Infected, need help, possible rootkit?

[jasoncl]

Here is a post that is similar to mine but not exactly the same. I woke up this morning and my computer had rebooted for no apparent reason. I'm running Win 7 home premium. My desktop is blank (no icons) and the start menu is basically empty. I already had malwarebytes installed but couldn't find it to run it. I re-downloaded mbam and after renaming it I finally got it to install. I was able to run it once and after about 5 seconds it shut down and gave me the same error as the post I mentioned:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I can no longer run mbam, I was able to run dds (logs below). GMER will not run either. I think I've done everything I can with reference to the post and the "I'm infected..." thread. I thought I should get some guidance before running Combo-Fix or anything else. I would appreciate any help. Here is the dds.txt log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Home at 10:30:06 on 2011-09-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2558.1092 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\3144738523:605654852.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\SageTV\SageTV\ComskipMonitor\data\wrapper.exe

C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\XSrvSetup.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Prio\prio_svc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskeng.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Windows\system32\conhost.exe

C:\Program Files\SpeedFan\speedfan.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\SageTV\SageTV\SageTV.exe

C:\Program Files\SageTV\SageTV\SageTV.exe

C:\Users\Home\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\SageTV\SageTV\comskip\comskip.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2548838

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll

uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll

mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll

BHO: adfabonppr Object: {26d02f99-ae5b-4533-ad67-e23b4b20d60d} - c:\windows\$blstun$\qgnnv.dll

BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll

BHO: brumabonpgrm Object: {795f4311-02c9-4b7b-a9bb-78d4fe68a98d} - c:\windows\$blstun$\lmatn.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll

uRun: [HotSwap! Applet] "c:\program files\hotswap\HotSwap!.EXE"

uRun: [sageTV] "c:\program files\sagetv\sagetv\SageTV.exe" -startup

uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [MusicManager] "c:\users\home\appdata\local\programs\google\musicmanager\MusicManager.exe"

uRun: [update] c:\windows\temp\update\Updateupdt32.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

dRun: [ujhQbNTJwO.exe] c:\programdata\UjhQbNTJwO.exe

dRun: [MicrosoftPolicyNotifier] rundll32.exe "c:\programdata\MicrosoftPolicyNotifier.dll",DllRegisterServer

dRun: [update] c:\windows\temp\update\Updateupdt32.exe

StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\tversi~1.lnk - c:\programdata\tversity\media server\web\admin\TVersity.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableTaskMgr = 1 (0x1)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BA7D41E3-12E4-4786-BD20-E367D16E42BC} : DhcpNameServer = 192.168.0.1

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: prio.dll

mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\25tuw963.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?hl=en&shva=1#inbox|http://movies.netflix.com/Queue?lnkctr=mhbque&qtype=DD|http://twitter.com/|https://plus.google.com/u/0/stream/circles/p5927ec4c883cf982?gpinv=AGXbFGwqNwYVbFFzbGMVBzK2G7F6As90WrXFAiKFlW50L66CcNM3nEN9YqV4DGmnhKJ7FT9Rvy19haGWrXitJLQkR62pYTXu56z_NYy-NpiER0pAwRwO0R0&hl=en

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&q=

FF - component: c:\users\home\appdata\roaming\mozilla\firefox\profiles\25tuw963.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\users\home\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

R1 prio;prio;c:\windows\system32\drivers\prio.sys [2010-5-5 51408]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\lsoft technologies inc\active@ hard disk monitor\DiskMonitorService.exe [2010-5-20 1127944]

R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-5-20 219360]

R2 CSM;Comskip Monitor;c:\program files\sagetv\sagetv\comskipmonitor\data\wrapper.exe [2010-4-9 180224]

R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-5-20 68136]

R2 JMB36X;JMB36X;c:\windows\system32\XSrvSetup.exe [2010-5-20 65536]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-4 584488]

R2 prio_svc;Prio Service;c:\program files\prio\prio_svc.exe [2010-5-5 5120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]

R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2011-4-3 706304]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-20 189440]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-25 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-29 29472]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-10 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-10 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-25 136176]

S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVS~1.EXE [2010-4-11 815104]

S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr61.sys [2009-6-2 368128]

S3 SageTV;SageTV;c:\program files\sagetv\sagetv\SageTVService.exe [2010-11-2 1110016]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-20 1343400]

.

=============== Created Last 30 ================

.

2011-09-24 14:16:36 -------- d-----w- C:\TDSSKiller_Quarantine

2011-09-24 13:57:43 -------- d-----w- c:\program files\god help me please

2011-09-24 06:07:02 98304 ----a-w- c:\programdata\MicrosoftPolicyNotifier.dll

2011-09-24 04:28:22 -------- d--h--w- c:\windows\$BLSTUN$

2011-09-24 04:28:21 453632 ---ha-w- c:\programdata\UjhQbNTJwO.exe

2011-09-24 04:28:16 -------- d--h--w- c:\programdata\WSTB

2011-09-23 07:28:49 56200 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{80363db2-0488-4070-b738-6786eeabeb01}\offreg.dll

2011-09-23 07:28:43 7269712 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{80363db2-0488-4070-b738-6786eeabeb01}\mpengine.dll

2011-09-09 01:44:24 439632 ---h--w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ce1a3ec5-3fb3-4dd9-806f-268ccc382070}\gapaengine.dll

.

==================== Find3M ====================

.

2011-09-24 14:25:40 17488 ----a-w- c:\windows\gdrv.sys

2011-09-24 13:58:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 16:20:40 152576 ---ha-w- c:\windows\system32\msclmd.dll

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 23:52:42 22712 ---ha-w- c:\windows\system32\drivers\mbam.sys

2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll

.

============= FINISH: 10:30:46.28 ===============

forget it. computer can't even boot into windows anymore. have to reinstall windows. 24 hours and not 1 reply. i'm glad the software is more helpful than the forum.

[screen317]

We apologize that we could not meet your request for immediate free help. We do help hundreds every day.