Inactive Google Redirect

shaywillow11 · 2011/03/30

[Inactive] Google Redirect

I am having a problem with my computer. Web pages are being redirected, internet keeps freezing up, and computer keeps restarting randomly. I have ran malwarebytes, and spydoctor. They didn't fix anything. Please help!

wildfire · 2011/03/30

Hi shaywillow, Welcome to Windows BBS

Please follow these instructions as indicated at the top of the forumand post the requested Logs in this thread.

As a member with less than 10 posts some of the logs will take time to come through as they must be moderated due to URL's so please be patient.

shaywillow11 · 2011/03/30

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-30 15:19:00
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST325031 rev.CC45
Running: 7g6u8y4n.exe; Driver: C:\Users\John\AppData\Local\Temp\pxldypog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C48589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6D092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spsc.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 91DBACA0 5 Bytes JMP 8738D1D8
.text axh69rec.SYS 9223B000 12 Bytes [44, A8, 01, 83, EE, A6, 01, ...] {INC ESP; TEST AL, 0x1; SUB ESI, -0x5a; ADD [EBX-0x7cfe7860], EAX}
.text axh69rec.SYS 9223B00D 9 Bytes [87, 01, 83, 48, AB, 01, 83, ...] {XCHG [ECX], EAX; OR DWORD [EAX-0x55], 0x1; ADD DWORD [EAX], 0x0}
.text axh69rec.SYS 9223B017 41 Bytes [00, DE, B7, 58, 83, E6, B5, ...]
.text axh69rec.SYS 9223B041 128 Bytes [D6, C6, 82, 60, D5, C6, 82, ...]
.text axh69rec.SYS 9223B0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtProtectVirtualMemory 77D651C0 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtWriteVirtualMemory 77D65D40 5 Bytes JMP 0019000A
.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!KiUserExceptionDispatcher 77D66298 5 Bytes JMP 0013000A
.text C:\Windows\system32\svchost.exe[1012] ole32.dll!CoCreateInstance 778B590C 5 Bytes JMP 004A000A
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!GetCursorPos 77E8C198 5 Bytes JMP 00EE000A
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!GetForegroundWindow 77E9565D 5 Bytes JMP 00F0000A
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!WindowFromPoint 77EB6D0C 5 Bytes JMP 00EF000A
.text C:\Windows\explorer.exe[3180] ntdll.dll!NtProtectVirtualMemory 77D651C0 5 Bytes JMP 017B000A
.text C:\Windows\explorer.exe[3180] ntdll.dll!NtWriteVirtualMemory 77D65D40 5 Bytes JMP 017C000A
.text C:\Windows\explorer.exe[3180] ntdll.dll!KiUserExceptionDispatcher 77D66298 5 Bytes JMP 017A000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2244] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2244] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2244] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2244] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2244] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2244] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74AF2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74AD5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74AD56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74AF250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74AE8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74AE4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74AE50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [74AE51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74AE66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74AE82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74AE8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74AE907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74AEE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[3180] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74AE4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLFH3E11\s[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3ED8VGZ\at[2].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mywinesdirect[2].txt 789 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CADUQU5L.txt 604 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CARGV5W9.txt 112 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@live.37millionminutes[4].txt 502 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CACLR9PZ.txt 113 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CA9DTUSQ.txt 86 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@recs.richrelevance[3].txt 117 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CAFNZ3CO.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shopica[2].txt 100 bytes

---- EOF - GMER 1.0.15 ----

shaywillow11 · 2011/03/30

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro 220 Series
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 147):
0x82C05000 \SystemRoot\system32\ntkrnlpa.exe
0x83015000 \SystemRoot\system32\halmacpi.dll
0x87230000 \SystemRoot\system32\kdcom.dll
0x83227000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8329F000 \SystemRoot\system32\PSHED.dll
0x832B0000 \SystemRoot\system32\BOOTVID.dll
0x832B8000 \SystemRoot\system32\CLFS.SYS
0x832FA000 \SystemRoot\system32\CI.dll
0x8340E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8347F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8348D000 \SystemRoot\System32\Drivers\spsc.sys
0x83580000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x83589000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x835AF000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x835F7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83400000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x833A5000 \SystemRoot\system32\DRIVERS\pci.sys
0x833CF000 \SystemRoot\System32\drivers\partmgr.sys
0x833E0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83613000 \SystemRoot\System32\drivers\volmgrx.sys
0x8365E000 \SystemRoot\System32\drivers\mountmgr.sys
0x83674000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8374E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83757000 \SystemRoot\system32\drivers\fltmgr.sys
0x8378B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8379C000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B215000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B344000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B36F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B382000 \SystemRoot\System32\Drivers\cng.sys
0x8B3DF000 \SystemRoot\System32\drivers\pcw.sys
0x8B3ED000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B431000 \SystemRoot\system32\drivers\ndis.sys
0x8B4E8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B526000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B54B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B58A000 \SystemRoot\System32\Drivers\spldr.sys
0x8B592000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B5BF000 \SystemRoot\System32\Drivers\mup.sys
0x8B5CF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x837A6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B5D7000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8FEF8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FF17000 \SystemRoot\System32\Drivers\Null.SYS
0x8FF1E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FF25000 \SystemRoot\System32\drivers\vga.sys
0x8FF31000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FF52000 \SystemRoot\System32\drivers\watchdog.sys
0x8FF5F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FF67000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FF6F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8FF77000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FF82000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90832000 \SystemRoot\System32\drivers\tcpip.sys
0x9097B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x909AC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x909C3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FF90000 \SystemRoot\system32\drivers\afd.sys
0x909CE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90800000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90807000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FFEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x837D8000 \SystemRoot\system32\DRIVERS\serial.sys
0x8B200000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x83600000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9063E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9067F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90689000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90693000 \SystemRoot\System32\drivers\discache.sys
0x9069F000 \SystemRoot\System32\Drivers\dfsc.sys
0x906B7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x906C5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x906E6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91435000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x906F8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91D52000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91D8B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91D96000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91DE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x907AF000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x9141F000 \SystemRoot\system32\DRIVERS\serenum.sys
0x90600000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91DF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91429000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9223A000 \SystemRoot\System32\Drivers\axh69rec.SYS
0x92273000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x92280000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92292000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x922AA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x922B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x922D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x922EF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92306000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9231D000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x92323000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92330000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92332000 \SystemRoot\system32\DRIVERS\ks.sys
0x92366000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92374000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x923B8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x96C3E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x96E7E000 \SystemRoot\system32\drivers\portcls.sys
0x96EAD000 \SystemRoot\system32\drivers\drmk.sys
0x97C40000 \SystemRoot\System32\win32k.sys
0x96EC6000 \SystemRoot\System32\drivers\Dxapi.sys
0x96ED0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x96EE7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96EE9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x96EF6000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96FD0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8C435000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0x8CAA5000 \SystemRoot\system32\drivers\usbaudio.sys
0x8CAB9000 \SystemRoot\system32\DRIVERS\lvrs.sys
0x8CAF9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8CB04000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CB0F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CB22000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CB29000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97EA0000 \SystemRoot\System32\TSDDD.dll
0x97ED0000 \SystemRoot\System32\cdd.dll
0x8CB34000 \SystemRoot\system32\drivers\luafv.sys
0x8CB4F000 \SystemRoot\system32\drivers\WudfPf.sys
0x8CB69000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CB79000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8FE00000 \SystemRoot\system32\drivers\HTTP.sys
0x8CB8C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8CBA5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8CBB7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x96C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CBDA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAFC1B000 \SystemRoot\system32\drivers\peauth.sys
0xAFCB2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAFCBC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAFCDD000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAFCEA000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAFD39000 \SystemRoot\System32\DRIVERS\srv.sys
0xAFD8A000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xAFDCB000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAFD8F000 \??\C:\Users\John\AppData\Local\Temp\pxldypog.sys
0x77D20000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x47660000 \Windows\System32\smss.exe
0x77F60000 \Windows\System32\apisetschema.dll
0x00BA0000 \Windows\System32\autochk.exe
0x77E80000 \Windows\System32\user32.dll

Processes (total 54):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
444 csrss.exe
508 C:\Windows\System32\wininit.exe
516 csrss.exe
556 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\lsm.exe
612 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\spoolsv.exe
1496 C:\Windows\System32\svchost.exe
1700 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1796 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
1988 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1400 C:\Program Files\Bonjour\mDNSResponder.exe
1928 C:\Program Files\GameTracker\GSInGameService.exe
364 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
908 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
464 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
2080 C:\Program Files\RealVNC\VNC4\winvnc4.exe
2176 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2244 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2372 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2436 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2576 C:\Windows\System32\SearchIndexer.exe
2632 C:\Windows\System32\svchost.exe
2792 C:\Windows\System32\svchost.exe
3432 C:\Program Files\Windows Media Player\wmpnetwk.exe
3648 C:\Windows\System32\svchost.exe
1600 dllhost.exe
1624 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3180 C:\Windows\explorer.exe
2348 C:\Windows\System32\dwm.exe
3256 C:\Windows\System32\audiodg.exe
3264 C:\Program Files\AOL Desktop 9.6\waol.exe
1432 C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
3520 C:\Program Files\AOL Desktop 9.6\shellmon.exe
2648 C:\Program Files\Common Files\AOL\1261331075\ee\aolsoftware.exe
1332 C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
3100 C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
3892 C:\Program Files\Common Files\AOL\1261331075\ee\aolupdates.exe
2508 C:\Windows\System32\SearchProtocolHost.exe
3356 C:\Windows\System32\SearchFilterHost.exe
3108 C:\Users\John\Desktop\MBRCheck.exe
3196 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: ST3250318AS, Rev: CC45

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B

Done!

shaywillow11 · 2011/03/30

DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/8/2009 14:21:51
System Uptime: 3/30/2011 14:41:10 (2 hours ago)
.
Motherboard: Dell Inc. | | 0JJW8N
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 1581/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 153.492 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0001
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW) #2
PNP Device ID: ROOT\NET\0001
Service: wanatw
.
==== System Restore Points ===================
.
RP463: 3/26/2011 23:44:55 - Windows Update
RP476: 3/27/2011 09:25:46 - [PRODUCTNAME]: Cleaning Threats
RP477: 3/27/2011 09:26:44 - [PRODUCTNAME]: Cleaning Threats
RP465: 3/27/2011 10:45:31 - RegRun Virus Scan
RP467: 3/27/2011 11:28:31 - Made by Registry Mechanic
RP469: 3/27/2011 11:31:41 - Made by Registry Mechanic
RP471: 3/27/2011 11:35:49 - Made by Registry Mechanic
RP473: 3/27/2011 11:45:15 - Made by Registry Mechanic
RP475: 3/27/2011 19:08:32 - Made by Registry Mechanic
RP478: 3/27/2011 22:49:42 - Spyware Doctor: Cleaning Threats
RP480: 3/28/2011 06:01:15 - Made by Registry Mechanic
RP481: 3/28/2011 18:58:10 - Removed ItsDeductible Express
RP483: 3/28/2011 22:51:36 - RegRun Virus Scan
RP485: 3/28/2011 22:53:14 - RegRun Virus Scan
RP487: 3/28/2011 23:01:01 - RegRun Virus Scan
RP489: 3/28/2011 23:05:37 - RegRun Virus Scan
RP491: 3/28/2011 23:10:44 - RegRun Virus Scan
RP492: 3/30/2011 12:42:29 - Restore Operation
.
==== Installed Programs ======================
.
.
µTorrent
3.4.0.9271.1
Adobe Download Manager

shaywillow11 · 2011/03/30

DDS (Ver_11-03-05.01) - NTFSx86
Run by John at 15:54:56.68 on Wed 03/30/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.1533 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\explorer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\Common Files\AOL\1261331075\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - MediaBar
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: {C26CD490-5F01-41E3-B150-EB29F19DA056} - No File
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - Updater For Simppull Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: QuickNet: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - QuickNet BHO
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [WebCamRT.exe]
uRun: [WindowsLivePhone] "c:\program files\windows live\device manager\msgrdvmn.exe" /AutoRun
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
mRun: [QCDriverInstaller] c:\progra~1\common~1\logitech\qcdriver\Lqdsw.exe /addrun /l 1033 /LaunchAtStart
mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [WindowsLivePhone] c:\program files\windows live\device manager\msgrdvmn.exe /AutoRun
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HostManager] c:\program files\common files\aol\1261331075\ee\AOLSoftware.exe
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: turbotax.com
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\1hi6e47z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\1hi6e47z.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\1hi6e47z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\1hi6e47z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\1hi6e47z.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\john\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\john\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\1hi6e47z.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: XUL Cache: {899ee1ed-ad96-4d58-b545-9c296af4a679} - %profile%\extensions\{899ee1ed-ad96-4d58-b545-9c296af4a679}
FF - Ext: Green Fox: {d122ad80-ff45-11dd-87af-0800200c9a66} - %profile%\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Shop to Win: {5835466c-49af-4cbe-b102-a8c8b6313749} - %profile%\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\john\appdata\roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-11-21 81920]
R2 GS In-Game Service;GS In-Game Service;c:\program files\gametracker\GSInGameService.exe [2010-11-9 1677096]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-26 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca7a2c2c580a66;Google Update Service (gupdate1ca7a2c2c580a66);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 133104]
S2 srvA14;srvA14;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-3-28 24416]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-4 1343400]
S3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [2011-1-19 23608]
.
=============== Created Last 30 ================
.
2011-03-30 18:21:07 -------- d-----w- c:\program files\SIW
2011-03-30 17:49:39 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-30 17:49:18 -------- d-----w- c:\progra~2\Hitman Pro
2011-03-29 02:53:31 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-03-29 02:48:56 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-03-27 20:58:05 691 ----a-w- c:\users\john\appdata\roaming\GetValue.vbs
2011-03-27 20:58:05 35 ----a-w- c:\users\john\appdata\roaming\SetValue.bat
2011-03-27 20:58:05 2820 ----a-w- c:\windows\system32\tmp.reg
2011-03-27 15:23:28 -------- d-----w- c:\program files\RegTweaker
2011-03-27 14:46:27 -------- d-----w- C:\BackSys
2011-03-27 14:43:40 2 --shatr- c:\windows\winstart.bat
2011-03-27 13:30:22 -------- d-----w- c:\users\john\appdata\local\assembly
2011-03-27 00:11:39 -------- d-----w- c:\users\john\appdata\roaming\PCTools
2011-03-26 22:17:20 -------- d-----w- c:\users\john\appdata\roaming\Registry Mechanic
2011-03-26 21:29:53 767952 ----a-w- c:\windows\BDTSupport.dll0302.old
2011-03-26 21:29:53 2000848 ----a-w- c:\windows\PCTBDCore.dll0302.old
2011-03-26 21:29:53 149456 ----a-w- c:\windows\SGDetectionTool.dll0302.old
2011-03-26 17:48:58 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{cc5e591d-9678-4967-aeda-526a63fbc5a4}\mpengine.dll
2011-03-26 17:13:59 -------- d-----w- c:\program files\AML Products
2011-03-25 17:26:39 -------- d-----w- c:\users\john\appdata\local\Threat Expert
2011-03-25 04:41:46 -------- d-----w- c:\progra~2\SafeReturner
2011-03-25 04:06:33 -------- d-----w- c:\program files\PC Tools Security
2011-03-25 04:05:27 -------- d-----w- c:\progra~2\PC Tools
2011-03-09 23:58:26 -------- d-----w- c:\program files\Autokick
2011-03-09 11:59:23 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 11:59:23 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 11:59:23 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 11:59:22 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 11:59:22 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 11:59:22 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 11:59:22 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 11:59:22 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 11:59:22 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 02:00:40 -------- d-----w- c:\program files\iPod
2011-03-03 00:39:55 -------- d-----w- c:\program files\AOL Desktop 9.6
.
==================== Find3M ====================
.
2011-03-09 23:58:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-09 23:58:22 249856 ----a-w- c:\windows\Setup1.exe
2011-02-26 01:19:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-02 22:11:20 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-01-17 22:40:09 1179711 ----a-w- c:\windows\unins000.exe
2011-01-13 21:38:02 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-01-13 11:19:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-13 11:19:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST325031 rev.CC45 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F175D9]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f1d970]; MOV EAX, [0x86f1d9ec]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C41448] -> \Device\Harddisk0\DR0[0x86EF7AA0]
3 CLASSPNP[0x8B40459E] -> ntkrnlpa!IofCallDriver[0x82C41448] -> [0x873A4F08]
\Driver\iaStor[0x86EF9238] -> IRP_MJ_CREATE -> 0x86F175D9
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST3250318AS_____________________________CC45____#4&4fd8e30&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488281248 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 16:00:38.49 ===============

shaywillow11 · 2011/03/30

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 6198

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/30/2011 17:19:07
mbam-log-2011-03-30 (17-19-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 292743
Time elapsed: 1 hour(s), 36 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\srvA14.tmp (Trojan.BlueSRV.Gen) -> Delete on reboot.

Admin. · 2011/03/30

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2011/03/30

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================

Attach.txt log is incomplete.
Please, repost it.

I don't see any antivirus program running.
We'll get back to it in a moment, but first we have to deal with a rootkit.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

shaywillow11 · 2011/03/31

Okay I just ran the tdss killer. At the end it asked me to reboot, I did, and now I can't even get windows to start up. Keeps trying to repair itself, but after about 10 try's,it says unable to reair. I tried system restore, and it says it failed. Any suggestions? It has never done this before.

broni · 2011/03/31

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

shaywillow11 · 2011/03/31

I am not able to download anything right now, and only have 1 computer.

wildfire · 2011/03/31

Can't you download OTLPE on your working computer or from a friends/library/internet cafe and burn it from there?

shaywillow11 · 2011/03/31

I will try to use someone elses in the next couple of days to download from.

broni · 2011/03/31

That's the way to go

shaywillow11 · 2011/04/04

Please bare with me, I haven't been able to get to another computer to download the last program. I will be able to in the next couple of days for sure, and update you on the results. Thanks

broni · 2011/04/04

Not a problem.
Thank you for the update

shaywillow11 · 2011/04/07

Okay, i followed your instructions above, and when I put the cd in my computer, it loaded the program, but in the beginning it said windows xp, and I am running windows 7. After the windows xp screen, a blue screen came up and nothing else.

broni · 2011/04/07

Please, retry.
If same thing happens, try to boot the computer, you're posting from with the very same CD.
See, if it'll boot fine.

shaywillow11 · 2011/04/07

Actually, I am posting from my iPhone. I don't have another computer here. I used my friends to make the cd. Does it matter that it said windows xp?

Log in or Sign up

Inactive Google Redirect

shaywillow11 Inactive Thread Starter

wildfire Getting Old

shaywillow11 Inactive Thread Starter

shaywillow11 Inactive Thread Starter

shaywillow11 Inactive Thread Starter

shaywillow11 Inactive Thread Starter

shaywillow11 Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

wildfire Getting Old

shaywillow11 Inactive Thread Starter

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Google Redirect

shaywillow11 Inactive Thread Starter

wildfire Getting Old

shaywillow11 Inactive Thread Starter

shaywillow11 Inactive Thread Starter

shaywillow11 Inactive Thread Starter

shaywillow11 Inactive Thread Starter

shaywillow11 Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

wildfire Getting Old

shaywillow11 Inactive Thread Starter

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

broni Moderator Malware Analyst

shaywillow11 Inactive Thread Starter

Share This Page

Useful Searches