Malware attacking computer n.2

Hello!
I have the same problem of the user who wrote this topic: http://forum.avast.com/index.php?topic=66698.0
I have followed all the instructions essexboy posted, but every time I try to run combofix my computer automatically reboots after a blue screen. What should I do?
Thank you in advance!

P.s. Sorry for bad English but I’m Italian!

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:
     1. DDS.txt
     2. Attach.txt

Save both reports to your desktop. Post DDS.txt back to topic.

This is Attach.txt

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume2 Install Date: 13/03/2010 18:47:00 System Uptime: 17/03/2011 12:04:24 (0 hours ago) . Motherboard: Acer | | DOTS Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1600/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 221 GiB total, 178,961 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP246: 04/02/2011 20:09:00 - Windows Update RP247: 10/02/2011 08:07:02 - Windows Update RP248: 11/02/2011 15:04:20 - Windows Update RP249: 12/02/2011 00:44:45 - Windows Update RP250: 15/02/2011 23:40:00 - Windows Update RP251: 18/02/2011 22:10:56 - Windows Update RP252: 22/02/2011 18:12:21 - Windows Update RP253: 24/02/2011 17:06:12 - Windows Update RP254: 25/02/2011 20:49:42 - Windows Update RP255: 01/03/2011 16:10:57 - Windows Update RP256: 04/03/2011 09:01:58 - Windows Update RP257: 08/03/2011 21:44:55 - Windows Update RP258: 09/03/2011 19:13:27 - Windows Update RP259: 11/03/2011 00:26:58 - Windows Update RP260: 11/03/2011 19:18:54 - Windows Update RP261: 15/03/2011 20:38:24 - Windows Update . ==== Installed Programs ====================== . 2007 Microsoft Office Suite Service Pack 2 (SP2) Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop Elements 7.0 Adobe Reader 9.1 MUI Adobe Shockwave Player 11.5 Alice Greenfingers Amazonia Assistente per l'accesso a Windows Live Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver avast! Free Antivirus Bandoo Burraconline CLIENT CAF Manager (Versione 5.0) Chicken Invaders 2 CUD 2010 Dairy Dash Dream Day First Home eBay Worldwide F23 Farm Frenzy 2 FAT.2010 First Class Flurry Free Mp3 Wma Converter V 1.91 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Granny In Paradise Heroes of Hellas Identity Card Intel(R) Graphics Media Accelerator Driver Intel® Matrix Storage Manager IRE 2010 Java Auto Updater Java(TM) 6 Update 18 Junk Mail filter update Launch Manager Live Connect Live Message 2010 Live Scan 2010 Live Upgrade Malwarebytes' Anti-Malware Merriam Websters Spell Jam Metaboli Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) Microsoft .NET Framework 4 Client Profile ITA Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Italian) 2007 Microsoft Office Excel 2007 Help - Aggiornamento (KB963678) Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (Italian) 2007 Microsoft Office Groove MUI (Italian) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (Italian) 2007 Microsoft Office Language Pack 2007 - Italian/Italiano Microsoft Office O MUI (Italian) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (Italian) 2007 Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677) Microsoft Office Outlook MUI (Italian) 2007 Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669) Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (Italian) 2007 Microsoft Office PowerPoint Viewer 2007 (Italian) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (Italian) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Italian) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (Italian) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) Microsoft Office SharePoint Designer MUI (Italian) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word 2007 Help - Aggiornamento (KB963665) Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (Italian) 2007 Microsoft Office X MUI (Italian) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Modello 730 2010 Modello 77S 2010 Modello F24 Modello ICI 2010 Modello ISEE 2010 Mozilla Firefox (3.6.15) MSVCRT NAR Norton Online Backup OGA Notifier 2.0.0048.0 Pacchetto di compatibilità per Office System 2007 Packard Bell GameZone Console Packard Bell InfoCentre Packard Bell Power Management Packard Bell Recovery Management Packard Bell Registration Packard Bell ScreenSaver Packard Bell Updater Packard Bell XSync People's Poker Pro Privacy196 Raccolta foto di Windows Live Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skype Toolbars Skype™ 5.0 Strumento di caricamento di Windows Live Successioni Synaptics Pointing Device Driver Tabelle TFS Tabelle UIC Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Veetle TV 0.9.17 Video Web Camera Voltura 1.0 Welcome Center Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer Windows Media Player Firefox Plugin WinRAR gestione archivi . ==== End Of File ===========================

And this is DDS.txt

. DDS (Ver_11-03-05.01) - NTFSx86 Run by Lilla at 12:48:42,88 on 17/03/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Starter 6.1.7600.0.1252.39.1040.18.1014.393 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Packard Bell\Registration\GregHSRW.exe C:\Program Files\VideoWebCamera\VideoWebCamera.exe C:\Windows\PLFSetI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe C:\Program Files\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe C:\PROGRA~1\Bandoo\Bandoo.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Users\Lilla\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dots&r=27b503106905l0354ww75f48226217 uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dots&r=27b503106905l0354ww75f48226217 mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dots&r=27b503106905l0354ww75f48226217 mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dots&r=27b503106905l0354ww75f48226217 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Google Update] "c:\users\lilla\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [Acer ePower Management] c:\program files\packard bell\packard bell power management\ePowerTray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED mRun: [LManager] c:\program files\launch manager\LManager.exe mRun: [VideoWebCamera] "c:\program files\videowebcamera\VideoWebCamera.exe" -a mRun: [PLFSetI] c:\windows\PLFSetI.exe mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [OMEA] "c:\program files\packardbellxsync\deployment\functions\{aa58f999-6d97-42c2-a69f-8cc04d18d944}\OMEA.exe" mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\lilla\appdata\roaming\mozilla\firefox\profiles\gmrev7ie.default\ FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\lilla\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

This is the second part of DDS.txt

. ============= SERVICES / DRIVERS =============== . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-13 162640] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-13 19024] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-13 51792] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-13 40384] R2 ePowerSvc;Acer ePower Service;c:\program files\packard bell\packard bell power management\ePowerSvc.exe [2009-10-29 727584] R2 Greg_Service;GRegService;c:\program files\packard bell\registration\GregHSRW.exe [2009-8-28 1150496] R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\packard bell gamezone\gameconsole\OberonGameConsoleService.exe [2009-10-29 44312] R2 Updater Service;Updater Service;c:\program files\packard bell\packard bell updater\UpdaterService.exe [2009-10-29 240160] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-13 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-13 40384] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-29 51712] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664] S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-16 38224] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-29 167424] . =============== Created Last 30 ================ . 2011-03-17 10:32:13 -------- d-----w- C:\_OTL 2011-03-16 14:46:26 117248 ----a-w- c:\program files\windows media player\run.exe 2011-03-16 09:08:48 -------- d-----w- c:\users\lilla\appdata\roaming\Malwarebytes 2011-03-16 09:07:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-16 09:07:25 -------- d-----w- c:\progra~2\Malwarebytes 2011-03-16 09:07:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-16 09:07:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-16 08:48:53 -------- d-----w- c:\users\lilla\appdata\roaming\A06A08D0BA585C1EFC941AC3320BE239 2011-03-15 19:39:37 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{fd27d436-3fe4-4a1c-aea3-a5af55005789}\mpengine.dll 2011-03-08 20:48:53 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-03-08 20:48:53 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-03-08 20:48:52 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-03-08 20:48:47 642048 ----a-w- c:\windows\system32\CPFilters.dll 2011-03-08 20:48:46 534528 ----a-w- c:\windows\system32\EncDec.dll 2011-03-08 20:48:45 850432 ----a-w- c:\windows\system32\sbe.dll 2011-03-08 20:48:45 199680 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-08 20:48:41 2690560 ----a-w- c:\windows\system32\mstscax.dll 2011-03-08 20:48:40 1034240 ----a-w- c:\windows\system32\mstsc.exe 2011-03-07 13:37:51 84897128 ----a-w- c:\program files\common files\windows live\.cache\wlc235A.tmp 2011-03-02 18:12:53 -------- d-----w- c:\windows\system32\Adobe 2011-02-24 16:08:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-23 16:01:14 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-23 16:01:13 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll . ==================== Find3M ==================== . 2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-02 13:31:16 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys 2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll 2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll 2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll 2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec 2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: Hitachi_ rev.PB2O -> Harddisk0\DR0 -> \Device\Ide\iaStor0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85179439]< \Device\Harddisk0\DR0[0x851597E8] 3 CLASSPNP[0x8778859E] -> nt!IofCallDriver[0x81C3CED0] -> [0x8476B388] 5 ACPI[0x86E423B2] -> nt!IofCallDriver[0x81C3CED0] -> \IAAStorageDevice-0[0x84716028] \Driver\iaStor[0x8515FB98] -> IRP_MJ_CREATE -> 0x85179439 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS545025B9A300_________________PB2OC60F#4&6447340&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! sectors 488397166 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 12:51:20,89 ===============
[/quote]

To avoid multiple post with copy and paste…

Lower left corner > additional options > attach

Download aswMBR.exe to your desktop

http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it

Click the “Scan” button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

(Thanks Pondus)

Ok …

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button

Save the log as before and post in your next reply

your Java is outdated, you have 18, latest is 24
http://www.java.com/en/download/index.jsp

When the machine is cleaned, run secunia online scan to check for outdated software,
http://secunia.com/vulnerability_scanning/online/

Here you are

Please reboot your computer then follow these instructions:

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

Run ComboFix.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Post log reports ( ComboFix.txt) back to topic.

This is the report

Open notepad and copy/paste the text present inside the code box below:

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

FileLook::
c:\program files\Windows Media Player\run.exe

DDS::
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dots&r=27b503106905l0354ww75f48226217
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dots&r=27b503106905l0354ww75f48226217

Save this as CFScript.

http://img213.imageshack.us/img213/1218/cfscript1.gif

Drag CFScript.txt into Combofix.exe. ComboFix will re-run.

When finished, it will produce a log for you.
Copy/paste the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

Here’s the report.

Now is all right

It is necessary to uninstall Combofix

Start >> Run (search)

Combofix /Uninstall

Enter

Yeah! It seems ok now.
Thanks a lot, you were great! ;D