URGENT!! Windows services not working!!

[mushyme8]

I'm not sure if this is in the right forum section, as I just registered. I'll move if necessary. But stuff like Security Center, Security Essentials, Windows Update, System Restore, Hard Drive Backup, Windows Installer etc. All of it isn't working!

Installed in terms of antivirus etc.: MalwareBytes, Advanced SystemCare and Ad-Aware. Help!!!!

 

[mushyme8]

Forgot to Mention: Running Windows Vista 32 bit OS. Please reply ASAP!!!

 

[johnb35]

Is this a fresh install of windows? Are you having any other signs of possible malware issue?

Can you download and run anything?

 

[mushyme8]

Nope, this is on a laptop I've had for a couple of years. Compaq Presario A900.

 

[mushyme8]

Also, I'm having a redirect problem, when I click a link, it goes to a random site: different every time. If I refresh before the redirect, then it loads. HELP!!!

 

[johnb35]

I thought so, Please do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[mushyme8]

tdsskiller log:

2011/06/01 22:24:30.0873 1804 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/01 22:24:32.0012 1804 ================================================================================
2011/06/01 22:24:32.0012 1804 SystemInfo:
2011/06/01 22:24:32.0012 1804
2011/06/01 22:24:32.0012 1804 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/01 22:24:32.0012 1804 Product type: Workstation
2011/06/01 22:24:32.0013 1804 ComputerName: WILLIAMDU
2011/06/01 22:24:32.0013 1804 UserName: William
2011/06/01 22:24:32.0013 1804 Windows directory: C:\Windows
2011/06/01 22:24:32.0013 1804 System windows directory: C:\Windows
2011/06/01 22:24:32.0013 1804 Processor architecture: Intel x86
2011/06/01 22:24:32.0013 1804 Number of processors: 2
2011/06/01 22:24:32.0013 1804 Page size: 0x1000
2011/06/01 22:24:32.0013 1804 Boot type: Normal boot
2011/06/01 22:24:32.0013 1804 ================================================================================
2011/06/01 22:24:33.0106 1804 Initialize success
2011/06/01 22:24:36.0508 3980 ================================================================================
2011/06/01 22:24:36.0508 3980 Scan started
2011/06/01 22:24:36.0508 3980 Mode: Manual;
2011/06/01 22:24:36.0508 3980 ================================================================================
2011/06/01 22:24:37.0764 3980 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/01 22:24:37.0834 3980 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/01 22:24:37.0902 3980 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/01 22:24:37.0990 3980 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/01 22:24:38.0048 3980 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/01 22:24:38.0122 3980 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/06/01 22:24:38.0184 3980 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/01 22:24:38.0238 3980 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/01 22:24:38.0316 3980 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/01 22:24:38.0352 3980 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/01 22:24:38.0400 3980 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/01 22:24:38.0439 3980 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/01 22:24:38.0497 3980 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/01 22:24:38.0661 3980 ApfiltrService (3a2154b4f22af4771f40b8f2fc7dbbf6) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/01 22:24:38.0716 3980 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/01 22:24:38.0771 3980 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/01 22:24:38.0861 3980 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/01 22:24:38.0905 3980 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/01 22:24:39.0012 3980 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/01 22:24:39.0083 3980 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/01 22:24:39.0220 3980 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/01 22:24:39.0273 3980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/01 22:24:39.0331 3980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/01 22:24:39.0394 3980 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/01 22:24:39.0453 3980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/01 22:24:39.0502 3980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/01 22:24:39.0540 3980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/01 22:24:39.0580 3980 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/01 22:24:39.0630 3980 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/01 22:24:39.0680 3980 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/01 22:24:39.0722 3980 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/01 22:24:39.0772 3980 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/01 22:24:39.0834 3980 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/01 22:24:39.0874 3980 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/01 22:24:39.0932 3980 CnxtHdAudService (2e39f9c51912f4f211b0334aed33e7bd) C:\Windows\system32\drivers\CHDRT32.sys
2011/06/01 22:24:39.0978 3980 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/01 22:24:40.0134 3980 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/01 22:24:40.0176 3980 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/01 22:24:40.0271 3980 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/06/01 22:24:40.0397 3980 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/01 22:24:40.0450 3980 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/01 22:24:40.0495 3980 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
2011/06/01 22:24:40.0569 3980 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/01 22:24:40.0653 3980 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/06/01 22:24:40.0697 3980 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/01 22:24:40.0807 3980 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/01 22:24:40.0874 3980 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/01 22:24:40.0994 3980 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/01 22:24:41.0054 3980 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/01 22:24:41.0108 3980 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/01 22:24:41.0167 3980 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/01 22:24:41.0223 3980 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/01 22:24:41.0262 3980 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/01 22:24:41.0351 3980 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/01 22:24:41.0410 3980 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/01 22:24:41.0458 3980 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/01 22:24:41.0550 3980 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/01 22:24:41.0612 3980 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/06/01 22:24:41.0659 3980 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/06/01 22:24:41.0723 3980 HdAudAddService (a1be5a64ddcb0880301cf860be3f0a07) C:\Windows\system32\drivers\CHDART.sys
2011/06/01 22:24:41.0797 3980 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/01 22:24:41.0852 3980 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/01 22:24:41.0890 3980 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/01 22:24:41.0947 3980 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/01 22:24:41.0990 3980 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/01 22:24:42.0032 3980 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/06/01 22:24:42.0114 3980 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/01 22:24:42.0251 3980 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/01 22:24:42.0369 3980 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/01 22:24:42.0471 3980 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/06/01 22:24:42.0652 3980 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/01 22:24:42.0799 3980 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/01 22:24:43.0173 3980 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/01 22:24:43.0388 3980 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/01 22:24:43.0559 3980 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/01 22:24:43.0930 3980 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/01 22:24:44.0175 3980 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/01 22:24:44.0267 3980 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/01 22:24:44.0327 3980 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/01 22:24:44.0400 3980 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/01 22:24:44.0485 3980 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/01 22:24:44.0541 3980 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/01 22:24:44.0585 3980 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/01 22:24:44.0626 3980 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/01 22:24:44.0685 3980 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/01 22:24:44.0727 3980 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/01 22:24:44.0759 3980 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/01 22:24:44.0802 3980 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/01 22:24:44.0834 3980 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/01 22:24:44.0935 3980 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/01 22:24:45.0107 3980 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/06/01 22:24:45.0341 3980 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/06/01 22:24:45.0394 3980 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/01 22:24:45.0507 3980 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/01 22:24:45.0569 3980 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/01 22:24:45.0656 3980 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/01 22:24:45.0722 3980 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/01 22:24:45.0782 3980 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/01 22:24:45.0834 3980 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/01 22:24:45.0913 3980 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/01 22:24:45.0965 3980 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/01 22:24:46.0013 3980 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/01 22:24:46.0061 3980 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/01 22:24:46.0109 3980 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/01 22:24:46.0156 3980 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/01 22:24:46.0522 3980 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/01 22:24:46.0596 3980 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/01 22:24:46.0674 3980 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/01 22:24:46.0737 3980 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/01 22:24:46.0803 3980 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/01 22:24:46.0858 3980 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/01 22:24:46.0886 3980 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/01 22:24:46.0920 3980 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/01 22:24:46.0968 3980 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/01 22:24:47.0043 3980 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/01 22:24:47.0095 3980 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/01 22:24:47.0174 3980 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/01 22:24:47.0203 3980 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/01 22:24:47.0223 3980 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/01 22:24:47.0287 3980 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/01 22:24:47.0341 3980 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/01 22:24:47.0392 3980 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/01 22:24:47.0427 3980 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/01 22:24:47.0501 3980 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/01 22:24:47.0568 3980 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/01 22:24:47.0635 3980 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/01 22:24:47.0678 3980 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/01 22:24:47.0719 3980 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/01 22:24:47.0752 3980 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/01 22:24:47.0779 3980 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/01 22:24:47.0832 3980 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/01 22:24:48.0096 3980 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/06/01 22:24:48.0445 3980 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/01 22:24:49.0035 3980 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/06/01 22:24:49.0272 3980 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/01 22:24:49.0332 3980 nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\Windows\system32\drivers\nhcDriver.sys
2011/06/01 22:24:49.0424 3980 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/01 22:24:49.0520 3980 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
2011/06/01 22:24:49.0588 3980 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/01 22:24:49.0643 3980 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2011/06/01 22:24:49.0696 3980 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/01 22:24:49.0799 3980 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/01 22:24:49.0900 3980 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/01 22:24:49.0941 3980 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/01 22:24:49.0998 3980 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/01 22:24:50.0034 3980 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/01 22:24:50.0075 3980 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/01 22:24:50.0217 3980 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/01 22:24:50.0299 3980 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/01 22:24:50.0330 3980 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/01 22:24:50.0367 3980 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/01 22:24:50.0417 3980 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/01 22:24:50.0474 3980 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/01 22:24:50.0564 3980 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/01 22:24:50.0647 3980 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/01 22:24:50.0763 3980 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/01 22:24:50.0802 3980 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/01 22:24:50.0870 3980 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/01 22:24:50.0973 3980 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/01 22:24:51.0019 3980 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/01 22:24:51.0085 3980 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/01 22:24:51.0133 3980 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/01 22:24:51.0182 3980 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/01 22:24:51.0213 3980 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/01 22:24:51.0249 3980 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/01 22:24:51.0287 3980 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/01 22:24:51.0334 3980 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/01 22:24:51.0396 3980 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/01 22:24:51.0455 3980 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/01 22:24:51.0495 3980 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/01 22:24:51.0594 3980 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/01 22:24:51.0638 3980 RTL8023xp (8de22fb05e4a0f797b1e442eb4b3b51c) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/06/01 22:24:51.0686 3980 RTSTOR (68180821fedebb2b373d83a2d8e4e16a) C:\Windows\system32\drivers\RTSTOR.SYS
2011/06/01 22:24:51.0737 3980 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/01 22:24:51.0787 3980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/01 22:24:51.0831 3980 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/01 22:24:51.0874 3980 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/01 22:24:51.0929 3980 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/01 22:24:51.0985 3980 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/01 22:24:52.0027 3980 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/01 22:24:52.0075 3980 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/01 22:24:52.0124 3980 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/01 22:24:52.0181 3980 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/01 22:24:52.0223 3980 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/01 22:24:52.0271 3980 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/01 22:24:52.0365 3980 Smb (5dafe376998d970cb87135a83424e67f) C:\Windows\system32\DRIVERS\smb.sys
2011/06/01 22:24:52.0374 3980 Smb - detected Rootkit.Win32.ZAccess.c (0)
2011/06/01 22:24:52.0475 3980 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/06/01 22:24:52.0521 3980 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/01 22:24:52.0604 3980 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/01 22:24:52.0605 3980 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/01 22:24:52.0610 3980 sptd - detected LockedFile.Multi.Generic (1)
2011/06/01 22:24:52.0678 3980 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/06/01 22:24:52.0743 3980 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/01 22:24:52.0794 3980 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/01 22:24:52.0850 3980 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/01 22:24:52.0893 3980 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/01 22:24:52.0989 3980 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/01 22:24:53.0043 3980 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/01 22:24:53.0214 3980 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
2011/06/01 22:24:53.0269 3980 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/01 22:24:53.0313 3980 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/01 22:24:53.0364 3980 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/01 22:24:53.0408 3980 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/01 22:24:53.0452 3980 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/01 22:24:53.0489 3980 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/01 22:24:53.0560 3980 TPkd (409a577fd5781c717e55a28717514c58) C:\Windows\system32\drivers\TPkd.sys
2011/06/01 22:24:53.0629 3980 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/01 22:24:53.0677 3980 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/01 22:24:53.0729 3980 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/01 22:24:53.0768 3980 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/01 22:24:53.0836 3980 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/01 22:24:53.0915 3980 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/01 22:24:53.0982 3980 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/01 22:24:54.0030 3980 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/01 22:24:54.0074 3980 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/01 22:24:54.0131 3980 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/01 22:24:54.0180 3980 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/01 22:24:54.0252 3980 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/01 22:24:54.0307 3980 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/06/01 22:24:54.0343 3980 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/01 22:24:54.0414 3980 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/01 22:24:54.0478 3980 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/01 22:24:54.0551 3980 usbhub (c2beb0929e18adf60344c66398e36526) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/01 22:24:54.0575 3980 usbhub - detected Rootkit.Win32.ZAccess.c (0)
2011/06/01 22:24:54.0609 3980 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/01 22:24:54.0665 3980 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/01 22:24:54.0742 3980 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/01 22:24:54.0793 3980 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/01 22:24:54.0829 3980 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/01 22:24:54.0885 3980 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/01 22:24:54.0952 3980 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/01 22:24:55.0003 3980 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/01 22:24:55.0037 3980 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/01 22:24:55.0072 3980 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/01 22:24:55.0104 3980 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/01 22:24:55.0150 3980 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/01 22:24:55.0217 3980 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/01 22:24:55.0265 3980 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/01 22:24:55.0306 3980 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/01 22:24:55.0372 3980 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/01 22:24:55.0447 3980 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/01 22:24:55.0473 3980 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/01 22:24:55.0537 3980 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/01 22:24:55.0623 3980 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/01 22:24:55.0734 3980 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/01 22:24:55.0863 3980 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/01 22:24:55.0938 3980 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/01 22:24:56.0032 3980 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/01 22:24:56.0109 3980 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/01 22:24:56.0148 3980 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/01 22:24:56.0406 3980 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
2011/06/01 22:24:56.0482 3980 ================================================================================
2011/06/01 22:24:56.0482 3980 Scan finished
2011/06/01 22:24:56.0482 3980 ================================================================================
2011/06/01 22:24:56.0494 2008 Detected object count: 3
2011/06/01 22:24:56.0494 2008 Actual detected object count: 3
2011/06/01 22:25:03.0281 2008 Smb (5dafe376998d970cb87135a83424e67f) C:\Windows\system32\DRIVERS\smb.sys
2011/06/01 22:25:11.0797 2008 Backup copy not found, trying to cure infected file..
2011/06/01 22:25:11.0797 2008 C:\Windows\system32\DRIVERS\smb.sys - Cure failed (FFFFFFFF)
2011/06/01 22:25:11.0797 2008 C:\Windows\system32\DRIVERS\smb.sys - processing error
2011/06/01 22:25:11.0797 2008 Rootkit.Win32.ZAccess.c(Smb) - User select action: Cure
2011/06/01 22:25:11.0798 2008 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/01 22:25:11.0929 2008 usbhub (c2beb0929e18adf60344c66398e36526) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/01 22:25:12.0494 2008 Backup copy found, using it..
2011/06/01 22:25:12.0553 2008 C:\Windows\system32\DRIVERS\usbhub.sys - will be cured after reboot
2011/06/01 22:25:12.0553 2008 Rootkit.Win32.ZAccess.c(usbhub) - User select action: Cure
2011/06/01 22:25:17.0889 4080 Deinitialize success



malware bytes log (i ran the scan with my own malware bytes, downloaded from the same site just weeks ago. i just updated as well)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6701

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

1/06/2011 10:39:31 PM
mbam-log-2011-06-01 (22-39-31).txt

Scan type: Quick scan
Objects scanned: 172212
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{650BE2A4-3A6F-6C69-69E0-9BB14349172E} (Trojan.ZbotR.Gen) -> Value: {650BE2A4-3A6F-6C69-69E0-9BB14349172E} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\William\AppData\Roaming\Efuqok\tyexa.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.


Then I got the blue screen of death =(



After I booted again, I ran the last one:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:46:15 PM, on 1/06/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\System32\wpcumi.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Prize Live Toolbar BHO - {a4d3eb65-a437-449e-b7ef-203afb312f46} - mscoree.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Prize Live Toolbar - {594d6baf-faa1-4ff1-beff-e4f1674c22c5} - mscoree.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [{650BE2A4-3A6F-6C69-69E0-9BB14349172E}] C:\Users\William\AppData\Roaming\Efuqok\tyexa.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.23.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/openapi/receivers/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SophosCleanupTool - Sophos Group - C:\Program Files\Sophos\Sophos confic-a Cleanup Tool\service.sys
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12426 bytes




I also get some Security Client on startup, with error code: 0x8007064e

 

[johnb35]

You aren't running the latest version of malwarebytes. Please update it and rerun the scan. However, please run this first.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  http://www.bleepingcomputer.com/download/anti-virus/combofix
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[SoMeAm]

Hi,

Mushyme8, you are in the right place for your issue. John, I mentioned you in our staff meeting. Your work on this Forum is amazing, and I have advised others to come here for virus/malware issues.

Thanks again,

Priscilla

 

[mushyme8]

ComboFix Log:

ComboFix 11-06-01.05 - William 02/06/2011 15:49:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2037.737 [GMT 10:00]
Running from: c:\users\William\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100819.txt
c:\cflog\CrashLog_20100820.txt
c:\cflog\CrashLog_20101024.txt
c:\programdata\install\1.reg
c:\users\William\AppData\Roaming\chrtmp
c:\users\William\AppData\Roaming\Efuqok\tyexa.exe
c:\users\William\ComboFix.exe
c:\users\William\Logo.png
c:\users\William\tdsskiller.exe
c:\users\William\TRON Legacy {2010} DVDRIP. Jaybob .avi
c:\users\William\videos\Battlefunds-Generator-v3.exe
c:\users\William\videos\lolBattlefunds-Generator-v3.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\KBL.LOG
c:\windows\system32\server.log
c:\windows\system32\system
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6000.20864_none_b4e76b3f31dd2ea8\infocard.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2030-08-29 13:22 . 2030-08-29 13:22 56832 ------w- c:\windows\system32\iyvu9_32.dll
2030-08-29 13:22 . 2030-08-29 13:22 143872 ------w- c:\windows\system32\iacenc.dll
2011-06-01 12:45 . 2011-06-01 12:45 388096 ----a-r- c:\users\William\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-01 12:45 . 2011-06-01 12:45 -------- d-----w- c:\program files\Trend Micro
2011-06-01 12:40 . 2011-06-01 12:40 1402880 ----a-w- c:\users\William\HiJackThis.msi
2011-05-31 13:44 . 2011-05-31 13:59 -------- dc----w- C:\WINSSLog
2011-05-31 13:19 . 2011-06-01 12:39 -------- d-----w- c:\users\William\AppData\Roaming\Efuqok
2011-05-31 13:19 . 2011-06-01 09:17 -------- d-----w- c:\users\William\AppData\Roaming\Iqir
2011-05-29 11:19 . 2011-05-29 11:19 -------- d-----w- c:\users\William\AppData\Roaming\NCH Swift Sound
2011-05-29 11:19 . 2011-05-29 11:19 -------- d-----w- c:\programdata\NCH Swift Sound
2011-05-29 11:19 . 2011-05-29 11:19 -------- d-----w- c:\program files\NCH Swift Sound
2011-05-26 15:22 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-26 15:22 . 2009-09-04 07:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-05-26 15:22 . 2011-05-26 15:22 -------- d-----w- c:\windows\system32\xlive
2011-05-26 15:22 . 2011-05-27 17:03 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-05-26 15:18 . 2011-05-26 15:18 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-05-26 15:18 . 2011-05-26 15:20 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-05-26 15:15 . 2011-05-26 15:15 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-05-26 15:15 . 2011-05-26 15:20 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-05-26 15:15 . 2011-05-26 15:15 -------- d-----w- c:\program files\Microsoft SDKs
2011-05-26 15:05 . 2008-11-13 02:28 2560 ----a-w- c:\windows\system32\msimsg.dll
2011-05-26 15:05 . 2008-11-13 04:50 332800 ----a-w- c:\windows\system32\msihnd.dll
2011-05-26 15:05 . 2008-11-13 04:50 2241536 ----a-w- c:\windows\system32\msi.dll
2011-05-26 15:05 . 2008-11-13 04:50 16384 ----a-w- c:\windows\system32\msisip.dll
2011-05-26 15:05 . 2008-11-13 04:49 73216 ----a-w- c:\windows\system32\msiexec.exe
2011-05-26 13:22 . 2010-02-04 00:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-05-26 13:22 . 2010-02-04 00:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-05-26 13:22 . 2010-02-04 00:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-05-26 13:22 . 2010-02-04 00:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-05-26 13:22 . 2009-03-09 05:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-05-26 13:22 . 2007-04-04 08:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-05-26 13:22 . 2007-03-12 06:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-05-26 13:22 . 2011-05-26 13:22 -------- d-----w- c:\program files\Microsoft XNA
2011-05-25 12:53 . 2011-05-25 12:53 -------- d-----w- c:\program files\CoffeeTycoon_at
2011-05-21 17:17 . 2010-07-01 07:49 -------- d-----w- c:\program files\CyberLink - Copy
2011-05-20 23:29 . 2011-05-20 23:29 15876 ----a-w- c:\users\William\BACKUP.reg
2011-05-19 13:06 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FE6847E-BDFE-48DA-9CA7-263695E18961}\mpengine.dll
2011-05-11 12:24 . 2011-05-11 12:24 507392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{2E3A551E-016C-410B-B975-B108E7B6BD7E}-Gen v1.22.4.exe
2011-05-11 07:53 . 2011-05-11 07:53 -------- d-----w- c:\users\William\AppData\Local\Geckofx
2011-05-11 07:51 . 2011-05-11 07:51 -------- d-----w- c:\program files\AviSynth 2.5
2011-05-11 07:49 . 2011-05-11 07:49 -------- d-----w- c:\program files\Red Kawa
2011-05-11 05:12 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 13:14 . 2011-05-09 12:52 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-09 12:52 . 2011-05-09 12:52 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-09 12:47 . 2011-04-29 02:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-09 12:47 . 2011-05-09 12:47 -------- d-----w- c:\program files\Lavasoft
2011-05-09 12:47 . 2011-05-09 12:47 -------- d-----w- c:\programdata\Lavasoft
2011-05-08 21:42 . 2011-05-08 21:42 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-08 21:42 . 2011-05-08 21:42 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-08 21:42 . 2011-05-08 21:42 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-08 21:42 . 2011-05-08 21:42 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-08 21:42 . 2011-05-08 21:42 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-08 21:42 . 2011-05-08 21:42 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-08 21:42 . 2011-05-08 21:42 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-08 21:42 . 2011-05-08 21:42 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-06 10:27 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-06 10:27 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-06 10:26 . 2011-05-06 10:26 -------- d-----w- c:\program files\iPod
2011-05-06 10:26 . 2011-05-06 10:27 -------- d-----w- c:\program files\iTunes
2011-05-06 10:24 . 2011-05-06 10:24 -------- d-----w- c:\program files\Bonjour
2011-05-05 05:57 . 2011-05-05 06:13 -------- d-----w- c:\windows\system32\world
2011-05-03 08:04 . 2011-05-28 23:09 -------- d-----w- c:\users\William\AppData\Roaming\skypePM
2011-05-03 08:04 . 2011-05-28 13:30 -------- d-----w- c:\programdata\Skype Extras
2011-05-03 08:02 . 2011-05-28 23:10 -------- d-----w- c:\users\William\AppData\Roaming\Skype
2011-05-03 08:02 . 2011-05-03 08:02 -------- d-----w- c:\program files\Common Files\Skype
2011-05-03 08:02 . 2011-05-03 08:02 -------- d-----r- c:\program files\Skype
2011-05-03 08:02 . 2011-05-03 08:02 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-01 12:26 . 2010-08-11 06:04 194560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-31 13:20 . 2011-03-10 20:46 133120 ----a-w- c:\windows\system32\drivers\smb.sys
2011-05-28 23:11 . 2011-03-10 13:22 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 23:11 . 2011-03-10 13:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 06:59 . 2010-07-09 12:04 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2011-04-29 13:15 . 2011-04-29 13:16 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{963A4107-8B32-499C-9B9E-186152C974C2}\gapaengine.dll
2011-04-14 07:47 . 2011-04-14 07:47 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-04-10 14:04 . 2011-04-30 11:58 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-09 08:55 . 2011-04-09 08:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 08:55 . 2011-04-09 08:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 21:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-03-10 21:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-03-10 16:12 . 2011-04-28 13:50 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-28 13:50 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 11:50 . 2011-03-09 11:50 65536 ----a-r- c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-09 11:50 . 2011-03-09 11:50 65536 ----a-r- c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-09 11:50 . 2011-03-09 11:50 65536 ----a-r- c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2011-05-08 21:42 . 2011-05-08 21:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-24 212992]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-28 202032]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 15:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchFreeze]
2005-04-29 05:15 45056 ----a-w- c:\program files\TouchFreeze\TouchFreeze.exe
.
R1 MpKsl212f0f8f;MpKsl212f0f8f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2CD9590-BA2B-4CD7-833F-2596B18B6D30}\MpKsl212f0f8f.sys [x]
R1 MpKsl330ab594;MpKsl330ab594;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FE6847E-BDFE-48DA-9CA7-263695E18961}\MpKsl330ab594.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
R3 apf001;apf001;c:\program files\SoftnyxGame\WolfTeamIS\apf001.sys [x]
R3 cpuz130;cpuz130; [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-08-03 23456]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-28 39984]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-23 3425416]
R3 SophosCleanupTool;SophosCleanupTool;c:\program files\Sophos\Sophos confic-a Cleanup Tool\service.sys [2010-03-01 148720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva358;XDva358;c:\windows\system32\XDva358.sys [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva361;XDva361;c:\windows\system32\XDva361.sys [x]
R3 XDva362;XDva362;c:\windows\system32\XDva362.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-01 691696]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-26 04:11]
.
2011-05-29 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-07-09 01:08]
.
2011-05-20 c:\windows\Tasks\HPCeeScheduleForWilliam.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-13 19:58]
.
2011-06-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-05-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-05-29 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-08-07 08:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
FF - ProfilePath - c:\users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owvv43w0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-{650BE2A4-3A6F-6C69-69E0-9BB14349172E} - c:\users\William\AppData\Roaming\Efuqok\tyexa.exe
SafeBoot-25481015.sys
SafeBoot-MsMpSvc
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.smb]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2246853073-2034409028-415395374-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{796562E3-8B6B-6B71-9356-E198764F19F3}*]
"famclbajicpl"=hex:66,61,6c,6f,62,64,6a,69,6b,63,70,6c,00,ff
.
[HKEY_USERS\S-1-5-21-2246853073-2034409028-415395374-1003\Software\SecuROM\License information*]
"datasecu"=hex:2a,e3,27,ef,d9,13,1f,d5,9a,98,bb,eb,b4,03,f2,a8,9a,eb,20,4f,6e,
3f,38,5a,4d,9d,86,5c,8b,d3,94,21,5f,a3,a3,ea,d4,1a,06,0e,a8,f0,9d,75,d9,95,\
"rkeysecu"=hex:77,3a,a8,a7,7f,6c,7e,2e,17,5a,c7,51,f2,45,da,df
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\windows\system32\WerFault.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-06-02 16:13:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-02 06:13
.
Pre-Run: 16,625,184,768 bytes free
Post-Run: 20,904,386,560 bytes free
.
- - End Of File - - D64C6C1C6A2DD9EC6D43C28DDEC5EC2D



SIDENOTE:
After I finished the scan, nothing worked, not even explorer.exe
It always said something about this process running on a registry key marked for deletion.
I tried to reboot it again, and then it was fine.



New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:44:08 PM, on 2/06/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Prize Live Toolbar BHO - {a4d3eb65-a437-449e-b7ef-203afb312f46} - mscoree.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Prize Live Toolbar - {594d6baf-faa1-4ff1-beff-e4f1674c22c5} - mscoree.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.23.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/openapi/receivers/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SophosCleanupTool - Sophos Group - C:\Program Files\Sophos\Sophos confic-a Cleanup Tool\service.sys
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11496 bytes





My computer is doing okay, but I get this security client message on startup with error code: 0x8007064e

The blue screens have generally stopped I think, I used to get like once every few hours.

I'll re-run the MalwareBytes scan soon. I updated to new one. Sorry about the inconvenience. Thanks for all your help so far, I couldn't have done anything without you. =)

 

[mushyme8]

Ah wait, forgot to mention. I think the redirect problem is still here.

 

[johnb35]

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Driver::
XDva358
XDva359
XDva361
XDva362
XDva370
XDva379
XDva382
MpKsl212f0f8f
MpKsl330ab594

Folder::
c:\users\William\AppData\Roaming\Efuqok
c:\users\William\AppData\Roaming\Iqir

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.



Then navigate to C:\qoobox and in that folder will be a file named "add-remove programs.txt" Please open that file and then copy and paste the contents in your next reply.

 

[mushyme8]

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6758

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

3/06/2011 7:55:12 PM
mbam-log-2011-06-03 (19-55-12).txt

Scan type: Quick scan
Objects scanned: 172778
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




That was an updated version of MalwareBytes. Following your new instructions now.

 

[mushyme8]

New ComboFix log (after downloading again)


ComboFix 11-06-03.02 - William 03/06/2011 20:16:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2037.1007 [GMT 10:00]
Running from: c:\users\William\ComboFix.exe
Command switches used :: c:\users\William\Downloads\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\William\AppData\Roaming\Efuqok
c:\users\William\AppData\Roaming\Iqir
c:\users\William\ComboFix.exe
c:\users\William\Minecraft_Server.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6000.20864_none_b4e76b3f31dd2ea8\infocard.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL212F0F8F
-------\Legacy_MPKSL330AB594
-------\Legacy_XDVA358
-------\Legacy_XDVA359
-------\Legacy_XDVA361
-------\Legacy_XDVA362
-------\Legacy_XDVA370
-------\Legacy_XDVA379
-------\Legacy_XDVA382
-------\Service_MpKsl212f0f8f
-------\Service_MpKsl330ab594
-------\Service_XDva358
-------\Service_XDva359
-------\Service_XDva361
-------\Service_XDva362
-------\Service_XDva370
-------\Service_XDva379
-------\Service_XDva382
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2030-08-29 13:22 . 2030-08-29 13:22 56832 ------w- c:\windows\system32\iyvu9_32.dll
2030-08-29 13:22 . 2030-08-29 13:22 143872 ------w- c:\windows\system32\iacenc.dll
2011-06-03 10:32 . 2011-06-03 10:32 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-06-03 10:32 . 2011-06-03 10:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 13:16 . 2011-06-02 13:21 -------- d-----w- c:\users\William\world
2011-06-01 12:45 . 2011-06-01 12:45 388096 ----a-r- c:\users\William\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-01 12:45 . 2011-06-01 12:45 -------- d-----w- c:\program files\Trend Micro
2011-06-01 12:40 . 2011-06-01 12:40 1402880 ----a-w- c:\users\William\HiJackThis.msi
2011-05-31 13:44 . 2011-05-31 13:59 -------- dc----w- C:\WINSSLog
2011-05-29 11:19 . 2011-05-29 11:19 -------- d-----w- c:\users\William\AppData\Roaming\NCH Swift Sound
2011-05-29 11:19 . 2011-05-29 11:19 -------- d-----w- c:\programdata\NCH Swift Sound
2011-05-29 11:19 . 2011-05-29 11:19 -------- d-----w- c:\program files\NCH Swift Sound
2011-05-26 15:22 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-26 15:22 . 2009-09-04 07:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-05-26 15:22 . 2011-05-26 15:22 -------- d-----w- c:\windows\system32\xlive
2011-05-26 15:22 . 2011-05-27 17:03 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-05-26 15:18 . 2011-05-26 15:18 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-05-26 15:18 . 2011-05-26 15:20 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-05-26 15:15 . 2011-05-26 15:15 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-05-26 15:15 . 2011-05-26 15:20 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-05-26 15:15 . 2011-05-26 15:15 -------- d-----w- c:\program files\Microsoft SDKs
2011-05-26 15:05 . 2008-11-13 02:28 2560 ----a-w- c:\windows\system32\msimsg.dll
2011-05-26 15:05 . 2008-11-13 04:50 332800 ----a-w- c:\windows\system32\msihnd.dll
2011-05-26 15:05 . 2008-11-13 04:50 2241536 ----a-w- c:\windows\system32\msi.dll
2011-05-26 15:05 . 2008-11-13 04:50 16384 ----a-w- c:\windows\system32\msisip.dll
2011-05-26 15:05 . 2008-11-13 04:49 73216 ----a-w- c:\windows\system32\msiexec.exe
2011-05-26 13:22 . 2010-02-04 00:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-05-26 13:22 . 2010-02-04 00:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-05-26 13:22 . 2010-02-04 00:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-05-26 13:22 . 2010-02-04 00:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-05-26 13:22 . 2009-03-09 05:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-05-26 13:22 . 2007-04-04 08:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-05-26 13:22 . 2007-03-12 06:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-05-26 13:22 . 2011-05-26 13:22 -------- d-----w- c:\program files\Microsoft XNA
2011-05-25 12:53 . 2011-05-25 12:53 -------- d-----w- c:\program files\CoffeeTycoon_at
2011-05-21 17:17 . 2010-07-01 07:49 -------- d-----w- c:\program files\CyberLink - Copy
2011-05-20 23:29 . 2011-05-20 23:29 15876 ----a-w- c:\users\William\BACKUP.reg
2011-05-19 13:06 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FE6847E-BDFE-48DA-9CA7-263695E18961}\mpengine.dll
2011-05-11 12:24 . 2011-05-11 12:24 507392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{2E3A551E-016C-410B-B975-B108E7B6BD7E}-Gen v1.22.4.exe
2011-05-11 07:53 . 2011-05-11 07:53 -------- d-----w- c:\users\William\AppData\Local\Geckofx
2011-05-11 07:51 . 2011-05-11 07:51 -------- d-----w- c:\program files\AviSynth 2.5
2011-05-11 07:49 . 2011-05-11 07:49 -------- d-----w- c:\program files\Red Kawa
2011-05-11 05:12 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 13:14 . 2011-05-09 12:52 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-09 12:52 . 2011-05-09 12:52 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-09 12:47 . 2011-04-29 02:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-09 12:47 . 2011-05-09 12:47 -------- d-----w- c:\program files\Lavasoft
2011-05-09 12:47 . 2011-05-09 12:47 -------- d-----w- c:\programdata\Lavasoft
2011-05-08 21:42 . 2011-05-08 21:42 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-08 21:42 . 2011-05-08 21:42 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-08 21:42 . 2011-05-08 21:42 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-08 21:42 . 2011-05-08 21:42 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-08 21:42 . 2011-05-08 21:42 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-08 21:42 . 2011-05-08 21:42 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-08 21:42 . 2011-05-08 21:42 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-08 21:42 . 2011-05-08 21:42 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-06 10:27 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-06 10:27 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-06 10:26 . 2011-05-06 10:26 -------- d-----w- c:\program files\iPod
2011-05-06 10:26 . 2011-05-06 10:27 -------- d-----w- c:\program files\iTunes
2011-05-06 10:24 . 2011-05-06 10:24 -------- d-----w- c:\program files\Bonjour
2011-05-05 05:57 . 2011-06-02 13:00 -------- d-----w- c:\windows\system32\world
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-01 12:26 . 2010-08-11 06:04 194560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-31 13:20 . 2011-03-10 20:46 133120 ----a-w- c:\windows\system32\drivers\smb.sys
2011-05-28 23:11 . 2011-03-10 13:22 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 23:11 . 2011-03-10 13:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 06:59 . 2010-07-09 12:04 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2011-04-29 13:15 . 2011-04-29 13:16 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{963A4107-8B32-499C-9B9E-186152C974C2}\gapaengine.dll
2011-04-14 07:47 . 2011-04-14 07:47 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-04-10 14:04 . 2011-04-30 11:58 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-09 08:55 . 2011-04-09 08:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 08:55 . 2011-04-09 08:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 21:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-03-10 21:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-03-10 16:12 . 2011-04-28 13:50 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-28 13:50 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 11:50 . 2011-03-09 11:50 65536 ----a-r- c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-09 11:50 . 2011-03-09 11:50 65536 ----a-r- c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-09 11:50 . 2011-03-09 11:50 65536 ----a-r- c:\users\William\AppData\Roaming\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2011-05-08 21:42 . 2011-05-08 21:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-24 212992]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-28 202032]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 15:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchFreeze]
2005-04-29 05:15 45056 ----a-w- c:\program files\TouchFreeze\TouchFreeze.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 apf001;apf001;c:\program files\SoftnyxGame\WolfTeamIS\apf001.sys [x]
R3 cpuz130;cpuz130; [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-08-03 23456]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-23 3425416]
R3 SophosCleanupTool;SophosCleanupTool;c:\program files\Sophos\Sophos confic-a Cleanup Tool\service.sys [2010-03-01 148720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-01 691696]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-26 04:11]
.
2011-05-20 c:\windows\Tasks\HPCeeScheduleForWilliam.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-13 19:58]
.
2011-06-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-05-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
TCP: Interfaces\{175B7B6F-94E1-4DEF-836C-B34ED41AC5D3}: NameServer = 211.29.152.116,211.29.132.12
FF - ProfilePath - c:\users\William\AppData\Roaming\Mozilla\Firefox\Profiles\owvv43w0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 20:35
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.smb]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PEVSystemStart]
"ImagePath"="\"c:\combofix\pev.cfxxe\" EXEC /i \"c:\combofix\REGT.cfxxe\" /S \"c:\combofix\erunt.dat\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2246853073-2034409028-415395374-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{796562E3-8B6B-6B71-9356-E198764F19F3}*]
"famclbajicpl"=hex:66,61,6c,6f,62,64,6a,69,6b,63,70,6c,00,ff
.
[HKEY_USERS\S-1-5-21-2246853073-2034409028-415395374-1003\Software\SecuROM\License information*]
"datasecu"=hex:2a,e3,27,ef,d9,13,1f,d5,9a,98,bb,eb,b4,03,f2,a8,9a,eb,20,4f,6e,
3f,38,5a,4d,9d,86,5c,8b,d3,94,21,5f,a3,a3,ea,d4,1a,06,0e,a8,f0,9d,75,d9,95,\
"rkeysecu"=hex:77,3a,a8,a7,7f,6c,7e,2e,17,5a,c7,51,f2,45,da,df
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Completion time: 2011-06-03 20:44:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-03 10:44
ComboFix2.txt 2011-06-02 06:13
.
Pre-Run: 20,683,522,048 bytes free
Post-Run: 20,428,734,464 bytes free
.
- - End Of File - - E135B4A689E2EECE1FBB81034FB32FA2

 

[johnb35]

It looks like you missed the last part of my last reply. I needed you to post the contents of a file for me.

Navigate to C:\qoobox and in that folder will be a file named "add-remove programs.txt" Please open that file and then copy and paste the contents in your next reply.

 

[mushyme8]

Sorry about that, I didn't see it =(

Here it is:

HiJackThis
Malwarebytes' Anti-Malware version 1.51.0.1200
Skype™ 5.3



I reinstalled Skype after though, it that's okay.

 

[johnb35]

That list should be a lot longer than what you posted.

 

[mushyme8]

Nope, that was it. What else is it meant to have? And that's the only add-remove program.txt file in there

 

[johnb35]

Ok, do this instead.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it. Then copy and paste the contents of that log back here.

I want to see if this log matches the combofix uninstall log.

 

[mushyme8]

HiJackThis
Malwarebytes' Anti-Malware version 1.51.0.1200




Also remember, I reinstalled Skype.