Completed steps, here are my logs..what's next?
-
Completed steps, here are my logs..what's next?
1. MBR
----------------------------------------------------------------------------------
3ÀŽÐ¼ |ûŽÀŽØ‹ô¿ �¹ �üó¤ê`� RecoveryMgr èL#
W ÿÿÿÿÿÿÿÿ†L½¾0�¬´�3ÛÍ�
Àuõã�þ���SSèm ë6¸�_fºQPH_Í�€ã�t ë$‹�l�úf¡��¿T�±�òf¯ût
¡= ƒø$væ°�„Àu�»Æ}f‹7f‹>,�f;÷t�€Ã�sîë�»(�ë�»Â}€ü x�€Ã�sõëþfÿw�è� ÿäÈ� ´�²€Í�ŠÁ$?þÆŠØöæÀé�†ÍA‘÷á9V�‹V�‹F�s�÷ñ‘’öó†ÍÀá��ÌA Šð¸��» |†&��ë�ƒÄ���RP�h |j�j�‹ô¸ B²€Í�ÉÂ� �PS��»��*��$�ˆG�ä`<àt�<�t�<*t�<6t�<8t�„Ày�fƒ' ë�þ���ˆ�[X�ê �¬$5 € ! �~%� � 8� ~&��þÿÿ @� ¨F# þÿÿ�þÿÿ èL# Àò� þÿÿ�þÿÿ ¨?%°:� Uª
2. aswMBR
----------------------------------------------------------------------------------
aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-15 00:29:33
-----------------------------
00:29:33.333 OS Version: Windows x64 6.1.7600
00:29:33.333 Number of processors: 2 586 0x603
00:29:33.333 ComputerName: OWNER-PC UserName: owner
00:29:36.235 Initialize success
00:29:44.269 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:29:44.269 Disk 0 Vendor: ST9320423AS 0006HPM1 Size: 305245MB BusType: 11
00:29:46.297 Disk 0 MBR read successfully
00:29:46.313 Disk 0 MBR scan
00:29:46.313 Disk 0 unknown MBR code
00:29:46.313 Service scanning
00:29:47.685 Disk 0 trace - called modules:
00:29:47.701 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:29:47.701 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004315060]
00:29:47.717 3 CLASSPNP.SYS[fffff8800194243f] -> nt!IofCallDriver -> [0xfffffa8004310040]
00:29:47.717 5 hpdskflt.sys[fffff880015f3289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004300680]
00:29:47.732 Scan finished successfully
00:30:18.776 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
00:30:18.792 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
3. GMER.log
----------------------------------------------------------------------------------
GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-15 00:55:19
Windows 6.1.7600
Running: download[1].exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\000c43643680
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\000c43643680 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
4a. Attach
-----------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2010 7:37:03 PM
System Uptime: 6/14/2011 11:57:18 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 144E
Processor: AMD Turion(tm) II P520 Dual-Core Processor | Socket S1G4 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 228.218 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2.247 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark X422
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark X422
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP110: 5/4/2011 8:20:13 AM - Windows Update
RP111: 5/6/2011 1:36:27 AM - Windows Update
RP112: 5/10/2011 6:36:31 PM - Windows Update
RP113: 5/12/2011 3:00:12 AM - Windows Update
RP114: 5/13/2011 1:02:01 PM - Windows Update
RP115: 5/16/2011 3:00:14 AM - Windows Update
RP116: 5/17/2011 10:35:04 PM - Windows Update
RP117: 5/20/2011 2:20:51 AM - Windows Update
RP118: 5/24/2011 7:14:30 AM - Windows Update
RP119: 5/24/2011 6:18:28 PM - Windows Update
RP120: 5/25/2011 10:03:41 PM - Windows Update
RP121: 5/27/2011 5:04:44 AM - Windows Update
RP123: 5/27/2011 11:33:53 PM - Windows Defender Checkpoint
RP124: 5/28/2011 3:00:10 AM - Windows Update
RP125: 5/31/2011 6:42:19 PM - Windows Update
RP126: 6/3/2011 9:33:15 AM - Windows Update
RP127: 6/7/2011 11:11:02 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4 MUI
Adobe Shockwave Player
Alcor Micro USB Card Reader
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Bing Bar
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
D3DX10
Digital DJ Pro 1.7.0
DVD Menu Pack for HP MediaSmart Video
DVDVideoSoftTB Toolbar
Energy Star Digital Logo
ESU for Microsoft Windows 7
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.9.35.324
Freeze.com NetAssistant
Graboid Video 2.02
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP Photo Creations
HP Power Plan Utility
HP QuickWeb Installer
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0182
HPAsset component for HP Active Support Library
Hulu Desktop
IDT Audio
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NetAssistant
PC Speed Maximizer v2.2
PhotoNow!
Power2Go
PowerDirector
PriceGong 2.1.0
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Shop to Win 2
Simppull Toolbar (Remove Toolbar Only)
Skype™ 5.0
Spy Sweeper Core
Surf Canyon Search Engine Assistant
The Weather Channel Desktop 6
Uninstall 1.0.0.1
VLC media player 1.0.1
WeatherBug
Webroot AntiVirus with Spy Sweeper
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 1:38:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/9/2011 1:38:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
6/9/2011 1:38:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/9/2011 1:37:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 1:36:44 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/11/2011 10:18:57 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
.
==== End Of File ===========================
4b. DDS
-------------------------------------------------------------------------------------
.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by owner at 0:30:47 on 2011-06-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2529 [GMT -6:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.ex e
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\PC Speed Maximizer\Startw3i.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.ex e
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\FKTZY3CO\aswMBR[1].exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://g.live.com/1rewlive4startup/home
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - C:\Program Files (x86)\Shop to Win 2\ShoppingBHO.dll
BHO: Surf Canyon Search Engine Assistant: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Weather] "C:\Program Files (x86)\AWS\WeatherBug\Weather.exe" 1
uRun: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
uRun: [Startw3i] "C:\Program Files (x86)\PC Speed Maximizer\Startw3i.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SpySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpe rs\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{DEC21DAC-3E2E-4377-8BAF-F34795AE0F88} : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{DEC21DAC-3E2E-4377-8BAF-F34795AE0F88}\1757D6D697245414259313D27657563747 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{DEC21DAC-3E2E-4377-8BAF-F34795AE0F88}\2516D6E61675966496D27657563747 : DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{DEC21DAC-3E2E-4377-8BAF-F34795AE0F88}\25D484C47455543545 : DhcpNameServer = 68.87.77.130
TCP: Interfaces\{DEC21DAC-3E2E-4377-8BAF-F34795AE0F88}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DEC21DAC-3E2E-4377-8BAF-F34795AE0F88}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DEC21DAC-3E2E-4377-8BAF-F34795AE0F88}\7457563747F5143636563737 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{DEC21DAC-3E2E-4377-8BAF-F34795AE0F88}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: PriceGongBHO Class: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Shop to Win 2: {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files (x86)\Shop to Win 2\ShoppingBHO.dll
BHO-X64: Freecause Shopping BHO - No File
BHO-X64: Surf Canyon Search Engine Assistant: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO-X64: IE BHO Utility - No File
BHO-X64: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
BHO-X64: Simppull Toolbar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO-X64: Updater For Simppull Toolbar - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: NetAssistantBHO Class: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
BHO-X64: NetAssistantBHO - No File
BHO-X64: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SpySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs 0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.ex e [2010-7-5 1201640]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atip mdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atik mpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sy s --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftpla ylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftr edirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh .sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssflt r.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VS TAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VS TDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVER S\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileReposi tory\stwrt64.inf_amd64_neutral_471277d5d45019ea\AE STSr64.exe [2010-5-12 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
S4 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExpor tService.exe [2010-3-12 338168]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
S4 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S4 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
.
=============== Created Last 30 ================
.
2011-06-15 05:52:16 -------- d--h--w- C:\Users\owner\AppData\Roaming\Malwarebytes
2011-06-15 05:52:05 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-15 05:52:04 -------- d--h--w- C:\ProgramData\Malwarebytes
2011-06-15 05:52:01 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-15 05:52:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-03 15:33:48 8718160 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DAEF5266-E11F-41D0-9277-D722AD11CD6C}\mpengine.dll
2011-06-01 22:55:11 -------- d--h--w- C:\Program Files\iPod
2011-06-01 22:55:10 -------- d--h--w- C:\Program Files\iTunes
2011-06-01 22:55:10 -------- d--h--w- C:\Program Files (x86)\iTunes
2011-06-01 22:52:16 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-06-01 22:52:16 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-06-01 22:52:16 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-06-01 22:52:16 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-06-01 22:52:16 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-06-01 22:52:16 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-06-01 22:52:16 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-06-01 22:48:54 -------- d--h--w- C:\Program Files\Bonjour
2011-06-01 22:48:54 -------- d--h--w- C:\Program Files (x86)\Bonjour
2011-05-25 00
51 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
.
==================== Find3M ====================
.
2011-04-15 07:22:12 0 ---ha-w- C:\Windows\SysWow64\sho666.tmp
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05
38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-06 22:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 22:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 22:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 22:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 22:20:16 91424 ---ha-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 22:20:16 75040 ---ha-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 22:20:16 197920 ---ha-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 22:20:16 107808 ---ha-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-29 03:32:44 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-03-29 03:32:29 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-03-29 03:32:20 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-03-29 03:32:16 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-03-29 03:32:16 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-03-29 03:32:13 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-03-29 03:32:09 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
.
============= FINISH: 0:31:32.22 ===============
-
Welcome aboard 
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================================== =============
You're not saying what the issues are.
Malwarebytes log is missing.
-
I apologize. The problem is all my files are gone, even my whole entire desktop. It's just a black screen. The only thing that works is the internet.
Here is the missing log
5. mbam
Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 6884
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/17/2011 9:46:40 PM
mbam-log-2011-06-17 (21-46-40).txt
Scan type: Quick scan
Objects scanned: 161958
Time elapsed: 2 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Please, always provide detailed info.
What exact files are missing?
-
Ok sorry, I'm not good with computers.
All of the content in my libraries does not show. Like my pictures, documents, etc.
I also don't have access to any program such as iTunes, Windows Media, the calculator, etc.
I keep getting messages like "RAM memory usage is critically high" and something mentioning limited space on disks.
-
Let's see, if we can recover your missing features.
Download and run UnHide
Newbie
