View Full Version : Malware Problem

2010-08-30, 12:36
I feel i might of gotten some malware on my laptop. I notice had a problem when i wasnt able to open AIM or MSN so i kinda was like WTF and moved on then i was about to use my webcam i found out its not working computer says to connect it but thats just the thing its integrated into the laptop. So i was like maybe the drivers are old when i went to control panel i couldnt open drivers manger or unistall programs so i kinda freaked did a scan with my Avast 5 and i came up with 2 threats Win32:Malware-gen & Win32:MalOb-BH [Cryp] both r now in my Chest. But im still having problems with both my messagers and opening things in my Control panel

Here are both the DDS Log


DDS (Ver_10-03-17.01) - NTFSX64
Run by Andrew at 5:18:51.77 on Mon 08/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.1786 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NPSStartup]
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Hosts: www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\6gqd4diu.default\
FF - component: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\6gqd4diu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\6gqd4diu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\andrew\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\6gqd4diu.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\6gqd4diu.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-8-24 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-8-24 250448]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-2-24 55280]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-2-24 18792]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-8-24 124496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-24 432720]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-24 121936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2010-2-1 92160]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-1 202752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-24 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-24 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-24 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-8-24 119200]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-2-24 60928]
R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-8-26 304464]
R2 NAUpdate;Nero Update;c:\program files (x86)\nero\update\NASvc.exe [2010-3-25 490280]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-2-1 23912]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-24 40384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-24 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-2-24 172704]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-2-1 56344]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-1 151936]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2010-2-1 320040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-26 24664]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2010-2-1 6952960]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-9 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-30 1153368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-1 220672]
S3 TFsExDisk;TFsExDisk;c:\windows\system32\drivers\TFsExDisk.sys [2010-8-18 16448]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-10 1255736]

=============== Created Last 30 ================

2010-08-30 08:24:53 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-08-29 06:34:49 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-29 06:34:49 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-08-29 06:34:49 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-08-29 06:34:15 0 d-----w- c:\program files\iPod
2010-08-29 06:34:14 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-08-29 06:34:14 0 d-----w- c:\program files\iTunes
2010-08-29 06:34:14 0 d-----w- c:\program files (x86)\iTunes
2010-08-29 06:32:07 0 d-----w- c:\programdata\Apple Computer
2010-08-29 06:30:31 0 d-----w- c:\program files\common files\Apple
2010-08-29 06:30:20 0 d-----w- c:\program files\Bonjour
2010-08-29 06:30:20 0 d-----w- c:\program files (x86)\Bonjour
2010-08-29 06:14:49 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-29 06:14:19 0 d-----w- c:\program files (x86)\DAEMON Tools Lite
2010-08-29 06:14:00 0 d-----w- c:\users\andrew\appdata\roaming\DAEMON Tools Lite
2010-08-29 06:13:58 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-08-27 05:29:05 0 d-----w- c:\windows\pss
2010-08-26 22:00:49 0 d-----w- c:\users\andrew\appdata\roaming\Malwarebytes
2010-08-26 22:00:37 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 22:00:37 0 d-----w- c:\programdata\Malwarebytes
2010-08-26 22:00:37 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-25 16:59:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 16:59:40 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-25 03:54:45 432720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-25 03:54:43 124496 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-08-25 03:54:26 250448 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-08-25 03:54:19 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 03:54:04 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 03:54:04 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-08-25 03:54:03 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-08-25 02:12:54 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-08-25 02:12:33 0 d-----r- c:\program files (x86)\Skype
2010-08-19 03:43:28 0 d-----w- c:\users\andrew\dwhelper
2010-08-19 01:50:22 0 d-----w- c:\program files (x86)\WinImage
2010-08-19 01:03:16 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-08-19 01:03:16 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-08-19 01:03:16 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-08-19 01:03:16 141384 ----a-w- c:\windows\system32\drivers\sscdserd.sys
2010-08-19 01:03:15 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-08-19 01:03:15 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-08-19 01:03:15 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-08-19 01:03:15 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-08-19 01:02:49 0 d-----w- c:\programdata\Samsung
2010-08-19 01:02:39 25960 ----a-w- c:\windows\syswow64\FsExService64.Exe
2010-08-19 01:02:39 25960 ----a-w- c:\windows\system32\FsExService64.exe
2010-08-19 01:02:39 16448 ----a-w- c:\windows\system32\drivers\TFsExDisk.sys
2010-08-19 01:02:33 0 d-----w- c:\users\andrew\appdata\roaming\Samsung
2010-08-19 01:01:59 0 d-----w- c:\program files (x86)\MarkAny
2010-08-19 01:01:51 0 d-----w- c:\program files (x86)\Samsung
2010-08-17 20:38:17 538624 ----a-w- c:\windows\syswow64\ac3filter.acm
2010-08-17 10:21:26 0 d-----w- c:\program files (x86)\Mediatwins software
2010-08-15 01:45:33 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-08-15 01:42:49 0 d-----w- c:\windows\Repair
2010-08-15 01:42:24 0 d-----w- c:\users\andrew\appdata\roaming\Systweak
2010-08-15 01:37:46 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-15 01:37:46 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-15 01:37:46 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-15 01:37:40 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-15 01:37:40 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-15 01:36:58 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-15 01:36:46 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-15 01:36:45 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-08-15 01:36:45 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-08-15 01:32:44 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-15 01:32:42 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-15 01:32:42 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-13 04:52:09 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-12 15:41:28 0 ----a-w- c:\windows\syswow64\config.nt
2010-08-12 15:41:02 0 d-----w- c:\programdata\Alwil Software
2010-08-12 15:41:02 0 d-----w- c:\program files\Alwil Software
2010-08-12 00:20:23 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-12 00:20:22 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-12 00:20:22 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-11 21:53:49 533 ----a-w- c:\windows\eReg.dat
2010-08-11 21:53:37 0 d-----w- c:\program files (x86)\Maxis
2010-08-08 18:17:40 0 d-----w- c:\program files (x86)\ATI
2010-08-08 18:17:17 0 d-----w- c:\program files\ATI Technologies
2010-08-08 18:17:15 0 d-----w- c:\program files\ATI
2010-08-08 18:16:29 0 d-----w- C:\ATI
2010-08-03 16:46:09 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-03 01:57:33 0 d-----w- c:\program files (x86)\AltBinz
2010-08-02 23:09:35 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-08-02 23:09:35 452440 ----a-w- c:\windows\syswow64\d3dx10_40.dll
2010-08-02 23:09:35 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-08-02 23:09:35 2036576 ----a-w- c:\windows\syswow64\D3DCompiler_40.dll
2010-08-02 23:09:33 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-08-01 20:27:59 72200 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-08-01 20:27:59 68616 ----a-w- c:\windows\syswow64\XAPOFX1_1.dll
2010-08-01 20:27:59 513544 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-08-01 20:27:59 509448 ----a-w- c:\windows\syswow64\XAudio2_2.dll
2010-08-01 20:27:57 238088 ----a-w- c:\windows\syswow64\xactengine3_2.dll
2010-08-01 20:27:57 177672 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-08-01 20:25:52 0 d--h--w- c:\windows\msdownld.tmp
2010-08-01 20:25:49 0 d-----w- c:\windows\syswow64\directx
2010-08-01 19:39:54 0 d-----w- c:\programdata\Blizzard Entertainment
2010-08-01 19:39:54 0 d-----w- c:\program files (x86)\StarCraft II
2010-08-01 19:39:54 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment

==================== Find3M ====================

2010-08-03 19:09:04 218464 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-08-02 23:09:56 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-22 20:58:42 24 ----a-w- c:\users\andrew\appdata\roaming\omubwk.dat
2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-09 19:04:40 41872 ----a-w- c:\windows\syswow64\xfcodec.dll
2010-07-09 19:04:40 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-09 16:20:22 2444656 ----a-w- c:\windows\syswow64\pbsvc_apb.exe
2010-06-02 11:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
2010-06-02 11:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
2010-06-02 11:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
2010-06-02 11:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-02-24 19:48:58 74 --sh--r- c:\windows\CT4CET.bin
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-04-23 23:34:36 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 5:20:03.08 ===============



DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/8/2010 5:23:04 PM
System Uptime: 8/29/2010 2:48:53 AM (27 hours ago)

Motherboard: Dell Inc. | | 0VF0FR
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 2267/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 234.072 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP103: 8/20/2010 3:39:03 AM - Windows Update
RP105: 8/20/2010 3:50:08 AM - Windows Defender Checkpoint
RP106: 8/23/2010 11:17:44 AM - Windows Update
RP107: 8/24/2010 12:58:50 PM - Windows Update
RP108: 8/24/2010 11:53:49 PM - avast! Internet Security Setup
RP109: 8/26/2010 3:00:13 AM - Windows Update
RP111: 8/29/2010 2:14:31 AM - SPTD setup V1.62
RP112: 8/29/2010 2:32:43 AM - Installed iTunes
RP113: 8/29/2010 4:21:02 AM - Removed MTX
RP114: 8/30/2010 4:13:27 AM - Removed Windows Live Sign-in Assistant
RP115: 8/30/2010 4:14:03 AM - Removed Windows Live Sync
RP116: 8/30/2010 4:14:31 AM - Removed Windows Live Upload Tool

==== Installed Programs ======================

3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Advanced Audio FX Engine
Alien Swarm
All Points Bulletin
Alt.Binz 0.25.0
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
ATI Catalyst Registration
avast! Internet Security
Banctec Service Agreement
Battlefield Heroes
Burnout Paradise: The Ultimate Box
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Command & Conquer™ 4 Tiberian Twilight
Compatibility Pack for the 2007 Office system
Dell Support Center (Support Software)
Dell Webcam Central
DivX Player
DivX Setup
DivX Version Checker
EA Download Manager
EA Download Manager UI
Google Chrome
Google Update Helper
High-Definition Video Playback 10
HLSW v1.3.3.7b
Java Auto Updater
Java(TM) 6 Update 21
Just Cause 2
Left 4 Dead
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.1.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
PunkBuster Services
Realtek High Definition Audio Driver
Roxio Burn
Samsung New PC Studio
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Sid Meier's Civilization IV
SimCity 4 Deluxe
Skype™ 4.2
Spybot - Search & Destroy
StarCraft II
TBS WMP Plug-in
TeamSpeak 3 Client
The Lord of the Rings FREE Trial
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Windows Media Player Firefox Plugin
Windows SideShow Managed Runtime 1.0
WinZip 14.0
Xfire (remove only)
XfireXO Toolbar

==== Event Viewer Messages From Past Week ========

8/29/2010 7:48:15 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
8/24/2010 10:26:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
8/24/2010 10:26:39 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/23/2010 11:13:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048e4060, 0xfffff80000b9c518, 0xfffffa8008570870). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082310-17066-01.

==== End Of File ===========================

also did a Malwarebytes scan a few days ago

Malwarebytes' Anti-Malware 1.46

Database version: 4486

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/26/2010 6:56:01 PM
mbam-log-2010-08-26 (18-56-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 320134
Time elapsed: 52 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Andrew\Desktop\Malwarebytes Anti-Malware v1.46\patrick.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

2010-09-07, 16:44

Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).

2010-09-15, 18:53
Sorry it took so long

2010-09-15, 19:07

Empty your trash folders in Thunderbird email accounts.

Delete these files if found:

Let me know about remaining issues.

2010-09-15, 22:35
still having probelms i cant open a few programs also cant open a few things in control panel

2010-09-16, 07:37

Please give a bit more detailed description of problems (any error messages etc).

2010-09-16, 18:18
i just said f**k it and reformatted i found out there was somthing wrong with my file paths for all my Microsoft files because i have 2 program files ones normal and a X84 bit and the 84 bit one was fed up thank u for ur help hopefully it dosnt happen again X_X

2010-09-16, 20:19
Ok. Thanks for letting us know. I'll archive the topic then.