Greetings!

Im having a problem with my friends laptop itˇs acting out like when in fullscreen game it minimizes it and something comes to the screen for a split second. We canät see what it is. I did the Malware and etc scans. And here are the logs.

UPLOAD.EE - Download aswMBR.txt
UPLOAD.EE - Download DDS.txt
UPLOAD.EE - Download gmer.log
UPLOAD.EE - Download mbam-log-2011-12-01__10-28-13_.txt
UPLOAD.EE - Download Attatch.zip

I didint know with which the attach went

Thx to Digerati for guiding me here.

Sorry, but hope u guys can help me and my friend out here.

Thanks in advance. Let me know if u need anymore info about this laptop or anything.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ===

All logs have to be pasted into your reply.

Hello again.

It's my friends laptop and I don't know how long will it take, I go to school with him and he is pretty mad about his laptop. I think I just need a bit more time after every step and etc. So, I can't really understand atm are you talking about my other post or do you mean you will guide me here with steps?

Thanks

Take your time.
What I'm saying I'll not download any logs you uploaded somewhere.
You have to PASTE the content of all logs into your next reply.

Hello!

Sorry that I got it wrong. Anyway here are the logs.

PS! 1 log is missing GMER. I will get it soon.

aswMBR

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-28 1552
-----------------------------
1552.678 OS Version: Windows x64 6.1.7600
1552.678 Number of processors: 2 586 0x170A
1552.678 ComputerName: EMT-HP UserName: EMT
1554.596 Initialize success
1555.064 AVAST engine defs: 11112800
15:57:08.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:57:08.184 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
15:57:08.200 Disk 0 MBR read successfully
15:57:08.200 Disk 0 MBR scan
15:57:08.215 Disk 0 unknown MBR code
15:57:08.215 Service scanning
15:57:09.931 Modules scanning
15:57:09.931 Disk 0 trace - called modules:
15:57:09.947 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:57:09.947 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044c3060]
15:57:09.962 3 CLASSPNP.SYS[fffff88001bd143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002290050]
15:57:10.680 AVAST engine scan C:\Windows
15:57:13.098 AVAST engine scan C:\Windows\system32
15:58:34.608 AVAST engine scan C:\Windows\system32\drivers
15:58:43.329 AVAST engine scan C:\Users\EMT
16:03:28.341 AVAST engine scan C:\ProgramData
16:06:43.263 Scan finished successfully
16:07:11.265 Disk 0 MBR has been saved successfully to "C:\Users\EMT\Desktop\MBR.dat"
16:07:11.265 The log file has been saved successfully to "C:\Users\EMT\Desktop\aswMBR.txt"


Now malwarebytes log.

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Andmebaasi versioon: 8270

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1.12.2011 10:28:13
mbam-log-2011-12-01 (10-28-13).txt

Kontrolli tüüp: Kiirkontroll
Kontrollitud objekte: 166075
Kulunud aeg: 3 minutit, 27 sekundit

Nakatunud mälu objekte: 0
Nakatunud mälu mooduleid: 0
Nakatunud registrivõtmeid: 0
Nakatunud registri väärtusi: 0
Nakatunud registriandmeid: 0
Nakatunud kaustu: 0
Nakatunud faile: 0

Nakatunud mälu objekte:
(Pahavara ei tuvastatud)

Nakatunud mälu mooduleid:
(Pahavara ei tuvastatud)

Nakatunud registrivõtmeid:
(Pahavara ei tuvastatud)

Nakatunud registri väärtusi:
(Pahavara ei tuvastatud)

Nakatunud registriandmeid:
(Pahavara ei tuvastatud)

Nakatunud kaustu:
(Pahavara ei tuvastatud)

Sorry, It's in estonian. But I think you can figure it out, if not, i can do a english scan too so, just tell me.

DDS

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by EMT at 16:08:42 on 2011-11-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1257.372.1061.18.1979.708 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\ProgramData\EMT Internet\OnlineUpdate\ouc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\ProgramData\DatacardService\HWDeviceService64.e xe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\EMT\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\EMT\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\EMT\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uDefault_Page_URL = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
uURLSearchHooks: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTo0.dll
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
mURLSearchHooks: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTo0.dll
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live'i sisselogimisabiline: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTo0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
TB: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTo0.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\EMT\AppData\Local\Google\Update\GoogleUp date.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 194.126.197.30 194.126.115.18
TCP: Interfaces\{3C5FD619-4DCB-4EC3-A887-EB35184C18EC} : NameServer = 217.71.32.116 217.71.32.115
TCP: Interfaces\{4CB944F1-5E09-42E3-9A6C-2618D9055E83} : NameServer = 217.71.32.116 217.71.32.115
TCP: Interfaces\{5B9CE013-78B7-4AB0-A1BE-1C3D27498920} : NameServer = 217.71.32.116 217.71.32.115
TCP: Interfaces\{5BB2AE82-0FCE-45EB-90FE-6E68FBB5B8AF} : NameServer = 217.71.32.116 217.71.32.115
TCP: Interfaces\{D81EC57B-4B7B-4226-91E6-27B7CF3C0D81} : DhcpNameServer = 194.126.197.30 194.126.115.18
TCP: Interfaces\{D81EC57B-4B7B-4226-91E6-27B7CF3C0D81}\44967696D6161696C6D6 : DhcpNameServer = 194.204.0.1 213.168.18.146
TCP: Interfaces\{D81EC57B-4B7B-4226-91E6-27B7CF3C0D81}\4586F6D637F6E6D20383D27363D26464D283 53D28333D26463 : DhcpNameServer = 192.168.1.254
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live'i sisselogimisabiline: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTo0.dll
BHO-X64: uTorrentBar2 - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
TB-X64: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTo0.dll
TB-X64: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.s ys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-10 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswF sBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\driver s\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-23 44768]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-7-2 27192]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\Pro gramData\DataCardService\HWDeviceService64.exe [2011-3-14 346976]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-28 366152]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-20 315392]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\sys tem32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S2 EMT Internet. RunOuc;EMT Internet. OUC;C:\Program Files (x86)\EMT Internet\UpdateDog\ouc.exe [2011-11-1 246112]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VS TAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VS TDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVER S\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Teenus Windowsi aktiveerimise tehnoloogiad;C:\Windows\system32\Wat\WatAdminSvc.e xe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-11-28 12:42:55 -------- d-----w- C:\Users\EMT\AppData\Roaming\Malwarebytes
2011-11-28 12:42:39 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-28 12:42:36 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-28 12:42:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-25 17:53:09 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7D7D884-AA46-4117-8313-CC54D797C53A}\offreg.dll
2011-11-25 13:43:21 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7D7D884-AA46-4117-8313-CC54D797C53A}\mpengine.dll
2011-11-23 10:07:26 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-23 10:07:21 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-23 10:06:44 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-23 10:06:36 -------- d-----w- C:\ProgramData\AVAST Software
2011-11-23 10:06:36 -------- d-----w- C:\Program Files\AVAST Software
2011-11-15 13:32:13 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-11-15 13:31:55 -------- d-----w- C:\Users\EMT\AppData\Local\CrashDumps
2011-11-09 21:43:52 -------- d-----w- C:\ProgramData\OnlineUpdate
2011-11-09 21:43:52 -------- d-----w- C:\ProgramData\log
2011-11-09 19:25:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 19:25:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 19:25:42 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 19:25:40 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-01 09:18:13 -------- d-----w- C:\Program Files (x86)\EMT Internet
2011-10-30 10:09:58 -------- d-----w- C:\Users\EMT\AppData\Local\Microsoft Help
.
==================== Find3M ====================
.
2011-10-01 0320 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-21 16:25:47 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
.
============= FINISH: 16:12:39,90 ===============



I don't know did I have to put the Attach here. And It's in Estonian too, so, I think ill need to scan it again. Sorry.
Ill get those for tomorrow evening.

No problem

Hello again.

Well, I have the logs. But the GMER log was totally empty, so I have nothing to paste here. And sorry about the delay. And the log (Attach) which I made again, the result was the same, in estonian. Some Error:Service control manager: a lot of like last week errors etc. But those are in estonian. And I couldn't find a way to make them english. I tihnk I need more time to translate them. If you want the log then tell me, but ill give it without the error part, which I think is very important.

Thx again for help.

Post the log as it is.

Well, here goes nothin


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2.09.2011 7:27:28
System Uptime: 28.11.2011 14:52:24 (2 hours ago)
.
Motherboard: Hewlett-Packard | | 1605
Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz | CPU | 2095/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 202,634 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2,376 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP27: 1.11.2011 11:22:59 - Windows Update
RP28: 4.11.2011 11:14:14 - Windows Update
RP29: 8.11.2011 13:27:37 - Windows Update
RP30: 10.11.2011 1:07:10 - Windows Update
RP31: 11.11.2011 19:33:29 - Windows Update
RP33: 12.11.2011 8:11:32 - Windows Modules Installer
RP34: 23.11.2011 12:06:08 - avast! Free Antivirus Setup
RP35: 23.11.2011 21:38:18 - Windows Update
RP36: 25.11.2011 15:42:24 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3 - Estonian
Adobe Shockwave Player 11.5
Agatha Christie - Death on the Nile
µTorrent
avast! Free Antivirus
Bejeweled 2 Deluxe
Blackhawk Striker 2
BS Player Toolbar
BS.Player FREE
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Colin McRae Rally 04
Conduit Engine
CyberLink DVD Suite
CyberLink PowerDVD 9
CyberLink YouCam
DAEMON Tools Lite
Dora's Carnival Adventure
Elisa M-internet
EMT Internet
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
GameSpy Arcade
Google Chrome
GTA San Andreas
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest - Heritage
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware versioon 1.51.2.1300.
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Estonian) 2007
Microsoft Office Excel MUI (Latvian) 2007
Microsoft Office Excel MUI (Lithuanian) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Estonian) 2007
Microsoft Office OneNote MUI (Latvian) 2007
Microsoft Office OneNote MUI (Lithuanian) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Estonian) 2007
Microsoft Office PowerPoint MUI (Latvian) 2007
Microsoft Office PowerPoint MUI (Lithuanian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Estonian) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Latvian) 2007
Microsoft Office Proof (Lithuanian) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Estonian) 2007
Microsoft Office Proofing (Latvian) 2007
Microsoft Office Proofing (Lithuanian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Estonian) 2007
Microsoft Office Shared MUI (Latvian) 2007
Microsoft Office Shared MUI (Lithuanian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Estonian) 2007
Microsoft Office Word MUI (Latvian) 2007
Microsoft Office Word MUI (Lithuanian) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
Need for Speed Underground 2
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Recovery Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Zuma Deluxe
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
uTorrentBar2 Toolbar
Windows Live'i üleslaadimistööriist
Windows Live'i fotogalerii
Windows Live'i sisselogimisabimees
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Virtual Villagers - The Secret City
.
==== Event Viewer Messages From Past Week ========
.
28.11.2011 7:27:12, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
28.11.2011 7:27:12, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
28.11.2011 14:52:54, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
28.11.2011 14:52:54, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
28.11.2011 14:35:20, Error: Service Control Manager [7034] - HP Software Framework Service teenus lõpetati ootamatult. See on teinud seda 1 kord(a).
27.11.2011 12:09:10, Error: Service Control Manager [7034] - HP Software Framework Service teenus lõpetati ootamatult. See on teinud seda 1 kord(a).
27.11.2011 12:08:59, Error: Service Control Manager [7011] - Saabus aegumisperiood (30000 millisekundit)teenuse ShellHWDetection toimingu vastuse ooteajal.
27.11.2011 12:08:59, Error: Service Control Manager [7011] - Saabus aegumisperiood (30000 millisekundit)teenuse RtVOsdService toimingu vastuse ooteajal.
25.11.2011 19:50:47, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
25.11.2011 19:50:47, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
25.11.2011 18:19:20, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
25.11.2011 18:19:20, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
25.11.2011 17:11:10, Error: Service Control Manager [7011] - Saabus aegumisperiood (30000 millisekundit)teenuse HPWMISVC toimingu vastuse ooteajal.
25.11.2011 14:06:09, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
25.11.2011 14:06:09, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
25.11.2011 12:03:39, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
25.11.2011 12:03:39, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
24.11.2011 8:32:16, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
24.11.2011 8:32:16, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
24.11.2011 21:53:10, Error: Service Control Manager [7034] - HP Software Framework Service teenus lõpetati ootamatult. See on teinud seda 1 kord(a).
24.11.2011 12:16:46, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
24.11.2011 12:16:46, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
23.11.2011 18:54:49, Error: Service Control Manager [7034] - HP Software Framework Service teenus lõpetati ootamatult. See on teinud seda 1 kord(a).
23.11.2011 17:37:06, Error: bowser [8003] - The master browser has received a server announcement from the computer KAPO-DAD9AD3EA8 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D81EC57B-4B7B-4226-91E6-27B7CF3C0D81}. The master browser is stopping or an election is being forced.
23.11.2011 17:36:05, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
23.11.2011 14:13:13, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
23.11.2011 14:13:13, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
23.11.2011 12:30:39, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
23.11.2011 12:30:39, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
23.11.2011 12:03:47, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
23.11.2011 12:03:47, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
23.11.2011 10:02:29, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
23.11.2011 10:02:29, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
22.11.2011 14:00:26, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
22.11.2011 14:00:26, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
21.11.2011 7:14:14, Error: Service Control Manager [7009] - Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. OUC.
21.11.2011 7:14:14, Error: Service Control Manager [7000] - Teenuse EMT Internet. OUC käivitamine nurjus järgmise tõrke tõttu: Teenus ei vastanud õigeaegselt käivitus- või kontrolltaotlusele.
21.11.2011 12:16:30, Error: Service Control Manager [7034] - HP Software Framework Service teenus lõpetati ootamatult. See on teinud seda 1 kord(a).
.
==== End Of File ===========================

Good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!