Free Malware Removal Forum

[Bob4]

Nothing there in the way of malware either. I don't think this is malware related at this point.
Let's clean up a bit and move you to a forum that can better help you with this issue. I will list the forum you should visit at the bottom of this post.


__________________________
You should delete any of the tools we downloaded and used. No reason to keep outdated tools around

RSIT, DDS << delete them both


___________________________________
The following will implement some cleanup procedures for the tool we used as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u







____________________________
A few things to help with possible threats

These are optional . But will help protect you further.
and
Some of these you may already have.





________________________________________
Windows Updates
Be certain automatic updates is turned on for XP. - For Vista Or if you like to do it manually be sure to visit http://update.microsoft.com/ regularly. This requires internet explorer to do so.

This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
___________________________________

SpywareBlaster

Install SpywareBlaster

SpywareBlaster will add a large list of programs and sites to your Browser settings that will protect you from accidentally running or downloading known malicious programs.
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.



___________________________________
Download and Install a HOSTS File

Download HostsXpert and unzip it to your computer, somewhere where you can find it.

• Run HostsXpert
• If Hosts file is Read Only, click on Make Writeable, otherwise move on to next stage.
• Click Download button.
• Click MVPs Hosts
• Click Merge File
• Press OK to download latest MVPs update and merge it with your Hosts.
• When finished click File Handling
• Click Make Read Only to secure your Hosts file.
• Exit HostsXpert.

___________________________________
Make your Internet Explorer more secure
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

6. Next press the Apply button and then the OK to exit the Internet Properties page.



_______________________________________
So many people are point and click crazy either because there naive or their in a rush.

Always watch closely to any software your installing.
If they want to install something more than their program stop right there and investigate what it is they want to place on your computer.
If they give you the option not to install it choose that until you investigate it completely.
The more you install that you don't want or need the more you'll wish you didn't.





Here's a site with great advise on how to AVOID malware. Much easier to do than removing it.




_____________________________
Visit this site for help with your connection issues.
Point this out to them.

The computer has detected that the IP address 192.168.1.2 for the network with the network address
002185189570 already in use on the network. The computer will automatically try
to a different address it.

This may be of help and was taken from that last log.

Safe and happy surfing.

[Arno]

Nothing there in the way of malware either. I don't think this is malware related at this point.
Let's clean up a bit and move you to a forum that can better help you with this issue. I will list the forum you should visit at the bottom of this post.

Are you sure? Because downloads just continue and the connection is still there.

[Bob4]

What downloads are you talking about? I thought I was to understand that your connection was simply interrupted/dis-connected from time to time?


Download GMER's application from here

or

Here

Save it to your desktop.

Create a new folder in c: drive called Gmer

Click on Start then My Computer then double click Local Disk C:

Now right click anywhere on the open window and choose New then Folder Type in GMER and hit the Enter key.

Unzip the GMER zip file by double clicking on the desktop icon and save it to the GMER folder you just made.

Now Navigate to that folder (Gmer)
and double click the GMER.exe file

Click the Rootkit tab and click the Scan button.

IMPORTANT: Do NOT use the computer while the scan is in progress.

Please, do not select the "Show all" checkbox during the scan.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.


Pleas post that and a new HJT log

[Arno]

No, as like I said in the first post: The browsers don't work after a certain time, but downloads from usenet keep on downloading against full speed. And the connection is still working, according to Windows.

The log from GMER:
GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-12 03:14:00
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT spsl.sys ZwCreateKey [0xB9EA80E0]
SSDT spsl.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spsl.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spsl.sys ZwOpenKey [0xB9EA80C0]
SSDT spsl.sys ZwQueryKey [0xB9EC7108]
SSDT spsl.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spsl.sys ZwSetValueKey [0xB9EC719A]

INT 0x63 ? 8A54CBF8
INT 0x63 ? 8A54CBF8
INT 0x63 ? 8A54CBF8
INT 0x63 ? 8A54CBF8
INT 0x63 ? 8A1A4F00
INT 0x63 ? 8A1A4F00
INT 0x63 ? 8A54CBF8
INT 0x83 ? 8A54CBF8
INT 0x83 ? 8A54CBF8
INT 0x83 ? 8A1A4F00
INT 0x83 ? 8A54CBF8
INT 0x84 ? 8A1A4F00
INT 0xA4 ? 8A1A4F00
INT 0xB4 ? 8A1A4F00

---- Kernel code sections - GMER 1.0.15 ----

? spsl.sys Het systeem kan het opgegeven bestand niet vinden. !
.text USBPORT.SYS!DllUnload B8DF262C 5 Bytes JMP 8A1A44E0
.text awuu4snu.SYS B8D56386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text awuu4snu.SYS B8D563AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text awuu4snu.SYS B8D563C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text awuu4snu.SYS B8D563C9 1 Byte [2E]
.text awuu4snu.SYS B8D563C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4016] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 100300A3 C:\Program Files\Xfire\xfire_toucan_38312.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4016] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100301A3 C:\Program Files\Xfire\xfire_toucan_38312.dll (Xfire Toucan DLL/Xfire Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spsl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spsl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spsl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spsl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spsl.sys
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KfAcquireSpinLock] 8A000002
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!READ_PORT_UCHAR] 83880846
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KeGetCurrentIrql] 000001C0
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KfRaiseIrql] 2C4EB70F
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KfLowerIrql] 8303C183
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!HalGetInterruptVector] D103FCE1
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!HalTranslateBusAddress] 2E7E8366
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KeStallExecutionProcessor] 8D1C7400
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!KfReleaseSpinLock] 83893204
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00000218
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!READ_PORT_USHORT] 2E4EB70F
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 021C8B89
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[HAL.dll!WRITE_PORT_UCHAR] B70F0000
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[WMILIB.SYS!WmiSystemControl] 03D00304
IAT \SystemRoot\System32\Drivers\awuu4snu.SYS[WMILIB.SYS!WmiCompleteRequest] 0CB389F2

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A54B1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_PNP0884 \Device\00000042 spsl.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A303500
Device \Driver\usbuhci \Device\USBPDO-1 8A303500
Device \Driver\usbuhci \Device\USBPDO-2 8A303500
Device \Driver\usbehci \Device\USBPDO-3 8A0D5500
Device \Driver\usbuhci \Device\USBPDO-4 8A303500

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 8A303500
Device \Driver\usbuhci \Device\USBPDO-6 8A303500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4DD1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2777F4C0-82DD-41EB-A519-2DD02A240C01} 8A11F500
Device \Driver\usbehci \Device\USBPDO-7 8A0D5500
Device \Driver\Cdrom \Device\CdRom0 8A205500
Device \Driver\Cdrom \Device\CdRom1 8A205500
Device \Driver\atapi \Device\Ide\IdePort0 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort2 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort3 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort4 8A54C1F8
Device \Driver\atapi \Device\Ide\IdePort5 8A54C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-14 8A54C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-7 8A54C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A11F500
Device \Driver\NetBT \Device\NetbiosSmb 8A11F500
Device \Driver\sptd \Device\2615574634 spsl.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8A303500
Device \Driver\usbuhci \Device\USBFDO-1 8A303500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1F5500
Device \Driver\usbuhci \Device\USBFDO-2 8A303500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1F5500
Device \Driver\usbehci \Device\USBFDO-3 8A0D5500
Device \Driver\usbuhci \Device\USBFDO-4 8A303500
Device \Driver\Ftdisk \Device\FtControl 8A4DD1F8
Device \Driver\usbuhci \Device\USBFDO-5 8A303500
Device \Driver\usbuhci \Device\USBFDO-6 8A303500
Device \Driver\usbehci \Device\USBFDO-7 8A0D5500
Device \Driver\awuu4snu \Device\Scsi\awuu4snu1Port6Path0Target0Lun0 8A233500
Device \Driver\awuu4snu \Device\Scsi\awuu4snu1 8A233500
Device \FileSystem\Cdfs \Cdfs 8A18B500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x47 0x8E 0xE7 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xAC 0x9A 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x5F 0xC9 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x47 0x8E 0xE7 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xAC 0x9A 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x5F 0xC9 0xEF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{754FF845-1AB3-ED00-C8CA-2704F2FD5BBB}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{754FF845-1AB3-ED00-C8CA-2704F2FD5BBB}@eakhgganlm 0x66 0x61 0x65 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{754FF845-1AB3-ED00-C8CA-2704F2FD5BBB}@dabinpan 0x64 0x62 0x6F 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0DFB2F3-B3E7-BE75-DEC4-90EF334E27D0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0DFB2F3-B3E7-BE75-DEC4-90EF334E27D0}@ablnaoogkdjgmomkabjbimkhegcggmgple 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0DFB2F3-B3E7-BE75-DEC4-90EF334E27D0}@bblnaoogkdjgmomkabkphnnmnmddegpopnch 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.15 ----

Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:15:55, on 12/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1c99a8e877ae50a) (gupdate1c99a8e877ae50a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe

--
End of file - 6041 bytes

[Bob4]

_____________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath in there.
If theres is more than one file to scan, insert them 1 at a time.


c:\windows\System32\Drivers\awuu4snu.SYS


Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

You may recieve a message stating "
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

Just let me know if that is what you saw.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html


Post the results for me please.

[NonSuch]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.