Inactive Windows not closing down...

[Inactive] Windows not closing down...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6711

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

6/13/2011 8:01:15 PM
mbam-log-2011-06-13 (20-01-15).txt

Scan type: Quick scan
Objects scanned: 141968
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-13 22:39:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320320AS rev.0303
Running: w6icwkx5.exe; Driver: C:\Users\SPIDER~1\AppData\Local\Temp\fgtdipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E86339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90E1F000, 0x2D5526, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtCreateFile + 6 773C55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtCreateFile + B 773C55D3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtMapViewOfSection + 6 773C5C2E 1 Byte [28]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtMapViewOfSection + 6 773C5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtMapViewOfSection + B 773C5C33 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenFile + 6 773C5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenFile + B 773C5CE3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenProcess + 6 773C5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenProcess + B 773C5D93 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenProcessToken + B 773C5DA3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenProcessTokenEx + 6 773C5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenProcessTokenEx + B 773C5DB3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenThread + 6 773C5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenThread + B 773C5E13 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenThreadToken + 6 773C5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenThreadToken + B 773C5E23 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtOpenThreadTokenEx + B 773C5E33 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtQueryAttributesFile + 6 773C5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtQueryAttributesFile + B 773C5F43 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtQueryFullAttributesFile + B 773C5FF3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtSetInformationFile + 6 773C663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtSetInformationFile + B 773C6643 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtSetInformationThread + 6 773C669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtSetInformationThread + B 773C66A3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtUnmapViewOfSection + 6 773C69BE 1 Byte [68]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtUnmapViewOfSection + 6 773C69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[1144] ntdll.dll!NtUnmapViewOfSection + B 773C69C3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + 6 773C55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + B 773C55D3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtMapViewOfSection + 6 773C5C2E 1 Byte [28]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtMapViewOfSection + 6 773C5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtMapViewOfSection + B 773C5C33 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + 6 773C5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + B 773C5CE3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + 6 773C5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + B 773C5D93 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + B 773C5DA3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + 6 773C5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + B 773C5DB3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + 6 773C5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + B 773C5E13 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + 6 773C5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + B 773C5E23 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + B 773C5E33 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + 6 773C5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + B 773C5F43 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + B 773C5FF3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + 6 773C663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + B 773C6643 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + 6 773C669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + B 773C66A3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtUnmapViewOfSection + 6 773C69BE 1 Byte [68]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtUnmapViewOfSection + 6 773C69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtUnmapViewOfSection + B 773C69C3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtCreateFile + 6 773C55CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtCreateFile + B 773C55D3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtMapViewOfSection + 6 773C5C2E 1 Byte [28]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtMapViewOfSection + 6 773C5C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtMapViewOfSection + B 773C5C33 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenFile + 6 773C5CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenFile + B 773C5CE3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcess + 6 773C5D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcess + B 773C5D93 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessToken + B 773C5DA3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessTokenEx + 6 773C5DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessTokenEx + B 773C5DB3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThread + 6 773C5E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThread + B 773C5E13 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadToken + 6 773C5E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadToken + B 773C5E23 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadTokenEx + B 773C5E33 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryAttributesFile + 6 773C5F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryAttributesFile + B 773C5F43 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryFullAttributesFile + B 773C5FF3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationFile + 6 773C663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationFile + B 773C6643 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationThread + 6 773C669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationThread + B 773C66A3 1 Byte [E2]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtUnmapViewOfSection + 6 773C69BE 1 Byte [68]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtUnmapViewOfSection + 6 773C69BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtUnmapViewOfSection + B 773C69C3 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3272] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3272] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3272] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3272] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3272] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556f669cb
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556f669cb (not active ControlSet)

---- EOF - GMER 1.0.15 ----

 

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-15 10:56:23
-----------------------------
10:56:23.248 OS Version: Windows 6.1.7601 Service Pack 1
10:56:23.248 Number of processors: 2 586 0x301
10:56:23.250 ComputerName: KEITHMOON UserName: Spiderpug
10:56:44.671 Initialize success
10:56:47.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:56:47.522 Disk 0 Vendor: ST9320320AS 0303 Size: 305245MB BusType: 11
10:56:49.547 Disk 0 MBR read successfully
10:56:49.553 Disk 0 MBR scan
10:56:49.559 Disk 0 Windows 7 default MBR code
10:56:51.581 Disk 0 scanning sectors +625139712
10:56:51.830 Disk 0 scanning C:\Windows\system32\drivers
10:57:03.695 Service scanning
10:57:06.186 Disk 0 trace - called modules:
10:57:06.448 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
10:57:06.458 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86292810]
10:57:06.468 3 CLASSPNP.SYS[8bb7f59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8623d030]
10:57:06.479 Scan finished successfully
10:57:19.363 Disk 0 MBR has been saved successfully to "C:\Users\Spiderpug\Desktop\MBR.dat "
10:57:19.392 The log file has been saved successfully to "C:\Users\Spiderpug\Desktop\aswMBR.txt "

 

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Spiderpug at 10:58:04 on 2011-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3198.2337 [GMT 12:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Spiderpug\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [Google Update] "c:\users\spiderpug\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 130.123.103.2 130.123.128.181 130.123.111.3
TCP: Interfaces\{AFEF2A80-0DD8-4DCB-9BF0-4773F1895756} : DhcpNameServer = 203.114.168.2 203.114.128.2
TCP: Interfaces\{C3816BF5-5B05-4E2C-8B18-A6135D8547C7} : DhcpNameServer = 130.123.103.2 130.123.128.181 130.123.111.3
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-30 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-29 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-29 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-29 61960]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-5-29 27320]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-30 1343400]
.
=============== Created Last 30 ================
.
2011-06-14 00:01:52 -------- d-----w- c:\program files\YouTube Downloader
2011-06-13 10:09:45 -------- d-----w- c:\users\spiderpug\appdata\roaming\Avira
2011-06-12 10:00:48 -------- d-----w- c:\program files\Guitar Pro 5
2011-06-10 01:04:58 -------- d-----w- c:\windows\system32\SPReview
2011-06-10 00:54:33 -------- d-----w- c:\windows\system32\EventProviders
2011-06-10 00:40:59 73216 ----a-w- c:\windows\system32\TabSvc.dll
2011-06-10 00:39:57 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-06-10 00:39:57 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-10 00:19:11 -------- d-----w- c:\program files\iPod
2011-06-07 03:54:20 -------- d-----w- c:\windows\pss
2011-06-02 02:42:59 -------- d-----w- c:\users\spiderpug\appdata\local\Adobe
2011-05-31 00:40:31 -------- d-----w- c:\program files\uTorrent
2011-05-31 00:39:47 -------- d-----w- c:\users\spiderpug\appdata\roaming\uTorrent
2011-05-30 11:35:19 -------- d-----w- c:\users\spiderpug\appdata\roaming\DC++
2011-05-30 11:35:19 -------- d-----w- c:\users\spiderpug\appdata\local\DC++
2011-05-30 10:42:35 -------- d-----w- c:\program files\DC++
2011-05-30 09:30:30 -------- d-----w- c:\program files\Synaptics
2011-05-30 09:28:02 6815264 ----a-w- c:\windows\system\DriveIcon.dll
2011-05-30 09:28:01 62464 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2011-05-30 08:43:39 -------- d-----w- c:\program files\CamStudio
2011-05-30 08:06:10 -------- d-----w- c:\windows\system32\Wat
2011-05-30 05:01:39 -------- d-----w- c:\windows\Panther
2011-05-30 04:21:46 -------- d-----r- C:\Favorites
2011-05-30 04:04:28 0 ----a-w- c:\windows\ativpsrm.bin
2011-05-30 00:47:52 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-30 00:47:30 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-30 00:47:30 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-30 00:47:28 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-30 00:47:27 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-30 00:47:26 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-30 00:47:26 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-30 00:47:26 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-30 00:47:26 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-30 00:41:42 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-29 10:24:58 -------- d-----w- c:\users\spiderpug\appdata\local\Apple Computer
2011-05-29 10:24:49 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-29 10:24:49 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-29 10:24:23 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-05-29 10:24:23 -------- d-----w- c:\program files\iTunes
2011-05-29 10:22:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-05-29 10:22:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-05-29 10:22:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-05-29 10:22:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-05-29 10:22:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-05-29 10:22:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-05-29 10:22:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-05-29 10:22:07 -------- d-----w- c:\users\spiderpug\appdata\local\Apple
2011-05-29 10:21:44 -------- d-----w- c:\program files\Bonjour
2011-05-29 10:15:47 -------- d-----w- c:\program files\CCleaner
2011-05-29 10:14:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-29 10:14:08 -------- d-----w- c:\programdata\Avira
2011-05-29 10:14:08 -------- d-----w- c:\program files\Avira
2011-05-29 10:07:21 -------- d-----w- c:\users\spiderpug\appdata\roaming\Malwarebytes
2011-05-29 10:07:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 10:07:16 -------- d-----w- c:\programdata\Malwarebytes
2011-05-29 10:07:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 10:07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 09:52:31 -------- d-----w- c:\users\spiderpug\appdata\roaming\SUPERAntiSpyware.com
2011-05-29 09:52:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-29 09:52:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-29 09:51:20 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-05-29 09:51:20 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-05-29 09:50:41 -------- d-----w- c:\windows\PCHEALTH
2011-05-29 09:48:22 -------- d-----w- c:\users\spiderpug\appdata\local\Microsoft Help
2011-05-29 09:44:01 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b49b6fb7-d42d-4e69-bb89-960c4cb419be}\mpengine.dll
2011-05-29 09:44:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-29 09:29:26 -------- d-----w- c:\users\spiderpug\appdata\local\Google
2011-05-29 09:29:13 -------- d-----w- c:\users\spiderpug\appdata\local\Deployment
2011-05-29 09:29:13 -------- d-----w- c:\users\spiderpug\appdata\local\Apps
2011-05-29 09:27:40 -------- d-----w- c:\users\spiderpug\appdata\local\ATI
2011-05-29 09:20:58 1784352 ----a-w- c:\windows\system32\WavesLib.dll
2011-05-29 09:19:22 14392 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2011-05-29 09:19:03 50176 ----a-w- c:\windows\system32\coinst.dll
2011-05-29 09:19:03 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-29 09:18:26 -------- d-----w- c:\program files\ATI
2011-05-29 09:18:24 -------- d-----w- c:\program files\ATI Technologies
2011-05-29 09:18:21 -------- d-sh--w- c:\windows\Installer
2011-05-29 09:17:43 -------- d-----w- c:\program files\Launch Manager
2011-05-29 09:15:57 -------- d-----w- C:\OEM
2011-05-29 09:15:56 992176 ----a-w- c:\program files\common files\installshield\updateservice\agent.exe
2011-05-29 09:15:56 86960 ----a-w- c:\program files\common files\installshield\updateservice\issch.exe
2011-05-29 09:15:56 394184 ----a-w- c:\program files\common files\installshield\updateservice\_isusres.dll
2011-05-29 09:15:56 283568 ----a-w- c:\program files\common files\installshield\updateservice\ISDM.exe
2011-05-29 09:14:34 -------- d-----w- c:\windows\system32\wbem\Performance
.
==================== Find3M ====================
.
2011-06-10 01:20:19 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-06 04:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 04:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 04:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 04:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 10:58:55.04 ===============

 

--------------------Attach------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/29/2011 9:12:05 PM
System Uptime: 6/15/2011 10:51:05 AM (0 hours ago)
.
Motherboard: Acer | | JV50PU
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket S1G2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 254.823 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Fingerprint Sensor
Device ID: USB\VID_08FF&PID_1600\5&1AD35B93&0&1
Manufacturer:
Name: Fingerprint Sensor
PNP Device ID: USB\VID_08FF&PID_1600\5&1AD35B93&0&1
Service:
.
==== System Restore Points ===================
.
RP23: 6/11/2011 3:50:57 PM - Removed WIDCOMM Bluetooth Software
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Reader X (10.0.1)
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Bonjour
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
DC++ 0.782
Google Chrome
Guitar Pro 5.2
iTunes
Launch Manager
Malwarebytes' Anti-Malware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
YouTube Downloader 2.7.4
.
==== Event Viewer Messages From Past Week ========
.
6/15/2011 10:51:18 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
6/15/2011 10:51:18 AM, Error: atikmdag [43029] - Display is not active
6/13/2011 11:24:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
6/13/2011 11:24:24 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2011 11:24:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments " " in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
6/13/2011 10:59:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Disk Defragmenter service to connect.
6/13/2011 10:59:27 AM, Error: Service Control Manager [7000] - The Disk Defragmenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2011 10:59:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service defragsvc with arguments " " in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
6/13/2011 10:23:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
6/10/2011 2:07:41 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "32" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -Embedding
6/10/2011 2:07:04 PM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.
6/10/2011 2:06:46 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The process cannot access the file because it is being used by another process.
.
==== End Of File ===========================

 

Logs

They are fine then , Wildfire just wanted to make sure my computer had no malware before continuing another thread

 

Hi Broni,

The issue was http://www.windowsbbs.com/windows-7/99311-windows-not-closing-down.html, the reason I advised a visit here was a prior infection caused spiderpug to reinstall windows but he/she then connected an infected external drive.

Thanks for looking though.