1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Windows 7 TORPIG/ANSERIN

Discussion in 'Malware and Virus Removal Archive' started by LimpyLegs, 2012/02/18.

Thread Status:
Not open for further replies.
  1. 2012/02/18
    LimpyLegs

    LimpyLegs Inactive Thread Starter

    Joined:
    2012/02/18
    Messages:
    6
    Likes Received:
    0
    [Inactive] Windows 7 TORPIG/ANSERIN

    I was visiting another forum that had told me that my IP was banned because it had detected that my MBR was possibly infected with the TORPIG/ANSERIN virus and it got me worried,bringing myself here I have followed all instructions giving at the beginning of the forum hoping that one of you will verify this for me,here are my logs -

    Malwarebytes:
    ----------------------------------------
    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.18.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Administrator :: RICHARD-PC [administrator]

    Protection: Enabled

    2/18/2012 8:46:26 PM
    mbam-log-2012-02-18 (20-46-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 201905
    Time elapsed: 8 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\richard\AppData\Roaming\ZiNixZ.txt (Stolen.Data) -> Quarantined and deleted successfully.

    (end)

    GMER:
    -----------------------------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-18 21:26:10
    Windows 6.1.7601 Service Pack 1
    Running: u78jb5sy.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761ee4d2
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761ee4d2@00081bee0a95 0xEE 0xEC 0xD5 0x33 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761ee4d2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761ee4d2@00081bee0a95 0xEE 0xEC 0xD5 0x33 ...

    ---- EOF - GMER 1.0.15 ----

    aswMBR
    --------------------------------------------------------------------------
    aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-18 21:28:18
    -----------------------------
    21:28:18.417 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:28:18.417 Number of processors: 1 586 0x170A
    21:28:18.417 ComputerName: RICHARD-PC UserName:
    21:28:18.978 Initialize success
    21:28:19.883 AVAST engine defs: 12021802
    21:28:30.507 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:28:30.507 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 238475MB BusType: 3
    21:28:30.538 Disk 0 MBR read successfully
    21:28:30.538 Disk 0 MBR scan
    21:28:30.569 Disk 0 Windows 7 default MBR code
    21:28:30.569 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    21:28:30.600 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223919 MB offset 409600
    21:28:30.631 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14252 MB offset 458995712
    21:28:30.663 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
    21:28:30.663 Service scanning
    21:29:24.358 Modules scanning
    21:29:24.358 Disk 0 trace - called modules:
    21:29:24.467 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
    21:29:25.029 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031ef360]
    21:29:25.029 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002271050]
    21:29:25.918 AVAST engine scan C:\Windows
    21:29:38.975 AVAST engine scan C:\Windows\system32
    21:33:36.798 AVAST engine scan C:\Windows\system32\drivers
    21:33:49.746 AVAST engine scan C:\Users\Administrator
    21:34:02.959 AVAST engine scan C:\ProgramData
    21:36:51.314 Scan finished successfully
    21:39:56.424 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Documents\MBR.dat "
    21:39:56.424 The log file has been saved successfully to "C:\Users\Administrator\Documents\aswMBR.txt "
     
    LimpyLegs,
    #1
  2. 2012/02/18
    LimpyLegs

    LimpyLegs Inactive Thread Starter

    Joined:
    2012/02/18
    Messages:
    6
    Likes Received:
    0
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Administrator at 21:40:37 on 2012-02-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.314 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG10\avgfws.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    C:\Program Files (x86)\AVG\AVG10\avgam.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\ComboFix\REGT.3XE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mURLSearchHooks: H - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{2C62AC92-7CE8-48D2-A69F-8B82962ED5F3} : DhcpNameServer = 8.8.8.8
    TCP: Interfaces\{2FA37FA0-BDA4-4A53-BCF9-27A325F26A3D} : DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
    TCP: Interfaces\{E3D1F8EA-F656-4D3B-AC92-E1BAEE5A6771} : DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{E3D1F8EA-F656-4D3B-AC92-E1BAEE5A6771}\D416272796F64747 : DhcpNameServer = 12.127.16.68 12.127.17.72
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
    TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\g0z85lbo.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 AvgTdiA;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-18 44768]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-18 652360]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-19 1153368]
    R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
    R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-2-3 909152]
    R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-15 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
    S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-8-20 167264]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-15 136176]
    S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 massfilter;MBB Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\system32\DRIVERS\PTDUBus.sys --> C:\Windows\system32\DRIVERS\PTDUBus.sys [?]
    S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\system32\DRIVERS\PTDUMdm.sys --> C:\Windows\system32\DRIVERS\PTDUMdm.sys [?]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\system32\DRIVERS\PTDUVsp.sys --> C:\Windows\system32\DRIVERS\PTDUVsp.sys [?]
    S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\system32\DRIVERS\PTDUWFLT.sys --> C:\Windows\system32\DRIVERS\PTDUWFLT.sys [?]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\system32\DRIVERS\PTDUWWAN.sys --> C:\Windows\system32\DRIVERS\PTDUWWAN.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S3 ZTEusbgps;ZTE GPS Port;C:\Windows\system32\DRIVERS\ZTEusbgps.sys --> C:\Windows\system32\DRIVERS\ZTEusbgps.sys [?]
    S3 ZTEusbnmeaext;ZTE NMEAExt Port;C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys --> C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys [?]
    S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-27 98208]
    S4 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-02-19 01:51:14 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-02-19 01:51:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-02-19 01:50:02 41184 ----a-w- C:\Windows\avastSS.scr
    2012-02-19 01:49:44 -------- d-----w- C:\ProgramData\AVAST Software
    2012-02-19 01:49:44 -------- d-----w- C:\Program Files\AVAST Software
    2012-02-19 01:46:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2012-02-19 01:46:11 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-02-18 23:31:36 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
    2012-02-18 23:18:29 98816 ----a-w- C:\Windows\sed.exe
    2012-02-18 23:18:29 518144 ----a-w- C:\Windows\SWREG.exe
    2012-02-18 23:18:29 256000 ----a-w- C:\Windows\PEV.exe
    2012-02-18 23:18:29 208896 ----a-w- C:\Windows\MBR.exe
    2012-02-18 23:18:16 -------- d-s---w- C:\ComboFix
    2012-02-18 04:41:59 -------- d-----w- C:\Windows\en
    2012-02-18 04:02:55 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2012-02-18 04:02:55 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2012-02-18 04:02:54 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2012-02-18 04:02:54 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2012-02-18 04:02:41 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28d632f31ccedf202\DSETUP.dll
    2012-02-18 04:02:41 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28d632f31ccedf202\DXSETUP.exe
    2012-02-18 04:02:41 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28d632f31ccedf202\dsetup32.dll
    2012-02-18 04:02:02 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\10ba36851ccedf201\DSETUP.dll
    2012-02-18 04:02:02 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\10ba36851ccedf201\DXSETUP.exe
    2012-02-18 04:02:02 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\10ba36851ccedf201\dsetup32.dll
    2012-02-18 03:26:41 -------- d-----w- C:\Program Files (x86)\mIRC
    2012-02-18 00:55:58 -------- d-----r- C:\Program Files (x86)\Skype
    2012-02-18 00:51:02 -------- d-----w- C:\ProgramData\McAfee Security Scan
    2012-02-18 00:50:55 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
    2012-02-16 04:25:52 -------- d-----w- C:\Program Files (x86)\PhotoScape
    2012-02-15 08:00:59 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-15 08:00:59 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-15 08:00:58 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-15 08:00:58 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-15 08:00:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2012-02-15 08:00:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2012-02-15 07:24:06 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-15 07:24:05 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-02-15 07:23:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-02-15 07:23:58 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-02-08 04:00:57 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
    2012-02-07 21:29:56 -------- d-----w- C:\Program Files\HP
    2012-02-07 19:43:07 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
    2012-02-07 19:42:42 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
    2012-02-07 19:42:38 -------- d-----w- C:\ProgramData\HP Photo Creations
    2012-02-07 19:42:38 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
    2012-02-07 19:42:33 -------- d-----w- C:\Program Files (x86)\Coupons
    2012-02-06 05:11:52 -------- d-----w- C:\Program Files (x86)\Maxis
    2012-02-04 22:49:48 -------- d-----w- C:\Program Files\PeerBlock
    2012-02-04 20:10:33 1073741824 --sha-w- C:\zPagefile.sys
    2012-02-04 14:25:53 -------- d-----w- C:\Program Files (x86)\EA GAMES
    2012-02-04 14:25:52 442368 ----a-r- C:\Windows\SysWow64\vp6vfw.dll
    2012-02-04 14:22:49 -------- d-----w- C:\Program Files (x86)\MagicISO
    2012-02-01 14:27:34 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Memeo
    2012-02-01 14:27:33 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Seagate
    2012-01-30 02:26:19 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-30 02:26:19 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-30 02:26:19 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-30 02:26:19 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-30 02:25:27 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-30 02:25:27 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-30 02:25:19 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-30 02:25:19 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    .
    ==================== Find3M ====================
    .
    2012-02-18 00:53:36 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
    2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 21:41:42.15 ===============
     
    LimpyLegs,
    #2


  3. to hide this advert.

  4. 2012/02/18
    LimpyLegs

    LimpyLegs Inactive Thread Starter

    Joined:
    2012/02/18
    Messages:
    6
    Likes Received:
    0
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/27/2011 11:45:22 AM
    System Uptime: 2/18/2012 5:42:58 PM (4 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1484
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 219 GiB total, 82.021 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.302 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
    F: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Privacyware Filter Driver
    Device ID: ROOT\LEGACY_PWIPF6\0000
    Manufacturer:
    Name: Privacyware Filter Driver
    PNP Device ID: ROOT\LEGACY_PWIPF6\0000
    Service: pwipf6
    .
    ==== System Restore Points ===================
    .
    RP178: 2/10/2012 3:47:37 AM - Scheduled Checkpoint
    RP179: 2/15/2012 3:00:13 AM - Windows Update
    RP180: 2/16/2012 3:00:13 AM - Windows Update
    RP181: 2/17/2012 10:59:28 PM - CheckIfInstallerIsBusy
    RP182: 2/17/2012 11:00:36 PM - Windows Live Essentials
    RP183: 2/17/2012 11:02:03 PM - Installed DirectX
    RP184: 2/17/2012 11:02:42 PM - Installed DirectX
    RP185: 2/17/2012 11:04:10 PM - WLSetup
    RP186: 2/18/2012 8:48:46 PM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.20
    AC3Filter (remove only)
    AC3Filter 1.63b
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Community Help
    Adobe Dreamweaver CS5
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    Build-a-lot 2
    Cake Mania
    CameraHelperMsi
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 8
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    DivX Setup
    Dora's Carnival Adventure
    erLT
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Faerie Solitaire
    FATE
    Google Earth
    Google Earth PRO 5
    Google Update Helper
    Guitar Pro 6
    HP Customer Experience Enhancements
    HP Deskjet 2050 J510 series Help
    HP Game Console
    HP Games
    HP Photo Creations
    HP Setup
    HP Smart Web Printing
    HP Software Framework
    HP Update
    HP User Guides 0178
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HTC Driver Installer
    InstaCodecs
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 30
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    KODAK Share Button App
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Security Scan Plus
    Messenger Companion
    Microsoft Default Manager
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets & Trips 2010
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable Package
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ Run Time Lib Setup
    Microsoft Works
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    muvee Reveal
    Mystery P.I. - The New York Fortune
    PdaNet for Android 3.02
    Penguins!
    PhotoScape
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Portable Office 2007
    Power2Go
    PowerDirector
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    REALTEK Wireless LAN Software
    Recovery Manager
    Replay Media Catcher 4 (4.2.8)
    Seagate Dashboard
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    SimCity 4 Deluxe
    Skype Click to Call
    Skype™ 5.8
    Spybot - Search & Destroy
    TextTwist 2
    The Sims 2
    The Sims 2 Open For Business
    The Sims™ 2 Bon Voyage
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    VC80CRTRedist - 8.0.50727.4053
    Verizon Wireless AC30 Firmware Updates
    Virtual Families
    Virtual Villagers - The Secret City
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    VZAccess Manager
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    World of Warcraft
    World of Warcraft Public Test
    Yahoo! Detect
    ZTE USB Drivers
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/18/2012 6:30:54 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/18/2012 6:26:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/18/2012 5:44:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pwipf6
    2/18/2012 5:27:32 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    2/18/2012 3:55:12 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/18/2012 3:55:12 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    2/18/2012 3:49:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2012 3:49:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/18/2012 3:49:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/18/2012 3:49:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/18/2012 3:49:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/18/2012 3:49:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache pwipf6 spldr Wanarpv6
    2/18/2012 3:05:58 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
    2/18/2012 2:30:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
    2/18/2012 12:49:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    2/17/2012 7:49:00 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR11.
    2/17/2012 12:41:58 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
    2/16/2012 2:14:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
    2/16/2012 12:54:43 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    2/14/2012 3:59:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    2/12/2012 2:34:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR23.
    2/12/2012 1:32:21 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR22.
    .
    ==== End Of File ===========================
     
    LimpyLegs,
    #3
  5. 2012/02/18
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #4
  6. 2012/02/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    You're running two AV programs, Avast and AVG.
    One of them has to go.
    If AVG use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

    Then....

    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter ".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt "
     
    broni,
    #5
  7. 2012/02/18
    LimpyLegs

    LimpyLegs Inactive Thread Starter

    Joined:
    2012/02/18
    Messages:
    6
    Likes Received:
    0
    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com
    Program version: 1.2.0.0
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601), 64-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;



    Press any key to quit...
     
    LimpyLegs,
    #6
  8. 2012/02/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #7
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...