Dieseldave

Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.16.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 owner :: SKULL [administrator] 9/16/2012 4:19:12 PM mbam-log-2012-09-16 (16-19-12).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 398828 Time elapsed: 1 hour(s), 19 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\System Volume Information\_restore{65C06EA8-4E62-4E8A-8B9A-A8BE0C4B1B74}\RP441\A0238236.EXE (PUP.Tool) -> Quarantined and deleted successfully. C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\35\3952a8a3-12c03353 (Trojan.Reza) -> Quarantined and deleted successfully. (end)

the TDSS killer log is to long to copy and past in a post I am sending it as attacchtment TDSSKiller.2.8.8.0_16.09.2012_16.07.45_log.txt

Object reference not set to an instance of an object. Object reference not set to an instance of an object. User initialised redundant data purge. ...................... Removed registry subkey tree: JavaPlugin.160_31 Removed registry subkey: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} Removed registry subkey: 0357E4991DA5FF14F9615B3412062B06 Removed registry subkey: 0357E4991DA5FF14F9615B3612062B06 Removal routine completed successfully. 4 items have been deleted. Object reference not set to an instance of an object. Object reference not set to an instance of an object. User initialised redundant data purge. ...................... Removal routine completed successfully. 4 items have been deleted. JavaRa 2.0 loaded without incident. Checking system... User initialised redundant data purge. ...................... Removal routine completed successfully. 0 items have been deleted. JavaRa 2.0 loaded without incident. Checking system... User initialised redundant data purge. ...................... Cleanup routine completed successfully. 0 items have been deleted.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-16 13:34:31 ----------------------------- 13:34:31.234 OS Version: Windows 5.1.2600 Service Pack 3 13:34:31.234 Number of processors: 4 586 0xF07 13:34:31.234 ComputerName: SKULL UserName: owner 13:34:33.937 Initialize success 13:43:37.718 AVAST engine defs: 12091400 13:44:03.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts3Port4Path1Target1Lun0 13:44:03.546 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3 13:44:03.593 Disk 0 MBR read successfully 13:44:03.593 Disk 0 MBR scan 13:44:03.656 Disk 0 Windows XP default MBR code 13:44:03.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63 13:44:03.656 Disk 0 scanning sectors +976768065 13:44:03.734 Disk 0 scanning C:\WINDOWS\system32\drivers 13:44:12.078 Service scanning 13:44:22.859 Modules scanning 13:44:26.453 Disk 0 trace - called modules: 13:44:26.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk11F.tmp hal.dll SCSIPORT.SYS nvgts.sys 13:44:26.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a524ab8] 13:44:26.812 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a56d920] 13:44:26.812 5 tsk11F.tmp[b7f51620] -> nt!IofCallDriver -> \Device\Scsi\nvgts3Port4Path1Target1Lun0[0x8a56da38] 13:44:28.062 AVAST engine scan C:\WINDOWS 13:44:39.593 AVAST engine scan C:\WINDOWS\system32 13:47:30.109 AVAST engine scan C:\WINDOWS\system32\drivers 13:47:52.500 AVAST engine scan C:\Documents and Settings\owner 13:48:11.640 File: C:\Documents and Settings\owner\Application Data\crdrf.dll **INFECTED** Win32:Medfos [Trj] 13:48:38.484 File: C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\35\3952a8a3-12c03353 **INFECTED** Win32:Karagany-KH [Trj] 13:49:34.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\owner\Desktop\recent stuff\MBR.dat" 13:49:34.796 The log file has been saved successfully to "C:\Documents and Settings\owner\Desktop\recent stuff\aswMBR.txt" . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/19/2010 9:19:50 AM System Uptime: 9/16/2012 8:32:57 AM (6 hours ago) . Motherboard: EVGA | | 122-CK-NF68 Processor: Intel® Core2 Quad CPU @ 2.40GHz | Socket 775 | 2399/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 367.419 GiB free. E: is Removable F: is Removable G: is Removable H: is CDROM () I: is CDROM () J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Gigabyte GN-WP01GS PCI WLAN Card(Turbo) Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&1A82106&0&5078 Manufacturer: Gigabyte Technology Corp. Name: Gigabyte GN-WP01GS PCI WLAN Card(Turbo) PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&1A82106&0&5078 Service: RT61 . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&575C2CF&0&00 Manufacturer: NVIDIA Name: NVIDIA nForce 10/100/1000 Mbps Ethernet PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&575C2CF&0&00 Service: NVENETFD . ==== System Restore Points =================== . RP405: 6/23/2012 12:00:08 PM - System Checkpoint RP406: 6/24/2012 1:14:35 PM - System Checkpoint RP407: 6/26/2012 6:52:41 PM - System Checkpoint RP408: 6/27/2012 7:23:29 PM - System Checkpoint RP409: 6/29/2012 7:33:12 PM - System Checkpoint RP410: 7/1/2012 7:52:13 AM - System Checkpoint RP411: 7/4/2012 2:44:56 PM - System Checkpoint RP412: 7/6/2012 6:37:27 PM - System Checkpoint RP413: 7/7/2012 6:43:55 PM - System Checkpoint RP414: 7/8/2012 7:49:11 PM - System Checkpoint RP415: 7/10/2012 7:18:03 PM - System Checkpoint RP416: 7/11/2012 7:38:10 PM - System Checkpoint RP417: 7/12/2012 8:41:13 PM - System Checkpoint RP418: 7/13/2012 10:02:37 PM - System Checkpoint RP419: 7/14/2012 10:55:10 PM - System Checkpoint RP420: 7/17/2012 8:23:06 PM - System Checkpoint RP421: 7/18/2012 8:44:56 PM - System Checkpoint RP422: 7/19/2012 8:49:51 PM - System Checkpoint RP423: 7/20/2012 9:00:46 PM - System Checkpoint RP424: 7/21/2012 9:45:18 PM - System Checkpoint RP425: 7/25/2012 6:23:51 PM - System Checkpoint RP426: 7/26/2012 7:54:47 PM - System Checkpoint RP427: 7/28/2012 6:03:33 PM - System Checkpoint RP428: 7/29/2012 6:30:18 PM - System Checkpoint RP429: 7/30/2012 7:08:29 PM - System Checkpoint RP430: 7/31/2012 7:21:41 PM - System Checkpoint RP431: 8/1/2012 7:35:50 PM - System Checkpoint RP432: 8/2/2012 8:31:13 PM - System Checkpoint RP433: 8/3/2012 9:03:40 PM - System Checkpoint RP434: 8/4/2012 9:43:04 PM - System Checkpoint RP435: 8/8/2012 8:35:13 PM - System Checkpoint RP436: 8/10/2012 11:13:26 PM - System Checkpoint RP437: 8/12/2012 7:54:43 AM - System Checkpoint RP438: 8/14/2012 7:39:34 PM - System Checkpoint RP439: 8/16/2012 7:10:59 PM - System Checkpoint RP440: 8/18/2012 3:21:58 PM - Installed AVG 2012 RP441: 8/18/2012 3:22:15 PM - Installed AVG 2012 RP442: 8/18/2012 8:15:15 PM - Installed Far Cry Demo 2 RP443: 8/19/2012 8:23:04 PM - System Checkpoint RP444: 8/23/2012 7:01:19 PM - System Checkpoint RP445: 8/24/2012 7:48:51 PM - System Checkpoint RP446: 8/25/2012 7:57:44 PM - System Checkpoint RP447: 8/28/2012 5:24:48 PM - System Checkpoint RP448: 9/2/2012 12:29:16 PM - System Checkpoint RP449: 9/3/2012 1:34:10 PM - System Checkpoint RP450: 9/4/2012 7:40:25 PM - System Checkpoint RP451: 9/7/2012 6:52:34 PM - System Checkpoint RP452: 9/9/2012 8:05:22 AM - System Checkpoint RP453: 9/11/2012 7:58:06 PM - System Checkpoint RP454: 9/14/2012 7:25:34 PM - System Checkpoint RP455: 9/15/2012 1:30:27 PM - Removed AVG 2012 RP456: 9/15/2012 1:31:35 PM - Removed AVG 2012 RP457: 9/16/2012 7:33:23 AM - Removed ABBYY FineReader 6.0 Sprint RP458: 9/16/2012 7:56:28 AM - Installed Windows Defender RP459: 9/16/2012 7:59:18 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . 18 Wheels of Steel Haulin 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Adobe Shockwave Player 11.5 Adobe SVG Viewer 3.0 Army Men Cross Fire En Dell Driver Download Manager Far Cry Demo 2 Ford Racing 3 FriendFinder Messenger v4.1 Get Tiffany Gigabyte GN-WP01GS Grand Theft Auto IV Grand Theft Auto Vice City Grand Theft Auto: Episodes From Liberty City GTA San Andreas GTAIII Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP Photo Creations HP Update IC4 Interface Device by SU Enterprise, Inc. IDS Image Plugin Java Auto Updater Java 6 Update 31 Lexmark Printable Web Lexmark S300-S400 Series Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 97, Professional Edition Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB973686) NVIDIA Display Control Panel NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA nView Desktop Manager NVIDIA PhysX Puma Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) SpeedFan (remove only) Spybot - Search & Destroy TeamSpeak 2 RC2 Teradyne Wireless Card The Lord of the Rings Online™ v03.02.03.8013 TTI Trailers Skins Pack TTI Trucks and Trailers Skins Pack Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 Ventrilo Client WebFldrs XP Windows Defender Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 9/16/2012 8:35:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp nvata nvatabus 9/16/2012 1:47:38 PM, error: nvgts [9] - The device, \Device\Scsi\nvgts3, did not respond within the timeout period. 9/16/2012 1:47:38 PM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts3. 9/15/2012 1:31:27 PM, error: Service Control Manager [7000] - The avgtp service failed to start due to the following error: The specified driver is invalid. 9/11/2012 7:33:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 9/11/2012 6:43:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp 9/11/2012 6:43:45 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 9/11/2012 6:43:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService service to connect. 9/11/2012 6:43:45 PM, error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/11/2012 6:43:45 PM, error: Service Control Manager [7000] - The 5619 service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by owner at 14:01:22 on 2012-09-16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1121 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxeacoms.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\PnkBstrA.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe C:\Program Files\Lexmark S300-S400 Series\ezprint.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - No File BHO: TM_BHO Class: {60ec89b7-367d-402b-8c55-30faeb32a705} - c:\program files\ford motor company\ids\runtime\TMCtrlBHO.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [TDSReanimator] "c:\program files\common files\teradyne\TDSReanimator.exe" mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe" mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [crdrf] "c:\windows\system32\rundll32.exe" "c:\documents and settings\owner\application data\crdrf.dll",ToContiguous mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide StartupFolder: c:\docume~1\owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\owner\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\ford motor company\ids\runtime\DeviceManager.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gn-wp0~1.lnk - c:\program files\gigabyte\gigabyte wp01gs wireless pci adapter softap\installer\winxp\RaUI.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: %SYSTEMROOT%\system32\nvLsp.dll Trusted Zone: yahoo.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345319533534 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292781541281 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://webdeploy.teradyne-ds.com/webdeploy/Wireless_11.2.0/setup.ocx DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4FF69FB5-376C-460A-AD7F-B6C3AED6C54C} : DhcpNameServer = 192.168.1.1 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll . ============= SERVICES / DRIVERS =============== . R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 TDSNetSetup;TDSNetSetup;c:\program files\common files\teradyne\TDSNetSetup.exe [2011-3-22 17920] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-16 40776] R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [2008-2-12 1670016] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-18 27496] S2 5619;5619;\??\c:\docume~1\owner\locals~1\temp\5619.sys --> c:\docume~1\owner\locals~1\temp\5619.sys [?] S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-5-16 193192] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-16 35144] S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2006-5-10 22016] S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?] S3 XDva398;XDva398;\??\c:\windows\system32\xdva398.sys --> c:\windows\system32\XDva398.sys [?] S3 XDva399;XDva399;\??\c:\windows\system32\xdva399.sys --> c:\windows\system32\XDva399.sys [?] . =============== Created Last 30 ================ . 2012-09-16 17:50:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-16 14:28:09 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9b1a7bd7-edc5-4a98-9701-d87aa1e07b5b}\offreg.dll 2012-09-16 13:31:28 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-16 13:12:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-09-16 12:59:24 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll 2012-09-16 12:59:21 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9b1a7bd7-edc5-4a98-9701-d87aa1e07b5b}\mpengine.dll 2012-09-16 12:59:20 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-09-16 12:33:30 -------- d-----w- c:\windows\system32\appmgmt 2012-09-15 18:31:36 -------- d-----w- c:\documents and settings\owner\application data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D} 2012-08-18 22:52:25 -------- d-sh--w- c:\documents and settings\owner\IECompatCache 2012-08-18 20:25:10 -------- d-----w- c:\documents and settings\owner\application data\AVG2012 2012-08-18 20:24:46 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search 2012-08-18 20:24:39 -------- d-----w- c:\documents and settings\owner\application data\AVG Secure Search 2012-08-18 20:24:38 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-18 20:24:37 -------- d-----w- c:\program files\common files\AVG Secure Search 2012-08-18 20:24:37 -------- d-----w- c:\program files\AVG Secure Search 2012-08-18 20:21:58 -------- d-----w- c:\program files\AVG 2012-08-18 20:12:33 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2012-08-18 20:12:33 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2012-08-18 20:04:29 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-08-18 18:33:45 -------- d-----w- c:\program files\Yontoo 2012-08-18 18:33:43 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer . ==================== Find3M ==================== . 2012-09-16 13:33:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 23:42:24 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-21 23:42:23 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-07 23:23:49 371712 ----a-w- c:\documents and settings\owner\application data\crdrf.dll 2012-07-27 23:56:16 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2012-06-28 02:17:05 139136 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-06-28 02:16:56 233920 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-06-28 02:16:56 233920 ----a-w- c:\windows\system32\PnkBstrB.exe . ============= FINISH: 14:02:17.12 =============== Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.16.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 owner :: SKULL [administrator] 9/16/2012 12:51:54 PM mbam-log-2012-09-16 (13-31-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 274715 Time elapsed: 34 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken. Registry Values Detected: 1 HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 4290b82d4017c5d31ef2aabc7ded302c -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\owner\Local Settings\Temp\install_0_msi.exe (Backdoor.Agent.RC2Gen) -> No action taken. C:\Documents and Settings\owner\Local Settings\Temp\install_1_msi.exe (Trojan.Sirefef) -> No action taken. C:\WINDOWS\Installer\{d74cfbfb-0c05-d728-f3fd-0a24268dca5f}\U\80000000.@ (Trojan.Small) -> No action taken. (end)

forgot this one mbam-log-2012-09-16 (13-31-00).txt

forgot this one

here are the files as requested aswMBR.txt attach.txt dds.txt

I ran dds as instructed too by the messages here are the logs dds.txt attach.txt