I'm the same person from the topic at viewtopic.php?f=12&t=56210. I thought my computer was clean, but apparently something still lingered. Everything was fine for a few days, so much so that I contacted the person who helped me via PM and told him that I was greatful for his help and that everything was great now. As if to punish me for my hubris, the bad behavior returned overnight. For those who didn't read the first thread, here is a rundown of the issue:
1. Google searches are redirecting me to ads
2. When I boot the machine, all I see is a black screen with my mouse cursor. Pressing Ctrl+Alt+Escape lets me bring up task manager. I need to kill explorer.exe and start it again through the run command in task manager to get to my desktop.
3. The Windows Aero effect disables itself without warning; certain visual elements within folders look like they did back in Windows 98/XP rather than the updated Vista look. As an example, the "Browse Folders/Hide Folders" button in a save dialogue is now a square button rather than simply appearing as a link on those windows. Scroll bars are also affected. This is an intermittent problem, there one time the computer is rebooted and fine the next.
4. NEW SYMPTOM - if left alone for a significant period of time, it will open a popup window with an ad of its own accord. There were three open when I looked at the machine this morning. Another had opened since this morning.
I ran MBAM and it found three infections (Rootkit.TDSS.Gen)... let me know if you want me to post that log at any point. In the meantime, here are new DDS and Attach files from a new run of DDS. In anticipation of the question I was asked last time, I would prefer to try to clean the PC than do a completely new operating system installation; I need to leave town the evening of Monday the 18th and will not have time to sufficiently recover from an OS wipe before then (I remote into this machine with GoToMyPC when I am on the road to do some work on some websites, check e-mail, etc.) Thanks in advance for any help anyone can provide!
DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Alex at 12:39:23.03 on Tue 04/12/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.1951 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Alex\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Add to Evernote - e:\program files\evernote\evernote3\enbar.dll/2000
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - e:\program files\evernote\evernote3\enbar.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cbeyond.webex.com/client/T27LC/ ... atgpc1.cab
TCP: {45B82F13-8CAA-44B2-A0BF-232ABD77AF8C} = 68.87.85.102,68.87.69.150
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2304157&q=
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\download manager\npfpdlm.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-26 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-20 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-20 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-20 42184]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-9-26 20328]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-9 22504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
S2 gupdate1ca1ebe79c66296;Google Update Service (gupdate1ca1ebe79c66296);c:\program files\google\update\GoogleUpdate.exe [2009-8-16 133104]
S3 BLKWGDv8;Belkin Wireless G Desktop Card Service v8;c:\windows\system32\drivers\BLKWGDv8.sys [2006-11-18 312832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
.
=============== Created Last 30 ================
.
2011-04-12 03:03:20 -------- d-----w- c:\users\alex\appdata\roaming\BitTorrent
2011-04-09 20:28:02 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-06 03:36:49 -------- d-----w- c:\program files\common files\Futuremark Shared
2011-04-06 03:35:37 -------- d-----w- c:\program files\Futuremark
2011-04-02 05:21:42 -------- d-----w- c:\users\alex\appdata\local\CrashRpt
2011-04-02 05:21:31 -------- d-----w- c:\users\alex\appdata\local\Procaster
2011-04-02 05:21:31 -------- d-----w- c:\program files\Livestream Procaster
2011-03-21 02:05:35 98816 ----a-w- c:\windows\system32\mfps.dll
2011-03-21 02:04:54 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-21 02:04:54 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-21 02:04:53 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-21 02:04:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-21 02:04:53 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-21 02:04:53 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-21 02:04:53 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-20 06:36:25 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-20 06:35:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-20 06:34:57 40648 ----a-w- c:\windows\avastSS.scr
2011-03-20 06:34:53 -------- d-----w- c:\program files\AVAST Software
2011-03-20 06:34:53 -------- d-----w- c:\progra~2\AVAST Software
2011-03-17 01:05:59 -------- d-----w- c:\users\alex\Calibre Library
2011-03-17 01:05:47 -------- d-----w- c:\users\alex\appdata\roaming\calibre
2011-03-17 01:04:24 -------- d-----w- c:\program files\Calibre2
2011-03-15 02:46:25 -------- d-----w- c:\users\alex\appdata\roaming\Trillian
.
==================== Find3M ====================
.
2011-04-06 03:37:30 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-06 03:37:30 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-21 02:05:35 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-02-12 21:17:58 154624 ----a-w- c:\windows\system32\RemoteControl.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\00000067
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8732E439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873347d0]; MOV EAX, [0x8733484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8245D912] -> \Device\Harddisk0\DR0[0x86C91250]
3 CLASSPNP[0x8ADC78B3] -> ntkrnlpa!IofCallDriver[0x8245D912] -> [0x861F5F08]
5 acpi[0x82B376BC] -> ntkrnlpa!IofCallDriver[0x8245D912] -> [0x861FABF8]
\Driver\nvstor32[0x86F9A808] -> IRP_MJ_CREATE -> 0x8732E439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000066 -> \??\SCSI#Disk&Ven_WDC_WD16&Prod_00JB-00GVC0#4&3bad3e4&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85d251f8
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 12:41:07.36 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2009 10:18:34 PM
System Uptime: 4/12/2011 12:33:42 PM (0 hours ago)
.
Motherboard: ECS-USA | | GeForce6100PM-M2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 55.204 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 466 GiB total, 286.539 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 487.722 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 466 GiB total, 265.639 GiB free.
I: is FIXED (NTFS) - 1863 GiB total, 861.578 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Belkin Wireless G Desktop Card
Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Manufacturer: Belkin Corporation
Name: Belkin Wireless G Desktop Card
PNP Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Service: BLKWGDv8
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
TWiT TV
"Champetre" template for ConvertXToDVD 3
"Christmas" template for ConvertXToDVD 3
"Film" template for ConvertXToDVD 3
Über Jedi Mod Manager
3DMark06
ABC Amber LIT Converter
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 7
Aimersoft Video Studio Express(Build 1.2.0.25)
Air Video Server 2.4.1
AJScreensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AudibleManager
AudioShell 1.3.5
Audiosurf
Auto Gordian Knot 2.55
avast! Free Antivirus
AviSynth 2.5
Barnes & Noble Desktop Reader
Battlefield 2 Complete Collection
Battlefield 2142
Beyond the Red Line
BIMP Lite 1.62
BioShock 2
Black and White
BlockCAD 3.19
Bonjour
calibre
Call of Duty 4: Modern Warfare
CamStudio
Camtasia Studio 6
Celestia 1.6.0
Comparator
ConvertXtoDVD 3.8.0.193f
Cook'n & Grill'n
CPUID CPU-Z 1.57
Crysis(R)
dBpowerAMP Music Converter
Descent and Descent 2
Descent Manager Tools
Doctor Who - The Adventure Games 3.0
Download Manager 2.3.9
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
Easy Video Splitter 1.28
Enemy Territory - Quake Wars(TM)
ESET Online Scanner v3
Evernote
Far Cry
FeedForAll v2.0
FileZilla Client 3.3.4.1
Flash Slideshow Maker Pro 5.00
Fraps (remove only)
Free M4a to MP3 Converter 6.1
FreeSpace 2
Futuremark SystemInfo
GameShadow
GameSpy Arcade
GameSpy Comrade
Garry's Mod
GOG.com Downloader
GoldWave v5.22
GoldWave v5.52
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphing Calculator 3D 3.1
Half-Life
Half-Life: Blue Shift
HandBrake 0.9.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Casino
ImgBurn
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Jeopardy! 2003
Knight
LAME v3.98.2 for Audacity
Left 4 Dead
Left 4 Dead 2
Livestream Procaster
Logitech QuickCam
Logitech QuickCam Driver Package
LucasArts' Jedi Knight
LucasArts' X-Wing Alliance
Malwarebytes' Anti-Malware
MechWarrior 3
MechWarrior 3 Pirate's Moon
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.5.18)
MSVCRT Redists
NET Installation Assistance for VB6 App (Runtime Only)
Notepad++
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Opposing Force
PageNest
Pamela Pro 4.7
PDF Settings
Peggle Deluxe 1.0
Photo Story 3 for Windows
Poker Night at the Inventory
Portal
PowerISO
Pradis 6: Understanding the Bible Library 6.0
Prey
Psychonauts
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Safari
Scrabble 2
Scrivener for Windows Beta
SecondLife (remove only)
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Silent Hunter III
Silent Hunter Wolves of the Pacific
Skype Toolbars
Skype™ 5.1
Space Quest Collection(TM)
SpaceBattle ScreenSaver 3.1
SpeedFan (remove only)
Star Trek Elite Force II
Star Trek Legacy
Star Trek: Armada
Star Wars Battlefront
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars Jedi Knight: Mysteries of the Sith
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Star Wars Republic Commando
Star Wars Starfighter
Starcraft
Steam
Subtitle Workshop 2.51
SUPERAntiSpyware Free Edition
System Requirements Lab
Tag - IGF Professional 2008
TalkShoe Live! 2.0
Tardis Screensaver- Widescreen
The Sims Complete Collection
TightVNC 2.0.2
TortoiseSVN 1.6.7.18415 (32 bit)
Trillian
TweetDeck
TWiT Live Desktop
Ultimate Extras sounds from Microsoft® Tinker™
UltraLott Powerball and Mega Millions 1.2.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Vegas Pro 10.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
WAV to MP3 Encoder
WebEx
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Sound Schemes
WinHTTrack Website Copier 3.43-9C
WinPatrol
WinRAR archiver
WordWeb
Xfire (remove only)
XfireXO Toolbar
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 3:59:50 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
4/9/2011 3:05:28 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/9/2011 2:37:09 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
4/9/2011 2:23:12 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort1.
4/12/2011 12:37:51 PM, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.
4/12/2011 12:37:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
4/12/2011 12:36:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
4/12/2011 12:35:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
4/12/2011 12:05:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
.
==== End Of File ===========================