Trojan Horse problems, I believe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

builder4580

Thread Starter
Joined
Sep 28, 2004
Messages
6
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, x64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 3069 Mb
Graphics Card: NVIDIA GeForce 8400M GS, 128 Mb
Hard Drives: C: Total - 225594 MB, Free - 151993 MB; D: Total - 10239 MB, Free - 5951 MB;
Motherboard: Dell Inc.,
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

I thank you in advance for your help,
I have the following System:

Dell XPS M1330 Specs
Model: Inspiron M1330
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20 GHz
RAM: 3.0 GB
System Type: 32-bit Operating System
Windows Edition: Windows Vista Home Premium
Service pack 2

I have the following issues with my computer:

1) I get frequent pop-ups wiith the message "TCP/IP Ping Command has stopped working"
Windows can check online for a solution to the problem.
(option) Check online for a solution (recommended)
(option) Close
2) AVG pop-ups appear frequently with "Threat Deleated" notices (see below)
3) Firefox and IE freeze for periods of time, then continue.
4) I lose Internet Access for periods of time (no doubt accounting for 3 above)
5) Occasionally I lose Internet Access altogether and have to turn my internet modem off, unplug it for 10 secs, plug it back in and turn it on again to regain access.
6) I also get the occasional BSOD - maybe 2-3 times per week.
The problems started after I ran Malwarebytes the last time. MB "fixed" a couple of malware issues, but does not show any issues when I run it now.


AVG Resident Shield Alerts that I started to note down.

Threat detected!
12/04/11 1:57pm
Filename: c:\Windows\System32\drivers\dfsc.sys
Threat Name: Trojan horse Hider.OMK
Show Details: Process name: c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Process ID: 7900

Threat detected!
12/04/11 2:40pm
Filename: c:\Windows\winsxs\x86_microsoft-windows- dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys
Threat Name: Trojan horse Hider.OMK

Threat detected!
12/05/11 12:23pm
Filename: C:\WINDOWS\TEMP\FVLOWQ\SETUP.EXE

**********************************************************

My Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:55:39 PM, on 12/8/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ArcSoft\MediaConverter 4 Platinum\Monitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\System32\notepad.exe
C:\Users\cormact\Desktop\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/eltima/{480F2D80-F386-4D58-963E-D302366B6C78}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O3 - Toolbar: (no name) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - (no file)
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\cormact\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Monitor.lnk = C:\Program Files\ArcSoft\MediaConverter 4 Platinum\Monitor.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.vectorvest.com
O16 - DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} (CV781Object Object) - http://deablm.guardcctv.com:100/AVC_AX_DVR.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E68292-91F9-4C77-A9B5-BBA0B6764383}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10947 bytes

**********************************************************************************************

This is my DDS File

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by cormact at 19:59:21 on 2011-12-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1148 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ArcSoft\MediaConverter 4 Platinum\Monitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\wermgr.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/eltima/{480F2D80-F386-4D58-963E-D302366B6C78}
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
uURLSearchHooks: H - No File
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll
TB: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB: {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Facebook Update] "c:\users\cormact\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\cormact\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\arcsoft\mediaconverter 4 platinum\Monitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: vectorvest.com\www
DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} - hxxp://deablm.guardcctv.com:100/AVC_AX_DVR.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{F8E68292-91F9-4C77-A9B5-BBA0B6764383} : NameServer = 68.94.156.1,68.94.157.1
TCP: Interfaces\{F8E68292-91F9-4C77-A9B5-BBA0B6764383} : DhcpNameServer = 192.168.0.1 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cormact\appdata\roaming\mozilla\firefox\profiles\njucu1qh.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=137&systemid=101&sr=0&q=
FF - component: c:\program files\arcsoft\raw thumbnail viewer\firefox extension\components\FirefoxMenu.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\cormact\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-12-28 73728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-29 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-12-28 179712]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-8-11 245760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-08 14:07:03 -------- d-----w- c:\users\cormact\appdata\local\{55164C6D-1394-4DA6-91E0-572CD0C9C5EF}
2011-12-08 14:06:49 -------- d-----w- c:\users\cormact\appdata\local\{1969709F-8DDF-47F3-B8ED-EE089F0EF644}
2011-12-08 05:46:18 -------- d-----w- c:\users\cormact\appdata\local\{C7346DED-42F3-487E-BFBB-90B6BBD72E62}
2011-12-07 14:09:03 -------- d-----w- c:\users\cormact\appdata\local\{6E80117D-B576-4062-8143-FF0276E1A001}
2011-12-07 14:08:45 -------- d-----w- c:\users\cormact\appdata\local\{3DB794E7-A8A5-4C3F-9C8A-A3FFF09F938B}
2011-12-06 13:43:16 -------- d-----w- c:\users\cormact\appdata\local\{E92B7045-4FB5-4D0A-9CDB-01D2C59FB963}
2011-12-06 13:42:31 -------- d-----w- c:\users\cormact\appdata\local\{58C175EE-D401-4E59-B1E6-45172B0E55EB}
2011-12-05 14:11:56 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-12-05 14:04:09 -------- d-----w- c:\users\cormact\appdata\local\{7E1A03D8-CDCE-4463-89DB-3E6CCCC48152}
2011-12-04 15:38:59 -------- d-----w- c:\users\cormact\appdata\local\{1BF73A13-99CE-4CC0-BD48-69377A1B58D9}
2011-12-03 16:26:32 -------- d-----w- c:\users\cormact\appdata\local\{E71FE4C5-9151-4633-A36A-0C139552E50E}
2011-12-03 13:38:57 -------- d-----w- c:\users\cormact\appdata\local\{C619EDC3-A4C7-4D5C-860C-C02D3A58A579}
2011-12-03 05:08:26 -------- d-----w- c:\users\cormact\appdata\local\{DEFA6552-008D-419B-B71D-5954A1B0F84A}
2011-12-02 15:36:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 15:36:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-02 15:13:51 -------- d-----w- c:\users\cormact\appdata\local\{1505D1DE-47F9-4252-B988-B29856CE8E99}
2011-12-02 15:13:31 -------- d-----w- c:\users\cormact\appdata\local\{65BE19A2-5DF2-473C-8B0E-867B2F4CD8BC}
2011-12-02 14:50:33 -------- d-----w- c:\users\cormact\appdata\local\{16BF6E62-CEAE-4364-A007-AFE7ACA13322}
2011-12-02 06:09:19 -------- d-----w- c:\users\cormact\appdata\local\{8E553C08-EF32-463B-A550-64F8A7CF2CFD}
2011-12-01 14:10:29 -------- d-----w- c:\users\cormact\appdata\local\{ADFC74A9-B810-4EB8-8A4B-0726FE4B30C3}
2011-12-01 14:10:16 -------- d-----w- c:\users\cormact\appdata\local\{E9EFA415-BA57-4389-82D0-03DBF47FC3EF}
2011-11-30 14:05:56 -------- d-----w- c:\users\cormact\appdata\local\{A1105E6D-8B9B-4B63-9BAB-D8CE47026A5D}
2011-11-30 14:05:43 -------- d-----w- c:\users\cormact\appdata\local\{8F8CF970-C8C8-4067-B8CF-270D660EB924}
2011-11-27 23:51:34 -------- d-----w- c:\program files\Conduit
2011-11-27 23:51:33 -------- d-----w- c:\users\cormact\appdata\local\Conduit
2011-11-27 15:12:25 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-11-27 15:12:08 -------- d-----w- c:\program files\common files\xing shared
2011-11-27 15:11:57 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-11-27 15:11:52 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-11-27 15:07:28 -------- d-----w- c:\users\cormact\appdata\local\{76213600-2EF0-4B7C-921C-BD793605D7EE}
2011-11-27 15:07:16 -------- d-----w- c:\users\cormact\appdata\local\{B7A1957A-A24F-4C1D-9F9A-106BE618095D}
2011-11-26 15:44:14 -------- d-----w- c:\users\cormact\appdata\local\{26479093-9D10-4D12-B96D-9A5BC631E3A2}
2011-11-26 15:44:01 -------- d-----w- c:\users\cormact\appdata\local\{B89DA0C1-44E0-493B-9501-AE62125ED5C2}
2011-11-24 14:22:26 -------- d-----w- c:\users\cormact\appdata\local\{47127BE8-55AB-4B91-8AD2-C36D7DCB5976}
2011-11-23 12:52:24 -------- d-----w- c:\users\cormact\appdata\local\{4283794A-B278-40BF-AAF6-95061B9AFFBE}
2011-11-21 14:07:02 -------- d-----w- c:\users\cormact\appdata\local\{83C7B36B-41C2-4824-8BDB-EF1AA2844970}
2011-11-21 14:06:50 -------- d-----w- c:\users\cormact\appdata\local\{F6A20AE6-F924-4F45-89B0-799A8F4744DF}
2011-11-20 04:38:44 -------- d-----w- c:\users\cormact\appdata\roaming\sjjUUVelIBtzPyA
2011-11-20 04:38:44 -------- d-----w- c:\users\cormact\appdata\roaming\HuuvvD22obFpm5s
2011-11-20 04:38:35 -------- d-----w- c:\users\cormact\appdata\roaming\c99hhTXXqjUekBz
2011-11-20 04:27:12 -------- d-----w- c:\users\cormact\appdata\roaming\kEL8gTZqhCkVlBx
2011-11-20 04:27:12 -------- d-----w- c:\users\cormact\appdata\roaming\F0ycS1ivDoFaHsJ
2011-11-20 04:23:57 -------- d-----w- c:\users\cormact\appdata\roaming\GL9gTZqjYwIrOtP
2011-11-20 04:23:56 -------- d-----w- c:\users\cormact\appdata\roaming\lcS2ibD3pGaHsKf
2011-11-20 04:22:13 -------- d-----w- c:\users\cormact\appdata\roaming\uCelIBrzPyAu
2011-11-20 04:22:13 -------- d-----w- c:\users\cormact\appdata\roaming\AmG5sQJ6dKfZhXj
2011-11-20 04:16:40 -------- d-----w- c:\users\cormact\appdata\local\{EA66120B-781D-4B69-B9C4-9270EB496588}
2011-11-20 04:16:19 -------- d-----w- c:\users\cormact\appdata\local\{A4C7848B-BC97-42BA-B6C9-69F8FD7550FA}
2011-11-20 04:16:02 -------- d-----w- c:\users\cormact\appdata\roaming\gUVelOBtz0c1v2n
2011-11-20 04:16:02 -------- d-----w- c:\users\cormact\appdata\roaming\E4amH5sWJdLgZhX
2011-11-20 04:14:28 -------- d-----w- c:\users\cormact\appdata\roaming\FZjjYYCwk
2011-11-20 04:14:28 -------- d-----w- c:\users\cormact\appdata\roaming\D2iiDG4aQsW
2011-11-20 04:14:09 -------- d-----w- c:\users\cormact\appdata\roaming\cSSS1iivD
2011-11-20 04:14:08 -------- d-----w- c:\users\cormact\appdata\roaming\zsWWK77EE9
2011-11-20 04:14:08 -------- d-----w- c:\users\cormact\appdata\roaming\XjjYYCekIVrzNx0
2011-11-17 14:03:48 -------- d-----w- c:\users\cormact\appdata\local\{3EB08EC9-7442-47DC-8DB6-2BAA9E289FCE}
2011-11-17 14:03:30 -------- d-----w- c:\users\cormact\appdata\local\{8D36B048-E9E0-45F6-B55E-C6790A6BD50D}
2011-11-16 14:07:52 -------- d-----w- c:\users\cormact\appdata\local\{A85B6972-A44C-4B2C-92CB-974C7CE649B7}
2011-11-16 14:07:38 -------- d-----w- c:\users\cormact\appdata\local\{EA436A2F-9B90-4C34-9F59-395AF563EAEF}
2011-11-13 13:25:49 -------- d-----w- c:\users\cormact\appdata\local\{B24F2D06-67B4-4A3B-8D84-FB64C36F4DA2}
2011-11-11 14:06:21 -------- d-----w- c:\users\cormact\appdata\local\{22737F20-3825-4589-8B3E-3E082FEBD20F}
2011-11-11 14:06:09 -------- d-----w- c:\users\cormact\appdata\local\{646D9393-23E1-49C2-923C-3A92FD609293}
2011-11-11 03:41:53 -------- d-----w- c:\program files\Eltima Software
2011-11-09 15:16:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 15:12:09 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:12:09 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 15:02:51 -------- d-----w- c:\users\cormact\appdata\local\{BE2675FC-2B2B-4861-B7D0-0440D2F9E0D7}
2011-11-09 15:02:32 -------- d-----w- c:\users\cormact\appdata\local\{422B788F-33AE-4C3B-BBBB-20D4EF619660}
.
==================== Find3M ====================
.
2011-11-27 15:11:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-27 15:11:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-15 14:10:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 20:00:33.85 ===============


************************************************************************************************************

My GMER file ark.txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-08 21:09:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
Running: fnnbvoku.exe; Driver: C:\Users\cormact\AppData\Local\Temp\uwriafoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA0FA5F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA0FA5FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA0FA6080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA0FA611C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 820C1B74 1 Byte [3C]
.text ntkrnlpa.exe!KeSetEvent + 3F1 820C1B74 4 Bytes [3C, 5F, FA, A0]
.text ntkrnlpa.exe!KeSetEvent + 621 820C1DA4 8 Bytes [E4, 5F, FA, A0, 80, 60, FA, ...] {IN AL, 0x5f; CLI ; MOV AL, [0xa0fa6080]}
.text ntkrnlpa.exe!KeSetEvent + 681 820C1E04 4 Bytes [1C, 61, FA, A0]
? C:\Users\cormact\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 77114B84 5 Bytes JMP 00FF000A
.text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtWriteVirtualMemory 771154C4 5 Bytes JMP 0109000A
.text C:\Windows\system32\svchost.exe[1072] ntdll.dll!KiUserExceptionDispatcher 77115BF8 5 Bytes JMP 00FE000A
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1656] kernel32.dll!SetUnhandledExceptionFilter 76E0A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4108] USER32.dll!SetWindowLongA 7654E7CD 5 Bytes JMP 60EAC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4108] USER32.dll!SetWindowLongW 765513B4 5 Bytes JMP 60EAC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4108] USER32.dll!GetWindowInfo 7655428E 5 Bytes JMP 60C5E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4108] USER32.dll!TrackPopupMenu 765614F3 5 Bytes JMP 60C5E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4388] ntdll.dll!LdrLoadDll 770D93A8 5 Bytes JMP 60AE2EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\BTHUSB \Device\0000006d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb1240
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb1240 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB7624$\3650063859 0 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277 0 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\@ 2048 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\bckfg.tmp 851 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\cfg.ini 208 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\keywords 179 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\L 0 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\L\qnbwvoto 75264 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\U 0 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 2048 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 224768 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 1024 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 1024 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 12800 bytes
File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 98304 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\213K1WF7\b[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH058I8A\searchCA9WAQCS.htm 417 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH058I8A\searchCAEBQYMV.htm 417 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH058I8A\24905_c_clickpayz_com[3].htm 14 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH058I8A\dnserrordiagoff_webOC[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJCOUVW2\down[1] 0 bytes

---- EOF - GMER 1.0.15 ----



Once again, thank you in advance for your help.

builder4580
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top