Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

DNS/Malware

(In Progress)
(!)

antveal's Avatar
antveal antveal is offline
Member with 27 posts.
THREAD STARTER
 
Join Date: Jul 2012
17-Jul-2012, 06:47 AM #1
DNS/Malware
So I have been having troubles connecting to the internet, in the form of DNS lookup fails. After a concerted effort by the chaps in the networking board, it was concluded that there may be malware on my PC.
The situation is thus:
Computer connects to WLAN
Skype/dropbox appear to work
In chrome/other browsers, webpages rarely load, citing DNS failure, but if they do it is much slower than on other computers connected to the same network.
Steam cannot connect
I had Avast! antivirus, but this was removed on the advice of the guys in the networking board.

Cheers,

Ant

HiJack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:02, on 17/07/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AeroSnap\AeroSnap.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Ant\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
J:\Internet Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=2080817
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.bris.ac.uk/autoconfig
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.bris.ac.uk:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AeroSnap] C:\Program Files\AeroSnap\AeroSnap.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ant\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Users\Ant\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E15CB46C-26CF-42F4-828A-B3114C51898C}: NameServer = 212.104.130.9,212.104.130.65
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9a9865c620) (gupdate1c9a9865c620) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12079 bytes

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_33
Run by Ant at 11:10:34 on 2012-07-17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2036.1010 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AeroSnap\AeroSnap.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Ant\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2080817
uInternet Settings,ProxyServer = wwwcache.bris.ac.uk:8080
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [AeroSnap] c:\program files\aerosnap\AeroSnap.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\ant\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\ant\appdata\roaming\micros~1\windows\startm~1\programs\startup\ado beg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\ant\appdata\roaming\micros~1\windows\startm~1\programs\startup\dro pbox.lnk - c:\users\ant\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 212.159.13.49 8.8.8.8
TCP: Interfaces\{49C338FB-73AD-421A-A15D-C05BA522C50D} : DhcpNameServer = 212.159.13.49 8.8.8.8
TCP: Interfaces\{900176B0-91EE-4D93-8B9E-9B3D905C67F8} : DhcpNameServer = 212.159.13.49 8.8.8.8
TCP: Interfaces\{D55F1617-F741-4C18-BE7A-62BC5E2EC1A0} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{E15CB46C-26CF-42F4-828A-B3114C51898C} : NameServer = 212.104.130.9,212.104.130.65
TCP: Interfaces\{F07271A6-C1AC-4C02-84CD-E326D682AC6B} : DhcpNameServer = 192.168.1.254
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ant\appdata\roaming\mozilla\firefox\profiles\igcha071.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordlegacyext.dll
FF - component: c:\users\ant\appdata\roaming\mozilla\firefox\profiles\igcha071.default\exte nsions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_33.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchrom ebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\ant\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 netr28u;Belkin N1 Wireless USB Adapter Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2008-10-4 552448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a9865c620;Google Update Service (gupdate1c9a9865c620);c:\program files\google\update\GoogleUpdate.exe [2009-3-20 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-5-11 80824]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-3 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-16 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-20 133104]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-5-11 181432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-17 09:54:16 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0b7e6eae-24d4-48a3-9060-05cddeabfcee}\mpengine.dll
2012-07-11 08:56:16 -------- d-----w- c:\users\ant\appdata\local\Macromedia
2012-07-11 08:35:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-09 18:21:59 -------- d-----w- c:\users\ant\appdata\local\DDMSettings
2012-07-09 18:17:41 -------- d-----w- c:\program files\common files\DivX Shared
2012-07-09 18:10:41 -------- d-----w- c:\program files\DivX
2012-07-09 18:08:37 -------- d-----w- c:\programdata\DivX
2012-06-21 10:21:01 -------- d-----w- c:\programdata\AVAST Software
2012-06-21 10:21:01 -------- d-----w- c:\program files\AVAST Software
.
==================== Find3M ====================
.
2012-07-15 14:41:33 1174979 ----a-w- c:\windows\apppatch\unins000.exe
2012-07-11 08:35:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 22:44:08 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-12 22:44:07 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-11 06:34:08 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-05-11 06:34:06 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2008-09-27 16:35:36 133227519 ----a-w- c:\program files\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
.
============= FINISH: 11:11:24.39 ===============

GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-17 11:44:15
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75B3A0 rev.01.03A01
Running: vzz7oe57.exe; Driver: C:\Users\Ant\AppData\Local\Temp\pwldrpow.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 84275BF8
INT 0x51 ? 84275BF8
INT 0x51 ? 84275BF8
INT 0x51 ? 84275BF8
INT 0x51 ? 85F92BF8
INT 0x51 ? 85F92BF8
INT 0x51 ? 84275BF8
INT 0x61 ? 85F92BF8
INT 0x92 ? 85F92BF8
INT 0xA2 ? 85F92BF8
INT 0xB2 ? 85F92BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spzw.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8BDEA46F 5 Bytes JMP 85F921D8
.text alzaqem2.SYS 87DBC000 22 Bytes [26, E2, 5C, 82, 10, E1, 5C, ...]
.text alzaqem2.SYS 87DBC017 78 Bytes [00, 32, 47, 79, 80, 3D, 45, ...]
.text alzaqem2.SYS 87DBC066 66 Bytes [21, 82, E4, 4B, 26, 82, 50, ...]
.text alzaqem2.SYS 87DBC0A9 35 Bytes [10, 26, 82, 60, 07, 26, 82, ...]
.text alzaqem2.SYS 87DBC0CE 10 Bytes [00, 00, 00, 00, 00, 00, B1, ...]
.text ...
? C:\Users\Ant\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3652] kernel32.dll!SetUnhandledExceptionFilter 7704700D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D2] \SystemRoot\System32\Drivers\spzw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B040] \SystemRoot\System32\Drivers\spzw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B7FC] \SystemRoot\System32\Drivers\spzw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0BE] \SystemRoot\System32\Drivers\spzw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13C] \SystemRoot\System32\Drivers\spzw.sys
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortWritePortUchar] 8387DE1F
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F87DDF0
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84C091F8
Device \FileSystem\fastfat \FatCdrom 8752F1F8
Device \Driver\sptd \Device\228668256 spzw.sys
Device \Driver\volmgr \Device\VolMgrControl 842771F8
Device \Driver\usbuhci \Device\USBPDO-0 85F8E1F8
Device \Driver\usbuhci \Device\USBPDO-1 85F8E1F8
Device \Driver\usbuhci \Device\USBPDO-2 85F8E1F8
Device \Driver\usbehci \Device\USBPDO-3 84D1C1F8
Device \Driver\usbuhci \Device\USBPDO-4 85F8E1F8
Device \Driver\usbuhci \Device\USBPDO-5 85F8E1F8
Device \Driver\usbuhci \Device\USBPDO-6 85F8E1F8
Device \Driver\volmgr \Device\HarddiskVolume1 842771F8
Device \Driver\usbehci \Device\USBPDO-7 84D1C1F8
Device \Driver\volmgr \Device\HarddiskVolume2 842771F8
Device \Driver\cdrom \Device\CdRom0 85F8F1F8
Device \Driver\volmgr \Device\HarddiskVolume3 842771F8
Device \Driver\cdrom \Device\CdRom1 85F8F1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{49C338FB-73AD-421A-A15D-C05BA522C50D} 868701F8
Device \Driver\USBSTOR \Device\00000066 868901F8
Device \Driver\volmgr \Device\HarddiskVolume4 842771F8
Device \Driver\USBSTOR \Device\00000067 868901F8
Device \Driver\volmgr \Device\HarddiskVolume5 842771F8
Device \Driver\netbt \Device\NetBt_Wins_Export 868701F8
Device \Driver\Smb \Device\NetbiosSmb 867A51F8
Device \Driver\PCI_PNP4247 \Device\0000004d spzw.sys
Device \Driver\iScsiPrt \Device\RaidPort0 85F411F8
Device \Driver\usbuhci \Device\USBFDO-0 85F8E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0033ACCA-A0BE-4BB3-9B8F-A533C8231AF2} 868701F8
Device \Driver\usbuhci \Device\USBFDO-1 85F8E1F8
Device \Driver\USBSTOR \Device\0000006e 868901F8
Device \Driver\usbuhci \Device\USBFDO-2 85F8E1F8
Device \Driver\USBSTOR \Device\0000006f 868901F8
Device \Driver\usbehci \Device\USBFDO-3 84D1C1F8
Device \Driver\usbuhci \Device\USBFDO-4 85F8E1F8
Device \Driver\usbuhci \Device\USBFDO-5 85F8E1F8
Device \Driver\usbuhci \Device\USBFDO-6 85F8E1F8
Device \Driver\usbehci \Device\USBFDO-7 84D1C1F8
Device \Driver\alzaqem2 \Device\Scsi\alzaqem21Port5Path0Target0Lun0 85F561F8
Device \Driver\alzaqem2 \Device\Scsi\alzaqem21 85F561F8
Device \FileSystem\fastfat \Fat 8752F1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 8775E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04@ujdew 0x48 0xA7 0x1B 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04\00000001@ujdew 0xC8 0x84 0xED 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04\00000001\jdgg40@ujdew 0xB8 0x66 0x3F 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0x0A 0x7F 0x6D 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@hdf12 0xE5 0x21 0x7A 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0@hdf12 0xAA 0x6F 0xCE 0xA9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@ujdew 0x48 0xA7 0x1B 0xB3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4\00000001@ujdew 0xC8 0x84 0xED 0x7D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4\00000001\jdgg40@ujdew 0xB8 0x66 0x3F 0x9B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x0A 0x7F 0x6D 0xD6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@hdf12 0xE5 0x21 0x7A 0x96 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0@hdf12 0xAA 0x6F 0xCE 0xA9 ...

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
17-Jul-2012, 08:57 AM #2
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
17-Jul-2012, 08:58 AM #3
before doing taht remove the university proxy while you are connecting from home
In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously. and uncheck the auto configure optiosn ( that is probably what is causing most of your hassle )

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
antveal's Avatar
antveal antveal is offline
Member with 27 posts.
THREAD STARTER
 
Join Date: Jul 2012
17-Jul-2012, 11:56 AM #4
thanks for the quick response. i removed the uni proxy and ran tdss killer, although the only threat it flagged was the SPTD.sys, which was duly ignored.

performed a reboot and the DNS failed error still crops up
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
17-Jul-2012, 12:55 PM #5
lets see if this tells us anything , it is possible that you do have a rootkit there

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
antveal's Avatar
antveal antveal is offline
Member with 27 posts.
THREAD STARTER
 
Join Date: Jul 2012
17-Jul-2012, 05:38 PM #6
here's the combofix log, no reboot was suggested
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
18-Jul-2012, 02:50 PM #7
I need to check some of the files combofix deleted as they appear strange

can you please go to C:\qoobox & right click the quarantine folder, select send to compressed(zip) folders
that will make a zipped copy of the quarantine folder
then
please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files and submit to antivirus companies if needed

Just press new topic, fill in the needed details
In the subject box please put: Files for DVK01

In the body of the post paste the contents of the code box:
Code:
combofix Quarantine folder from 
http://forums.techguy.org/virus-other-malware-removal/1061393-dns-malware.html

& then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

how is it though, have the connection problems stopped
antveal's Avatar
antveal antveal is offline
Member with 27 posts.
THREAD STARTER
 
Join Date: Jul 2012
18-Jul-2012, 03:54 PM #8
i'm afraid the connectivity issues still persist. when i open chrome, google loads as normal but after that its back to DNS issues or severely restricted speeds. Similar results occur when I use other browsers.

The zipped folder is uploaded, as per your instructions.

Thanks,

ant
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
18-Jul-2012, 05:32 PM #9
you didn't attach the file to the post at spykiller
antveal's Avatar
antveal antveal is offline
Member with 27 posts.
THREAD STARTER
 
Join Date: Jul 2012
18-Jul-2012, 06:06 PM #10
ah, apologies, i thought it had automatically gone through.
in that case im afraid im at a bit of a loss. when i go to attach the file, there is no button that read 'send'
not sure if i am just blind or do i need to do something in addition to registering for the site?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
18-Jul-2012, 06:12 PM #11
once the file is listed in the browse window, then press post & it normally is ok
antveal's Avatar
antveal antveal is offline
Member with 27 posts.
THREAD STARTER
 
Join Date: Jul 2012
18-Jul-2012, 06:15 PM #12
got it. definitely shouldve been that hard
antveal's Avatar
antveal antveal is offline
Member with 27 posts.
THREAD STARTER
 
Join Date: Jul 2012
18-Jul-2012, 06:16 PM #13
shouldnt*. wow.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
18-Jul-2012, 06:46 PM #14
I can't work out whether you do have a rootkit that is causing your problms or if it is daemon tools showing in gmer log
( I think it is daemon tools). BUT there are signs of some weird programs & bitcoin miners etc

I don't think we can safely & easily fix your connection without a reinstall of windows and I won't even guarantee that will solve it
one of the error reports listed shows that 2 computers with the same name are trying to connect via the same router & might well be the cause
antveal's Avatar
antveal antveal is offline
Member with 27 posts.
THREAD STARTER
 
Join Date: Jul 2012
18-Jul-2012, 07:01 PM #15
ah. this does not sound good at all. would you suggest a windows reinstall?
i have had a problem with bitcoin miners before, although i thought it was resolved
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑