1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

DNS/Malware

Discussion in 'Virus & Other Malware Removal' started by antveal, Jul 17, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. antveal

    antveal Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    29
    So I have been having troubles connecting to the internet, in the form of DNS lookup fails. After a concerted effort by the chaps in the networking board, it was concluded that there may be malware on my PC.
    The situation is thus:
    Computer connects to WLAN
    Skype/dropbox appear to work
    In chrome/other browsers, webpages rarely load, citing DNS failure, but if they do it is much slower than on other computers connected to the same network.
    Steam cannot connect
    I had Avast! antivirus, but this was removed on the advice of the guys in the networking board.

    Cheers,

    Ant

    HiJack log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:10:02, on 17/07/2012
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18639)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AeroSnap\AeroSnap.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Users\Ant\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
    J:\Internet Tools\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2080817
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.bris.ac.uk/autoconfig
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.bris.ac.uk:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [AeroSnap] C:\Program Files\AeroSnap\AeroSnap.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Ant\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Dropbox.lnk = C:\Users\Ant\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E15CB46C-26CF-42F4-828A-B3114C51898C}: NameServer = 212.104.130.9,212.104.130.65
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c9a9865c620) (gupdate1c9a9865c620) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 12079 bytes

    DDS log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_33
    Run by Ant at 11:10:34 on 2012-07-17
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2036.1010 [GMT 1:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AeroSnap\AeroSnap.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Users\Ant\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2080817
    uInternet Settings,ProxyServer = wwwcache.bris.ac.uk:8080
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
    mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
    uRun: [AeroSnap] c:\program files\aerosnap\AeroSnap.exe
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\ant\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    StartupFolder: c:\users\ant\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\users\ant\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ant\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: DhcpNameServer = 212.159.13.49 8.8.8.8
    TCP: Interfaces\{49C338FB-73AD-421A-A15D-C05BA522C50D} : DhcpNameServer = 212.159.13.49 8.8.8.8
    TCP: Interfaces\{900176B0-91EE-4D93-8B9E-9B3D905C67F8} : DhcpNameServer = 212.159.13.49 8.8.8.8
    TCP: Interfaces\{D55F1617-F741-4C18-BE7A-62BC5E2EC1A0} : DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{E15CB46C-26CF-42F4-828A-B3114C51898C} : NameServer = 212.104.130.9,212.104.130.65
    TCP: Interfaces\{F07271A6-C1AC-4C02-84CD-E326D682AC6B} : DhcpNameServer = 192.168.1.254
    Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ant\appdata\roaming\mozilla\firefox\profiles\igcha071.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.search.selectedEngine - Winamp Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\users\ant\appdata\roaming\mozilla\firefox\profiles\igcha071.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\npjpi160_33.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\ant\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
    R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
    R3 netr28u;Belkin N1 Wireless USB Adapter Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2008-10-4 552448]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9a9865c620;Google Update Service (gupdate1c9a9865c620);c:\program files\google\update\GoogleUpdate.exe [2009-3-20 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-5-11 80824]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-3 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-16 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-20 133104]
    S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-5-11 181432]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-07-17 09:54:16 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0b7e6eae-24d4-48a3-9060-05cddeabfcee}\mpengine.dll
    2012-07-11 08:56:16 -------- d-----w- c:\users\ant\appdata\local\Macromedia
    2012-07-11 08:35:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-09 18:21:59 -------- d-----w- c:\users\ant\appdata\local\DDMSettings
    2012-07-09 18:17:41 -------- d-----w- c:\program files\common files\DivX Shared
    2012-07-09 18:10:41 -------- d-----w- c:\program files\DivX
    2012-07-09 18:08:37 -------- d-----w- c:\programdata\DivX
    2012-06-21 10:21:01 -------- d-----w- c:\programdata\AVAST Software
    2012-06-21 10:21:01 -------- d-----w- c:\program files\AVAST Software
    .
    ==================== Find3M ====================
    .
    2012-07-15 14:41:33 1174979 ----a-w- c:\windows\apppatch\unins000.exe
    2012-07-11 08:35:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-12 22:44:08 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-06-12 22:44:07 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-11 06:34:08 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2012-05-11 06:34:06 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2008-09-27 16:35:36 133227519 ----a-w- c:\program files\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
    .
    ============= FINISH: 11:11:24.39 ===============

    GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-17 11:44:15
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75B3A0 rev.01.03A01
    Running: vzz7oe57.exe; Driver: C:\Users\Ant\AppData\Local\Temp\pwldrpow.sys


    ---- System - GMER 1.0.15 ----

    INT 0x51 ? 84275BF8
    INT 0x51 ? 84275BF8
    INT 0x51 ? 84275BF8
    INT 0x51 ? 84275BF8
    INT 0x51 ? 85F92BF8
    INT 0x51 ? 85F92BF8
    INT 0x51 ? 84275BF8
    INT 0x61 ? 85F92BF8
    INT 0x92 ? 85F92BF8
    INT 0xA2 ? 85F92BF8
    INT 0xB2 ? 85F92BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? System32\Drivers\spzw.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 8BDEA46F 5 Bytes JMP 85F921D8
    .text alzaqem2.SYS 87DBC000 22 Bytes [26, E2, 5C, 82, 10, E1, 5C, ...]
    .text alzaqem2.SYS 87DBC017 78 Bytes [00, 32, 47, 79, 80, 3D, 45, ...]
    .text alzaqem2.SYS 87DBC066 66 Bytes [21, 82, E4, 4B, 26, 82, 50, ...]
    .text alzaqem2.SYS 87DBC0A9 35 Bytes [10, 26, 82, 60, 07, 26, 82, ...]
    .text alzaqem2.SYS 87DBC0CE 10 Bytes [00, 00, 00, 00, 00, 00, B1, ...]
    .text ...
    ? C:\Users\Ant\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3652] kernel32.dll!SetUnhandledExceptionFilter 7704700D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D2] \SystemRoot\System32\Drivers\spzw.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B040] \SystemRoot\System32\Drivers\spzw.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B7FC] \SystemRoot\System32\Drivers\spzw.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0BE] \SystemRoot\System32\Drivers\spzw.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13C] \SystemRoot\System32\Drivers\spzw.sys
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortNotification] CC358B04
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortWritePortUchar] 8387DE1F
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F87DDF0
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortStallExecution] 54771129
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortInitialize] B18D0502
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
    IAT \SystemRoot\System32\Drivers\alzaqem2.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 84C091F8
    Device \FileSystem\fastfat \FatCdrom 8752F1F8
    Device \Driver\sptd \Device\228668256 spzw.sys
    Device \Driver\volmgr \Device\VolMgrControl 842771F8
    Device \Driver\usbuhci \Device\USBPDO-0 85F8E1F8
    Device \Driver\usbuhci \Device\USBPDO-1 85F8E1F8
    Device \Driver\usbuhci \Device\USBPDO-2 85F8E1F8
    Device \Driver\usbehci \Device\USBPDO-3 84D1C1F8
    Device \Driver\usbuhci \Device\USBPDO-4 85F8E1F8
    Device \Driver\usbuhci \Device\USBPDO-5 85F8E1F8
    Device \Driver\usbuhci \Device\USBPDO-6 85F8E1F8
    Device \Driver\volmgr \Device\HarddiskVolume1 842771F8
    Device \Driver\usbehci \Device\USBPDO-7 84D1C1F8
    Device \Driver\volmgr \Device\HarddiskVolume2 842771F8
    Device \Driver\cdrom \Device\CdRom0 85F8F1F8
    Device \Driver\volmgr \Device\HarddiskVolume3 842771F8
    Device \Driver\cdrom \Device\CdRom1 85F8F1F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{49C338FB-73AD-421A-A15D-C05BA522C50D} 868701F8
    Device \Driver\USBSTOR \Device\00000066 868901F8
    Device \Driver\volmgr \Device\HarddiskVolume4 842771F8
    Device \Driver\USBSTOR \Device\00000067 868901F8
    Device \Driver\volmgr \Device\HarddiskVolume5 842771F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 868701F8
    Device \Driver\Smb \Device\NetbiosSmb 867A51F8
    Device \Driver\PCI_PNP4247 \Device\0000004d spzw.sys
    Device \Driver\iScsiPrt \Device\RaidPort0 85F411F8
    Device \Driver\usbuhci \Device\USBFDO-0 85F8E1F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{0033ACCA-A0BE-4BB3-9B8F-A533C8231AF2} 868701F8
    Device \Driver\usbuhci \Device\USBFDO-1 85F8E1F8
    Device \Driver\USBSTOR \Device\0000006e 868901F8
    Device \Driver\usbuhci \Device\USBFDO-2 85F8E1F8
    Device \Driver\USBSTOR \Device\0000006f 868901F8
    Device \Driver\usbehci \Device\USBFDO-3 84D1C1F8
    Device \Driver\usbuhci \Device\USBFDO-4 85F8E1F8
    Device \Driver\usbuhci \Device\USBFDO-5 85F8E1F8
    Device \Driver\usbuhci \Device\USBFDO-6 85F8E1F8
    Device \Driver\usbehci \Device\USBFDO-7 84D1C1F8
    Device \Driver\alzaqem2 \Device\Scsi\alzaqem21Port5Path0Target0Lun0 85F561F8
    Device \Driver\alzaqem2 \Device\Scsi\alzaqem21 85F561F8
    Device \FileSystem\fastfat \Fat 8752F1F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\cdfs \Cdfs 8775E1F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xA7 0x1B 0xB3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC8 0x84 0xED 0x7D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB8 0x66 0x3F 0x9B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0A 0x7F 0x6D 0xD6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE5 0x21 0x7A 0x96 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0x6F 0xCE 0xA9 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xA7 0x1B 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC8 0x84 0xED 0x7D ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB8 0x66 0x3F 0x9B ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0A 0x7F 0x6D 0xD6 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE5 0x21 0x7A 0x96 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0x6F 0xCE 0xA9 ...

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    before doing taht remove the university proxy while you are connecting from home
    In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously. and uncheck the auto configure optiosn ( that is probably what is causing most of your hassle )

    In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
     
  4. antveal

    antveal Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    29
    thanks for the quick response. i removed the uni proxy and ran tdss killer, although the only threat it flagged was the SPTD.sys, which was duly ignored.

    performed a reboot and the DNS failed error still crops up
     

    Attached Files:

  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    lets see if this tells us anything , it is possible that you do have a rootkit there

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  6. antveal

    antveal Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    29
    here's the combofix log, no reboot was suggested
     

    Attached Files:

  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    I need to check some of the files combofix deleted as they appear strange

    can you please go to C:\qoobox & right click the quarantine folder, select send to compressed(zip) folders
    that will make a zipped copy of the quarantine folder
    then
    please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files and submit to antivirus companies if needed

    Just press new topic, fill in the needed details
    In the subject box please put: Files for DVK01

    In the body of the post paste the contents of the code box:
    Code:
    combofix Quarantine folder from 
    http://forums.techguy.org/virus-other-malware-removal/1061393-dns-malware.html
    

    & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

    how is it though, have the connection problems stopped
     
  8. antveal

    antveal Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    29
    i'm afraid the connectivity issues still persist. when i open chrome, google loads as normal but after that its back to DNS issues or severely restricted speeds. Similar results occur when I use other browsers.

    The zipped folder is uploaded, as per your instructions.

    Thanks,

    ant
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    you didn't attach the file to the post at spykiller
     
  10. antveal

    antveal Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    29
    ah, apologies, i thought it had automatically gone through.
    in that case im afraid im at a bit of a loss. when i go to attach the file, there is no button that read 'send'
    not sure if i am just blind or do i need to do something in addition to registering for the site?
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    once the file is listed in the browse window, then press post & it normally is ok
     
  12. antveal

    antveal Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    29
    got it. definitely shouldve been that hard
     
  13. antveal

    antveal Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    29
    shouldnt*. wow.
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    I can't work out whether you do have a rootkit that is causing your problms or if it is daemon tools showing in gmer log
    ( I think it is daemon tools). BUT there are signs of some weird programs & bitcoin miners etc

    I don't think we can safely & easily fix your connection without a reinstall of windows and I won't even guarantee that will solve it
    one of the error reports listed shows that 2 computers with the same name are trying to connect via the same router & might well be the cause
     
  15. antveal

    antveal Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    29
    ah. this does not sound good at all. would you suggest a windows reinstall?
    i have had a problem with bitcoin miners before, although i thought it was resolved
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1061393