Infected IE

  1. 02-11-2010  #1
    Weebs
    Weebs is offline Junior Member

    Infected IE

    Hi,

    I consider myself pretty computer literate but I ran into a problem recently I'm not sure how to solve. It became pretty clear I had malware on my computer when IE would only half open before it would freeze. The window pops up and a few boxes where buttons would normally appear are shown but other then that it is just a white screen. I would have to force quit on IE and try to reopen it. I would go through this process maybe 5-10 times and then it would open as normal and work fine except for the occasional pop up. So I ran Ad-Aware on it and quarantined the infections. When I restarted my computer about 80% of my desktop icons wouldn't work. If you double click them the computer thinks for a moment and nothing happens. This is the case for almost all the .exe files on the computer. Nothing appeared in my system tray. So I restored my computer to a previous point in the day and it would work fine except for the IE problem. I then used AVG, TFC and Antimalware to clean up the infected files with no similar problem to Ad-Aware however IE still doesnt work consistently. I tried installing IE 9 beta but got the same problem. I installed Google Chrome to see if another browser was the trick but that is even worse then IE, it never loads up just sits there thinking until I close it. Like I said every once in a while when I open IE instead of freezing it will open as normal. I also downloaded firefox which has given me the best results so far and was the only way I could get to D-A-L. Every now and then a pop up will occur but that portion is fairly limited and its only one or two instead of like 30. However, IE still doesnt work, no restore point will fix it and anytime I try and use Ad-Aware my .exe files get all messed up. Now no anti-virus program I use can find anything but clearly something is still wrong. Any help I could get would be greatly appreciated.

    Thanks
  2. 02-11-2010  #2
    Weebs
    Weebs is offline Junior Member
    Malwarebytes' Anti-Malware 1.46
    Malwarebytes

    Database version: 5009

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/1/2010 9:35:14 PM
    mbam-log-2010-11-01 (21-35-14).txt

    Scan type: Quick scan
    Objects scanned: 143362
    Time elapsed: 1 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover
    Rootkit scan 2010-11-01 21:50:00
    Windows 6.1.7600
    Running: jf6lwtd3.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0xCE 0x11 0x26 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\Common Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1D 0x7C 0x8E 0x5E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0x1E 0xEA 0x3A ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0xCE 0x11 0x26 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\Common Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1D 0x7C 0x8E 0x5E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0x1E 0xEA 0x3A ...

    ---- EOF - GMER 1.0.15 ----


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 165):
    0x02C53000 \SystemRoot\system32\ntoskrnl.exe
    0x02C0A000 \SystemRoot\system32\hal.dll
    0x00B9E000 \SystemRoot\system32\kdcom.dll
    0x00C3B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C7F000 \SystemRoot\system32\PSHED.dll
    0x00C93000 \SystemRoot\system32\CLFS.SYS
    0x00CF1000 \SystemRoot\system32\CI.dll
    0x00EAA000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F4E000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01047000 \SystemRoot\System32\Drivers\sphz.sys
    0x0116D000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x01176000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x011A5000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x01000000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x0100A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F5D000 \SystemRoot\system32\DRIVERS\pci.sys
    0x01017000 \SystemRoot\System32\drivers\partmgr.sys
    0x0102C000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F90000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FEC000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E2A000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00E33000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00E5D000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00DB1000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00E68000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01249000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0142E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x0148C000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x014A6000 \SystemRoot\System32\Drivers\cng.sys
    0x01519000 \SystemRoot\System32\drivers\pcw.sys
    0x0152A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0162F000 \SystemRoot\system32\drivers\ndis.sys
    0x01721000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01781000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x017AC000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01534000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017F6000 \SystemRoot\System32\Drivers\spldr.sys
    0x01580000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01600000 \SystemRoot\System32\Drivers\mup.sys
    0x01612000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x015BA000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x0161B000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
    0x01625000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
    0x00E7C000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x00FF3000 \SystemRoot\System32\Drivers\Null.SYS
    0x00C00000 \SystemRoot\System32\Drivers\Beep.SYS
    0x00C07000 \SystemRoot\System32\drivers\vga.sys
    0x00C15000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02CA2000 \SystemRoot\System32\drivers\watchdog.sys
    0x02CB2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02CBB000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02CC4000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02CCD000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02CD8000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02CE9000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02D07000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02D14000 \SystemRoot\system32\DRIVERS\avgtdia.sys
    0x02D75000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02C00000 \SystemRoot\system32\drivers\afd.sys
    0x02C8A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02DBA000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02DE0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x04049000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x04064000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x04078000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x040C9000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x040D5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x040E0000 \SystemRoot\System32\drivers\discache.sys
    0x040EF000 \SystemRoot\System32\Drivers\dfsc.sys
    0x0410D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x0416D000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04193000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x042A2000 \SystemRoot\system32\drivers\ctaud2k.sys
    0x0434B000 \SystemRoot\system32\drivers\portcls.sys
    0x04388000 \SystemRoot\system32\drivers\drmk.sys
    0x043AA000 \SystemRoot\system32\drivers\ks.sys
    0x04200000 \SystemRoot\system32\drivers\ctoss2k.sys
    0x04231000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0x04239000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0FE0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10AA0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x10AA2000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x10B96000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x10BDC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x0423F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x10BE9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x041A9000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x0FE00000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x04295000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x04000000 \SystemRoot\System32\Drivers\ahb0f82x.SYS
    0x043ED000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x041DB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x0448E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x044A4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x044C8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x044D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04503000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0451E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0453F000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04559000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04568000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04577000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04579000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x0458B000 \SystemRoot\system32\drivers\WmBEnum.sys
    0x0458F000 \SystemRoot\system32\drivers\WmXlCore.sys
    0x0459C000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04A4B000 \SystemRoot\system32\drivers\ha20x22k.sys
    0x04A00000 \SystemRoot\system32\drivers\emupia2k.sys
    0x045AE000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0x04BD8000 \SystemRoot\System32\drivers\CTHWIUT.SYS
    0x04400000 \SystemRoot\System32\drivers\CT20XUT.SYS
    0x04E07000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
    0x04F6B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04FC5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04FDA000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04FE8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x04FF4000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x0443D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00060000 \SystemRoot\System32\win32k.sys
    0x04BF4000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04450000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04FFD000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0446D000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x045E6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x0447B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x041EB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x02DEF000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x02C93000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00590000 \SystemRoot\System32\TSDDD.dll
    0x00660000 \SystemRoot\System32\cdd.dll
    0x008A0000 \SystemRoot\System32\ATMFD.DLL
    0x07440000 \SystemRoot\system32\drivers\luafv.sys
    0x07463000 \SystemRoot\system32\drivers\WudfPf.sys
    0x07484000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x07499000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x074B1000 \SystemRoot\system32\drivers\HTTP.sys
    0x07579000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07597000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x075AF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x07C99000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07CE7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07D0A000 \SystemRoot\System32\Drivers\adfs.SYS
    0x07D22000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0x07D2E000 \??\C:\Windows\system32\drivers\cpuz132_x64.sys
    0x07D36000 \SystemRoot\system32\drivers\peauth.sys
    0x07DDC000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07C00000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07C2D000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07C3F000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0x082B7000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0831E000 \SystemRoot\System32\DRIVERS\srv.sys
    0x08271000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x0827C000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x083B4000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x083D7000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x083E0000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x083EA000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x77AB0000 \Windows\System32\ntdll.dll
    0x48270000 \Windows\System32\smss.exe
    0xFFDD0000 \Windows\System32\apisetschema.dll

    Processes (total 58):
    0 System Idle Process
    4 System
    324 C:\Windows\System32\smss.exe
    652 csrss.exe
    760 C:\Windows\System32\wininit.exe
    780 csrss.exe
    828 C:\Windows\System32\services.exe
    852 C:\Windows\System32\lsass.exe
    860 C:\Windows\System32\lsm.exe
    972 C:\Windows\System32\svchost.exe
    140 C:\Windows\System32\nvvsvc.exe
    600 C:\Windows\System32\svchost.exe
    656 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\winlogon.exe
    776 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1264 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1300 C:\Windows\System32\svchost.exe
    1400 C:\Windows\System32\svchost.exe
    1456 C:\Windows\System32\nvvsvc.exe
    1584 C:\Windows\System32\spoolsv.exe
    1636 C:\Windows\System32\svchost.exe
    1732 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1780 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1808 C:\Windows\System32\svchost.exe
    1892 C:\Windows\SysWOW64\PnkBstrA.exe
    1980 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2020 C:\Windows\System32\svchost.exe
    1824 C:\Windows\System32\taskhost.exe
    2480 C:\Windows\System32\dwm.exe
    2780 C:\Windows\explorer.exe
    2848 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    2916 C:\Program Files (x86)\uTorrent\uTorrent.exe
    3100 D:\Steam\Steam.exe
    3164 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    3220 C:\Program Files (x86)\Common Files\DAEMON Tools Lite\DTLite.exe
    3240 C:\Program Files (x86)\AIM\aim.exe
    3400 C:\Creative\Volume Panel\VolPanlu.exe
    3456 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3464 C:\Windows\SysWOW64\Ctxfihlp.exe
    3584 C:\Windows\SysWOW64\CTxfispi.exe
    3252 C:\Windows\System32\svchost.exe
    3828 C:\Program Files\iPod\bin\iPodService.exe
    4112 C:\Windows\System32\SearchIndexer.exe
    4324 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4376 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    4768 C:\Windows\System32\svchost.exe
    2756 C:\Windows\System32\svchost.exe
    492 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2396 C:\Windows\System32\taskmgr.exe
    2228 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    5788 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    3840 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2160 C:\Windows\System32\SearchProtocolHost.exe
    688 C:\Windows\System32\SearchFilterHost.exe
    5460 C:\Users\Andrew\Downloads\MBRCheck.exe
    4884 C:\Windows\System32\conhost.exe
    3444 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00010000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: OCZ-VERTEX1275, Rev: 00.P97
    PhysicalDrive1 Model Number: WDCWD6401AALS-00L3B2, Rev: 01.03B01

    Size Device Name MBR Status
    --------------------------------------------
    59 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966
    596 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:
  3. 02-11-2010  #3
    Weebs
    Weebs is offline Junior Member
    DDS (Ver_10-11-01.01) - NTFS_AMD64
    Run by Andrew at 17:34:02.76 on Mon 11/01/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4098 [GMT -4:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    D:\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Common Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\AIM\aim.exe
    C:\Creative\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Andrew\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Bar = Preserve
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [Steam] "d:\steam\steam.exe" -silent
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\Common Files\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
    mRun: [VolPanel] "C:\Creative\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtN ElKTUg"&"inst=NzctNDg1Mzk1MjIyLUIy"&"prod=90"&"ver =10.0.1152
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Pr ofiles\43m9xof3.default\
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.d ll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Stream Software\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Stream Software\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\Stream Software\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: C:\Users\Andrew\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-11-1 121936]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswF sBlk.sys [2010-11-1 20048]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\as wMonFlt.sys [2010-11-1 61008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-1 40384]
    R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz13 2_x64.sys [2010-3-23 19432]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
    R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-1 40384]
    R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-1 40384]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\driver s\CT20XUT.sys [2009-7-14 230424]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\driv ers\CTEXFIFX.sys [2009-7-14 1445912]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\driver s\CTHWIUT.sys [2009-7-14 95256]
    R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2009-7-14 1613336]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-27 136176]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-23 79360]
    S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XU T.sys [2009-7-14 230424]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEX FIFX.sys [2009-7-14 1445912]
    S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIU T.sys [2009-7-14 95256]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2009-11-8 25832]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-17 1038088]
    S3 RivaTuner64;RivaTuner64;D:\PC Tools\Riva Tuner\RivaTuner v2.24\RivaTuner64.sys [2009-8-22 19952]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-28 1255736]

    =============== Created Last 30 ================

    2010-11-01 21:14:03 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2010-11-01 21:13:51 38848 ----a-w- C:\Windows\avastSS.scr
    2010-11-01 03:20:42 388096 ----a-r- C:\Users\Andrew\AppData\Roaming\Microsoft\Installe r\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-11-01 03:20:42 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2010-11-01 03:01:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2010-11-01 03:01:27 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2010-11-01 02:37:06 -------- d-----w- C:\Users\Andrew\AppData\Local\Mozilla
    2010-10-31 23:12:11 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2010-10-31 23:12:11 206848 ----a-w- C:\Windows\System32\mfps.dll
    2010-10-31 23:12:10 4068864 ----a-w- C:\Windows\System32\mf.dll
    2010-10-31 23:12:10 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
    2010-10-31 23:12:10 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2010-10-31 23:12:10 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2010-10-31 23:12:10 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2010-10-31 20:23:13 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes
    2010-10-31 20:22:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-10-31 20:22:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-10-31 20:22:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-10-31 20:22:51 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-10-31 19:42:26 -------- d-----w- C:\Users\Andrew\AppData\Roaming\AVG10
    2010-10-31 19:41:56 -------- d--h--w- C:\PROGRA~3\Common Files
    2010-10-31 19:41:12 -------- d-----w- C:\PROGRA~3\AVG10
    2010-10-31 18:50:16 -------- d-----w- C:\PROGRA~3\MFAData
    2010-10-31 18:40:24 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{BF08141D-27FF-4832-B0ED-2775C6F9B4B8}\mpengine.dll
    2010-10-30 23:44:31 -------- d-----w- C:\Users\Andrew\AppData\Local\Sunbelt Software
    2010-10-26 21:14:10 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-26 21:14:10 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-26 21:14:10 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-26 21:14:10 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-26 21:14:10 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-26 21:14:10 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-26 21:14:10 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-26 21:14:06 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-10-25 00:23:33 -------- d-----w- C:\Program Files\iPod
    2010-10-25 00:23:32 -------- d-----w- C:\Program Files\iTunes
    2010-10-25 00:23:32 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-10-25 00:23:32 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2010-10-25 00:23:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2010-10-25 00:23:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2010-10-25 00:23:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2010-10-25 00:23:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2010-10-25 00:23:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2010-10-25 00:23:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2010-10-25 00:23:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2010-10-25 00:22:25 -------- d-----w- C:\Program Files\Bonjour
    2010-10-25 00:22:25 -------- d-----w- C:\Program Files (x86)\Bonjour
    2010-10-13 21:10:01 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-10-13 21:10:01 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-10-13 21:10:00 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2010-10-13 21:10:00 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    2010-10-13 21:10:00 2085376 ----a-w- C:\Windows\System32\ole32.dll
    2010-10-13 21:10:00 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

    ==================== Find3M ====================

    2010-10-31 20:27:34 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2010-10-31 20:27:34 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-02 14:03:18 468480 ----a-w- C:\Windows\System32\deployJava1.dll
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-08-16 06:50:45 1137664 ----a-w- C:\Windows\System32\FntCache.dll
    2010-08-16 06:50:43 1543168 ----a-w- C:\Windows\System32\DWrite.dll
    2010-08-16 06:50:42 899072 ----a-w- C:\Windows\System32\d2d1.dll
    2010-08-16 06:50:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2010-08-16 06:50:42 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll
    2010-08-16 06:14:36 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2010-08-16 06:14:24 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2010-08-16 06:14:24 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2010-08-16 06:14:24 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

    ============= FINISH: 17:34:23.58 ===============
  4. 02-11-2010  #4
    Weebs
    Weebs is offline Junior Member
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-01.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/26/2009 9:08:59 PM
    System Uptime: 11/1/2010 5:07:05 PM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P6T6 WS REVOLUTION
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/165mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 60 GiB total, 19.941 GiB free.
    D: is FIXED (NTFS) - 596 GiB total, 394.329 GiB free.
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: RAID Controller
    Device ID: PCI\VEN_11AB&DEV_6440&SUBSYS_82E41043&REV_02\4&287 14A0B&0&00E4
    Manufacturer:
    Name: RAID Controller
    PNP Device ID: PCI\VEN_11AB&DEV_6440&SUBSYS_82E41043&REV_02\4&287 14A0B&0&00E4
    Service:

    ==== System Restore Points ===================

    RP244: 10/31/2010 10:34:18 PM - Windows Modules Installer
    RP245: 10/31/2010 11:20:38 PM - Installed HiJackThis
    RP246: 11/1/2010 5:10:23 PM - Removed AVG 2011
    RP247: 11/1/2010 5:11:13 PM - Removed AVG 2011
    RP248: 11/1/2010 5:13:45 PM - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.3.2
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AIM 7
    Alien Swarm
    Apple Application Support
    Apple Software Update
    Audiosurf
    avast! Free Antivirus
    Battlefield: Bad Company 2
    Blood Bowl: Dark Elves Edition
    Connect
    Creative Audio Control Panel
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    Creative System Information
    DAEMON Tools Toolbar
    DEFCON
    Dolby Digital Live Pack
    Dragon Age: Origins
    Driver Sweeper 2.1.0
    DTS Connect Pack
    Eufloria
    Evil Genius
    Feedback Tool
    Football Manager 2010
    Fraps
    Full Tilt Poker
    Google Earth Plug-in
    Google Update Helper
    GRE Connect
    Guild Wars
    Guild Wars: Trilogy
    HiJackThis
    King Arthur - The Role-playing Wargame
    kuler
    Logitech Harmony Remote Software 7
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X Service Pack 1
    Microsoft Flight Simulator X Service Pack 2
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mount&Blade: Warband
    Move Media Player
    Mozilla Firefox (3.6.12)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Napoleon: Total War
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    Operation Flashpoint: Dragon Rising
    Osmos
    PDF Settings CS4
    Photoshop Camera Raw
    PunkBuster Services
    QuickTime
    Remote Control USB Driver
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sid Meier's Civilization V
    SimCity 4 Deluxe
    SopCast 3.2.4
    Sound Blaster X-Fi
    SQLiteManager
    StarCraft II
    Steam
    StreamTorrent 1.0
    Suite Shared Configuration CS4
    System Requirements Lab
    System Requirements Lab for Intel
    Team Fortress 2
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Uplink
    Veetle TV 0.9.16
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.0.5
    Warhammer 40,000: Dawn of War II
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
  5. 02-11-2010  #5
    Weebs
    Weebs is offline Junior Member
    Another interesting note, I cannot post the ===Event Viewer Messages From Past Week=== log from my Attack.txt file. Everytime I copy and past it into the reply field IE and Firefox both say they cannot display the webpage.
  6. 02-11-2010  #6
    Weebs
    Weebs is offline Junior Member
    ==== Event Viewer Messages From Past Week ========

    10/31/2010 9:38:50 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    10/31/2010 9:29:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
    10/31/2010 9:29:42 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/31/2010 9:29:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Stereoscopic 3D Driver Service service to connect.
    10/31/2010 9:29:27 PM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/31/2010 9:29:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PnkBstrA service to connect.
    10/31/2010 9:29:12 PM, Error: Service Control Manager [7000] - The PnkBstrA service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/31/2010 9:28:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
    10/31/2010 9:28:57 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/31/2010 9:28:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.
    10/31/2010 9:28:42 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
  7. 02-11-2010  #7
    Weebs
    Weebs is offline Junior Member
    10/31/2010 9:28:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    10/31/2010 9:28:27 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/31/2010 9:28:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
    10/31/2010 9:28:11 PM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/31/2010 9:27:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Creative Audio Service service to connect.
    10/31/2010 9:27:56 PM, Error: Service Control Manager [7000] - The Creative Audio Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/31/2010 7:50:47 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/31/2010 5:43:56 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/31/2010 5:42:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    10/31/2010 4:26:39 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    10/31/2010 4:16:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
    10/31/2010 4:16:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ca37e7, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
  8. 02-11-2010  #8
    Weebs
    Weebs is offline Junior Member
    10/31/2010 4:13:07 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
  9. 02-11-2010  #9
    Weebs
    Weebs is offline Junior Member
    Im not sure but its one line from the Attach.txt log that seems to be bugging IE and Firefox out. Its the next line of text after the one I previously posted. When I paste it into the post and try and click submit I am brought to a connection error page in both Firefox and IE.
    Last edited by Weebs; 02-11-2010 at 11:18 PM.
  10. 02-11-2010  #10
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.

    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.

    Once rebooted, run MBRCheck again and post its log.
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
« Teatimer corrupt file / Windows 7 | Previously cleaned PC won't boot »