Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer stuttering and programs won't run properly.


  • This topic is locked This topic is locked
2 replies to this topic

#1 billybuxton

billybuxton

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 26 February 2012 - 08:31 PM

Hi

I created a topic here first
My link

My computer is acting quite weird, when streaming videos or playing music it just stutters.
Also when i start my computer up it sounds like it keeps switching on and off a few times before it actually comes on
and when it eventually comes on it is a lot slower than it usually is.

Iv already done scans with
Avast
Super Anti Spyware
AVG
Malwarebytes
Spybot Search & Destroy

I'm on Windows 7
Here are the DDS and GMER logs

I appreciate any help you can give me
Thank you :thumbup2:


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by user at 23:50:12 on 2012-02-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2047.1523 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {77D0B2EA-9FB1-491C-BD40-04E2232BDD22} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~2.lnk - c:\program files\netgear\wn111v2\WN111v2.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{20DE31DE-7995-45F7-9283-2CCDEB1EA89F} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{228AC7DB-4E16-493F-A10F-DFBB1558E3C0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A4A9B5B5-1EC2-4EE0-85B2-C39A681C058D} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-2-24 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-2-24 196440]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-2-24 112984]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-24 24408]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2002-1-24 610648]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2002-1-24 337112]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2002-1-24 20696]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2002-1-24 57688]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-24 44768]
S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-2-24 131288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-23 652360]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
S3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys [2011-5-15 19456]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-23 20464]
S3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\drivers\MAudioOxygen.sys [2010-3-4 112136]
S3 RDID1046;UA-25;c:\windows\system32\drivers\Rdwm1046.sys [2012-1-17 145536]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-9 1343400]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2002-1-2 2214504]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-5-21 378472]
.
=============== Created Last 30 ================
.
2012-02-26 23:28:32 -------- d-----w- C:\avast! sandbox
2012-02-25 18:32:02 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2012-02-25 18:31:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-25 18:31:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-25 17:33:10 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d03b693d-dc93-4aa4-8958-e94ff2b76dc4}\mpengine.dll
2012-02-24 11:58:11 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-02-24 11:57:47 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-24 11:57:47 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-02-24 11:57:45 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-24 11:57:39 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-02-23 15:22:31 -------- d-----w- c:\program files\AVG
2012-02-23 15:13:46 -------- d--h--w- c:\programdata\Common Files
2012-02-23 15:13:38 -------- d-----w- c:\programdata\MFAData
2012-02-23 15:12:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-23 15:12:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-23 12:24:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 09:29:33 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-02-23 09:20:22 -------- d-----w- c:\programdata\Malwarebytes
2012-02-23 09:20:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 09:20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-23 03:08:59 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-23 03:07:30 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-23 03:07:17 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-23 03:05:48 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-22 12:17:51 -------- d-----w- c:\program files\Trend Micro
2012-02-22 08:04:45 -------- d-----w- c:\program files\IObit
2012-02-05 23:28:55 -------- d-----w- c:\program files\iZotope
2012-02-03 17:31:03 -------- d-----w- c:\program files\Outsim
2012-02-02 10:22:11 -------- d-----w- C:\Bluenoise Plugins
.
==================== Find3M ====================
.
2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:10:34 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-29 05:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 15:31:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-28 17:19:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-28 17:19:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:51:03.07 ===============




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-27 01:15:55
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6 Maxtor_6V300F0 rev.VA111630
Running: vr0rzy7i.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 828479A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 828674E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\user\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + 6 778D55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + B 778D55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + 6 778D5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + 6 778D5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + B 778D5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + 6 778D5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + B 778D5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + 6 778D5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + B 778D5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessToken + B 778D5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + 6 778D5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + B 778D5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + 6 778D5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + B 778D5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + 6 778D5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + B 778D5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadTokenEx + B 778D5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + 6 778D5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + B 778D5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryFullAttributesFile + B 778D5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + 6 778D663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + B 778D6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + 6 778D669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + B 778D66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + 6 778D69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + 6 778D69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + B 778D69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtCreateFile + 6 778D55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtCreateFile + B 778D55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtMapViewOfSection + 6 778D5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtMapViewOfSection + 6 778D5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtMapViewOfSection + B 778D5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenFile + 6 778D5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenFile + B 778D5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcess + 6 778D5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcess + B 778D5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessToken + B 778D5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessTokenEx + 6 778D5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessTokenEx + B 778D5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThread + 6 778D5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThread + B 778D5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadToken + 6 778D5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadToken + B 778D5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadTokenEx + B 778D5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryAttributesFile + 6 778D5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryAttributesFile + B 778D5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryFullAttributesFile + B 778D5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationFile + 6 778D663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationFile + B 778D6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationThread + 6 778D669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationThread + B 778D66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtUnmapViewOfSection + 6 778D69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtUnmapViewOfSection + 6 778D69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtUnmapViewOfSection + B 778D69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtCreateFile + 6 778D55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtCreateFile + B 778D55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtMapViewOfSection + 6 778D5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtMapViewOfSection + 6 778D5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtMapViewOfSection + B 778D5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenFile + 6 778D5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenFile + B 778D5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcess + 6 778D5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcess + B 778D5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessToken + B 778D5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessTokenEx + 6 778D5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessTokenEx + B 778D5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThread + 6 778D5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThread + B 778D5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadToken + 6 778D5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadToken + B 778D5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadTokenEx + B 778D5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryAttributesFile + 6 778D5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryAttributesFile + B 778D5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryFullAttributesFile + B 778D5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationFile + 6 778D663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationFile + B 778D6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationThread + 6 778D669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationThread + B 778D66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtUnmapViewOfSection + 6 778D69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtUnmapViewOfSection + 6 778D69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtUnmapViewOfSection + B 778D69C3 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \FileSystem\fastfat \Fat 81259130

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:21 AM

Posted 29 February 2012 - 11:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators...

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:21 AM

Posted 06 March 2012 - 11:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users