> 0x85203f50
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\LxrSII1s.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Mouse Driver\MouseDrv.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-10-17 17:03:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-18 00:03
ComboFix2.txt 2010-10-17 22:59

Pre-Run: 58,938,519,552 bytes free
Post-Run: 58,549,137,408 bytes free

- - End Of File - - F66B918D1F719422D3B586489EC38171
 
I'm still not fully satisfied....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Okay, but I'm going out of town right now.
I'll be out for almost a week, and won't have any internet access.
I'll try and do this now, but I won't be able to reply for a while.

But I am very happy that you helped me this far.
I can't stress that very enough.

I did everything within my own power to fix this, and it looks like it's nearly done.
Thank you, thank you, thank you.
:)
 
Ahh, it looks like fortune smiles upon me!
Got internet (for now).
Here were the results.

TDSSKiller.2.4.4.0_17.10.2010_19.53.19_log

2010/10/17 19:53:19.0222 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/17 19:53:19.0222 ================================================================================
2010/10/17 19:53:19.0222 SystemInfo:
2010/10/17 19:53:19.0222
2010/10/17 19:53:19.0222 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/17 19:53:19.0222 Product type: Workstation
2010/10/17 19:53:19.0222 ComputerName: ENDZYM3-PC
2010/10/17 19:53:19.0222 UserName: ENDZYM3
2010/10/17 19:53:19.0222 Windows directory: C:\Windows
2010/10/17 19:53:19.0222 System windows directory: C:\Windows
2010/10/17 19:53:19.0222 Processor architecture: Intel x86
2010/10/17 19:53:19.0222 Number of processors: 1
2010/10/17 19:53:19.0222 Page size: 0x1000
2010/10/17 19:53:19.0222 Boot type: Normal boot
2010/10/17 19:53:19.0222 ================================================================================
2010/10/17 19:53:19.0487 Initialize success
2010/10/17 19:53:23.0871 ================================================================================
2010/10/17 19:53:23.0871 Scan started
2010/10/17 19:53:23.0871 Mode: Manual;
2010/10/17 19:53:23.0871 ================================================================================
2010/10/17 19:53:24.0822 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/17 19:53:25.0041 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/10/17 19:53:25.0321 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/17 19:53:25.0446 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/17 19:53:25.0524 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/10/17 19:53:25.0665 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/10/17 19:53:25.0758 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/10/17 19:53:25.0867 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/10/17 19:53:26.0008 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/10/17 19:53:26.0164 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/10/17 19:53:26.0226 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/17 19:53:26.0304 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/17 19:53:26.0445 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2010/10/17 19:53:26.0788 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/17 19:53:27.0240 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/10/17 19:53:27.0396 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/17 19:53:27.0490 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/17 19:53:27.0942 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/17 19:53:28.0207 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/17 19:53:28.0301 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/10/17 19:53:28.0473 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/17 19:53:28.0660 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/10/17 19:53:28.0769 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/17 19:53:28.0863 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/17 19:53:28.0956 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/17 19:53:29.0128 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/10/17 19:53:29.0315 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/10/17 19:53:29.0393 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/10/17 19:53:29.0471 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/10/17 19:53:29.0658 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/17 19:53:29.0814 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/10/17 19:53:29.0877 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/10/17 19:53:30.0095 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/10/17 19:53:30.0173 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/10/17 19:53:30.0329 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/10/17 19:53:30.0469 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/10/17 19:53:30.0516 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/17 19:53:30.0641 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/17 19:53:30.0750 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/10/17 19:53:30.0844 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/17 19:53:31.0015 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/10/17 19:53:31.0109 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/17 19:53:31.0203 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/17 19:53:31.0327 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/17 19:53:31.0390 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/10/17 19:53:31.0468 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/10/17 19:53:31.0561 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/17 19:53:31.0702 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/17 19:53:31.0811 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/17 19:53:31.0951 L1C (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys
2010/10/17 19:53:32.0061 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/17 19:53:32.0139 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/10/17 19:53:32.0263 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2010/10/17 19:53:32.0404 LxrSII1d (59045011f52b81cd411419b558dd50ff) C:\Windows\System32\Drivers\LxrSII1d.sys
2010/10/17 19:53:32.0529 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/10/17 19:53:32.0607 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/17 19:53:32.0685 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/17 19:53:32.0841 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/10/17 19:53:32.0934 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/17 19:53:32.0997 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/10/17 19:53:33.0090 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/17 19:53:33.0153 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/17 19:53:33.0215 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/17 19:53:33.0309 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/17 19:53:33.0418 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/10/17 19:53:33.0511 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/17 19:53:33.0621 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/17 19:53:33.0730 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/17 19:53:33.0792 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/17 19:53:33.0839 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/10/17 19:53:33.0901 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/10/17 19:53:34.0011 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/17 19:53:34.0057 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/10/17 19:53:34.0182 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/10/17 19:53:34.0260 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/17 19:53:34.0401 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/10/17 19:53:34.0479 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/17 19:53:34.0541 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/17 19:53:34.0588 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/17 19:53:34.0635 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/17 19:53:34.0697 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/10/17 19:53:34.0806 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/17 19:53:34.0915 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/17 19:53:35.0118 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/10/17 19:53:35.0243 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/17 19:53:35.0352 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/10/17 19:53:35.0415 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/10/17 19:53:35.0680 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/10/17 19:53:35.0836 pbfilter (4dfe4cef1aeec1025380d7ebf40e8e2b) C:\Program Files\PeerBlock\pbfilter.sys
2010/10/17 19:53:35.0961 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/10/17 19:53:36.0070 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/10/17 19:53:36.0179 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/10/17 19:53:36.0382 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/17 19:53:36.0491 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/17 19:53:36.0631 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/17 19:53:36.0756 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/17 19:53:36.0819 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/17 19:53:36.0881 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/17 19:53:36.0959 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/17 19:53:37.0037 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/17 19:53:37.0099 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/17 19:53:37.0209 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/17 19:53:37.0318 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/17 19:53:37.0396 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/17 19:53:37.0474 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/10/17 19:53:37.0599 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/17 19:53:37.0692 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/17 19:53:37.0801 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/10/17 19:53:37.0911 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/10/17 19:53:38.0082 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/17 19:53:38.0191 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/17 19:53:38.0301 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/17 19:53:38.0503 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/10/17 19:53:38.0659 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/10/17 19:53:38.0831 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/10/17 19:53:38.0971 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/10/17 19:53:39.0049 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/17 19:53:39.0127 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/17 19:53:39.0283 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/17 19:53:39.0377 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/17 19:53:39.0736 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/10/17 19:53:39.0907 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/17 19:53:39.0985 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/17 19:53:40.0048 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/10/17 19:53:40.0110 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/10/17 19:53:40.0219 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/17 19:53:40.0313 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/17 19:53:40.0485 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/17 19:53:40.0563 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/17 19:53:40.0703 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/17 19:53:40.0812 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/17 19:53:40.0890 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/17 19:53:40.0953 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/17 19:53:41.0015 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/17 19:53:41.0140 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/17 19:53:41.0249 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/10/17 19:53:41.0358 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/17 19:53:41.0467 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/10/17 19:53:41.0639 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/17 19:53:41.0795 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/10/17 19:53:41.0935 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/10/17 19:53:42.0013 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/10/17 19:53:42.0123 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/17 19:53:42.0216 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/17 19:53:42.0388 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/17 19:53:42.0559 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/17 19:53:42.0622 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/10/17 19:53:42.0793 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/17 19:53:42.0949 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/17 19:53:43.0059 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/10/17 19:53:43.0137 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/17 19:53:43.0324 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/17 19:53:43.0324 ================================================================================
2010/10/17 19:53:43.0324 Scan finished
2010/10/17 19:53:43.0324 ================================================================================
2010/10/17 19:53:43.0355 Detected object count: 1
2010/10/17 19:54:01.0342 \HardDisk0\MBR - will be cured after reboot
2010/10/17 19:54:01.0342 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/17 19:54:07.0956 Deinitialize success
 
ComboFix.txt [2]

ComboFix 10-10-18.01 - ENDZYM3 10/18/2010 17:12:03.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1887 [GMT -7:00]
Running from: c:\users\ENDZYM3\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
.

2010-10-19 00:25 . 2010-10-19 00:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-19 00:25 . 2010-10-19 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-17 23:55 . 2010-10-19 00:25 -------- d-----w- c:\users\ENDZYM3\AppData\Local\temp
2010-10-17 15:11 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-17 15:11 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-17 15:11 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-17 15:11 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-17 15:11 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-17 15:10 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-17 15:10 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-17 15:10 . 2010-10-17 15:10 -------- d-----w- c:\program files\Alwil Software
2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Malwarebytes
2010-10-17 14:34 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\programdata\Malwarebytes
2010-10-17 14:34 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 02:52 . 2010-10-17 14:33 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-17 02:27 . 2010-10-17 14:50 -------- d-----w- c:\programdata\Update
2010-10-17 02:27 . 2010-10-17 02:28 -------- d-----w- c:\users\Guest\AppData\Roaming\Xefya
2010-10-16 23:57 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FAC1885-57A4-463C-9E81-13086C8182C4}\mpengine.dll
2010-10-16 23:22 . 2010-10-16 23:22 70144 ----a-w- c:\windows\system32\wdmaudr.dll
2010-10-16 06:06 . 2010-10-16 06:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-16 06:05 . 2010-10-16 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-16 06:05 . 2010-10-16 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-10-14 05:21 . 2010-10-14 05:21 -------- d-----w- c:\program files\Winamp Detect
2010-10-14 02:38 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-10-14 02:38 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
2010-10-14 02:38 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-10-14 02:38 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-10-14 02:38 . 1998-09-02 08:02 109840 ----a-w- c:\program files\Windows Media Player\mplayer2.exe
2010-10-14 02:38 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
2010-10-13 23:37 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 23:36 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 23:14 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 23:13 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 23:13 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 23:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:12 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 23:12 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:11 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:11 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 23:11 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 23:11 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 23:11 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 23:10 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:10 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-12 02:36 . 2010-10-12 02:36 -------- d-----w- c:\program files\Rosetta Stone
2010-10-08 22:23 . 2004-01-12 07:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-07 18:33 . 2010-10-12 02:34 -------- d-----w- c:\programdata\FLEXnet
2010-10-07 18:32 . 2010-10-12 04:11 -------- d-----w- c:\programdata\Rosetta Stone
2010-10-02 21:04 . 2010-10-02 21:04 -------- d-----w- c:\programdata\2DBoy
2010-10-02 19:32 . 2010-10-02 19:32 -------- dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-10-02 19:32 . 2010-10-02 19:32 -------- d-----w- c:\program files\Stardock
2010-09-29 10:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 07:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 07:29 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-26 23:18 . 2010-10-12 01:58 -------- d-----w- c:\users\ENDZYM3\.dvdcss
2010-09-26 23:14 . 2010-09-26 23:14 -------- d-----w- c:\program files\PS3 Media Server
2010-09-26 23:12 . 2010-10-17 14:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-09-26 23:11 . 2010-10-17 14:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-09-26 23:07 . 2010-10-17 14:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-09-26 23:07 . 2010-09-26 23:07 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-26 23:03 . 2010-09-26 23:04 -------- d-----w- c:\users\ENDZYM3\AppData\Local\Microsoft Games
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-09-20 00:52 . 2010-09-20 00:52 -------- d-----w- c:\programdata\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-30 136176]
"LxrAutorun"="c:\users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe" [2009-12-18 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2009-08-18 02:46 3730832 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 21:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-06 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63448]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000Core.job
- c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000UA.job
- c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-18 17:29:50
ComboFix-quarantined-files.txt 2010-10-19 00:29
ComboFix2.txt 2010-10-17 22:59

Pre-Run: 83,961,966,592 bytes free
Post-Run: 83,680,489,472 bytes free

- - End Of File - - 01B112CC36B12932410D7D29FE7502DC
 
Now, it looks good.
I'm happy :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
It's doing great, it would seem!
I haven't noticed anything buggy, aside from DAEMONtools needing a fresh install, but I'm sure that was part of the cleaning process.

/starts on OTL
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back