-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Dieseldave
-
-
the TDSS killer log is to long to copy and past in a post I am sending it as attacchtment
-
Object reference not set to an instance of an object.
Object reference not set to an instance of an object.
User initialised redundant data purge.
......................
Removed registry subkey tree: JavaPlugin.160_31
Removed registry subkey: {08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Removed registry subkey: 0357E4991DA5FF14F9615B3412062B06
Removed registry subkey: 0357E4991DA5FF14F9615B3612062B06
Removal routine completed successfully. 4 items have been deleted.
Object reference not set to an instance of an object.
Object reference not set to an instance of an object.
User initialised redundant data purge.
......................
Removal routine completed successfully. 4 items have been deleted.
JavaRa 2.0 loaded without incident. Checking system...
User initialised redundant data purge.
......................
Removal routine completed successfully. 0 items have been deleted.
JavaRa 2.0 loaded without incident. Checking system...
User initialised redundant data purge.
......................
Cleanup routine completed successfully. 0 items have been deleted.
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-16 13:34:31
-----------------------------
13:34:31.234 OS Version: Windows 5.1.2600 Service Pack 3
13:34:31.234 Number of processors: 4 586 0xF07
13:34:31.234 ComputerName: SKULL UserName: owner
13:34:33.937 Initialize success
13:43:37.718 AVAST engine defs: 12091400
13:44:03.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts3Port4Path1Target1Lun0
13:44:03.546 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
13:44:03.593 Disk 0 MBR read successfully
13:44:03.593 Disk 0 MBR scan
13:44:03.656 Disk 0 Windows XP default MBR code
13:44:03.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
13:44:03.656 Disk 0 scanning sectors +976768065
13:44:03.734 Disk 0 scanning C:\WINDOWS\system32\drivers
13:44:12.078 Service scanning
13:44:22.859 Modules scanning
13:44:26.453 Disk 0 trace - called modules:
13:44:26.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk11F.tmp hal.dll SCSIPORT.SYS nvgts.sys
13:44:26.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a524ab8]
13:44:26.812 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a56d920]
13:44:26.812 5 tsk11F.tmp[b7f51620] -> nt!IofCallDriver -> \Device\Scsi\nvgts3Port4Path1Target1Lun0[0x8a56da38]
13:44:28.062 AVAST engine scan C:\WINDOWS
13:44:39.593 AVAST engine scan C:\WINDOWS\system32
13:47:30.109 AVAST engine scan C:\WINDOWS\system32\drivers
13:47:52.500 AVAST engine scan C:\Documents and Settings\owner
13:48:11.640 File: C:\Documents and Settings\owner\Application Data\crdrf.dll **INFECTED** Win32:Medfos [Trj]
13:48:38.484 File: C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\35\3952a8a3-12c03353 **INFECTED** Win32:Karagany-KH [Trj]
13:49:34.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\owner\Desktop\recent stuff\MBR.dat"
13:49:34.796 The log file has been saved successfully to "C:\Documents and Settings\owner\Desktop\recent stuff\aswMBR.txt"
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2010 9:19:50 AM
System Uptime: 9/16/2012 8:32:57 AM (6 hours ago)
.
Motherboard: EVGA | | 122-CK-NF68
Processor: Intel® Core2 Quad CPU @ 2.40GHz | Socket 775 | 2399/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 367.419 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Gigabyte GN-WP01GS PCI WLAN Card(Turbo)
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&1A82106&0&5078
Manufacturer: Gigabyte Technology Corp.
Name: Gigabyte GN-WP01GS PCI WLAN Card(Turbo)
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&1A82106&0&5078
Service: RT61
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&575C2CF&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100/1000 Mbps Ethernet
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&575C2CF&0&00
Service: NVENETFD
.
==== System Restore Points ===================
.
RP405: 6/23/2012 12:00:08 PM - System Checkpoint
RP406: 6/24/2012 1:14:35 PM - System Checkpoint
RP407: 6/26/2012 6:52:41 PM - System Checkpoint
RP408: 6/27/2012 7:23:29 PM - System Checkpoint
RP409: 6/29/2012 7:33:12 PM - System Checkpoint
RP410: 7/1/2012 7:52:13 AM - System Checkpoint
RP411: 7/4/2012 2:44:56 PM - System Checkpoint
RP412: 7/6/2012 6:37:27 PM - System Checkpoint
RP413: 7/7/2012 6:43:55 PM - System Checkpoint
RP414: 7/8/2012 7:49:11 PM - System Checkpoint
RP415: 7/10/2012 7:18:03 PM - System Checkpoint
RP416: 7/11/2012 7:38:10 PM - System Checkpoint
RP417: 7/12/2012 8:41:13 PM - System Checkpoint
RP418: 7/13/2012 10:02:37 PM - System Checkpoint
RP419: 7/14/2012 10:55:10 PM - System Checkpoint
RP420: 7/17/2012 8:23:06 PM - System Checkpoint
RP421: 7/18/2012 8:44:56 PM - System Checkpoint
RP422: 7/19/2012 8:49:51 PM - System Checkpoint
RP423: 7/20/2012 9:00:46 PM - System Checkpoint
RP424: 7/21/2012 9:45:18 PM - System Checkpoint
RP425: 7/25/2012 6:23:51 PM - System Checkpoint
RP426: 7/26/2012 7:54:47 PM - System Checkpoint
RP427: 7/28/2012 6:03:33 PM - System Checkpoint
RP428: 7/29/2012 6:30:18 PM - System Checkpoint
RP429: 7/30/2012 7:08:29 PM - System Checkpoint
RP430: 7/31/2012 7:21:41 PM - System Checkpoint
RP431: 8/1/2012 7:35:50 PM - System Checkpoint
RP432: 8/2/2012 8:31:13 PM - System Checkpoint
RP433: 8/3/2012 9:03:40 PM - System Checkpoint
RP434: 8/4/2012 9:43:04 PM - System Checkpoint
RP435: 8/8/2012 8:35:13 PM - System Checkpoint
RP436: 8/10/2012 11:13:26 PM - System Checkpoint
RP437: 8/12/2012 7:54:43 AM - System Checkpoint
RP438: 8/14/2012 7:39:34 PM - System Checkpoint
RP439: 8/16/2012 7:10:59 PM - System Checkpoint
RP440: 8/18/2012 3:21:58 PM - Installed AVG 2012
RP441: 8/18/2012 3:22:15 PM - Installed AVG 2012
RP442: 8/18/2012 8:15:15 PM - Installed Far Cry Demo 2
RP443: 8/19/2012 8:23:04 PM - System Checkpoint
RP444: 8/23/2012 7:01:19 PM - System Checkpoint
RP445: 8/24/2012 7:48:51 PM - System Checkpoint
RP446: 8/25/2012 7:57:44 PM - System Checkpoint
RP447: 8/28/2012 5:24:48 PM - System Checkpoint
RP448: 9/2/2012 12:29:16 PM - System Checkpoint
RP449: 9/3/2012 1:34:10 PM - System Checkpoint
RP450: 9/4/2012 7:40:25 PM - System Checkpoint
RP451: 9/7/2012 6:52:34 PM - System Checkpoint
RP452: 9/9/2012 8:05:22 AM - System Checkpoint
RP453: 9/11/2012 7:58:06 PM - System Checkpoint
RP454: 9/14/2012 7:25:34 PM - System Checkpoint
RP455: 9/15/2012 1:30:27 PM - Removed AVG 2012
RP456: 9/15/2012 1:31:35 PM - Removed AVG 2012
RP457: 9/16/2012 7:33:23 AM - Removed ABBYY FineReader 6.0 Sprint
RP458: 9/16/2012 7:56:28 AM - Installed Windows Defender
RP459: 9/16/2012 7:59:18 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
18 Wheels of Steel Haulin
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Army Men
Cross Fire En
Dell Driver Download Manager
Far Cry Demo 2
Ford Racing 3
FriendFinder Messenger v4.1
Get Tiffany
Gigabyte GN-WP01GS
Grand Theft Auto IV
Grand Theft Auto Vice City
Grand Theft Auto: Episodes From Liberty City
GTA San Andreas
GTAIII
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photo Creations
HP Update
IC4 Interface Device by SU Enterprise, Inc.
IDS
Image Plugin
Java Auto Updater
Java 6 Update 31
Lexmark Printable Web
Lexmark S300-S400 Series
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nView Desktop Manager
NVIDIA PhysX
Puma
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SpeedFan (remove only)
Spybot - Search & Destroy
TeamSpeak 2 RC2
Teradyne Wireless Card
The Lord of the Rings Online™ v03.02.03.8013
TTI Trailers Skins Pack
TTI Trucks and Trailers Skins Pack
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
9/16/2012 8:35:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp nvata nvatabus
9/16/2012 1:47:38 PM, error: nvgts [9] - The device, \Device\Scsi\nvgts3, did not respond within the timeout period.
9/16/2012 1:47:38 PM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts3.
9/15/2012 1:31:27 PM, error: Service Control Manager [7000] - The avgtp service failed to start due to the following error: The specified driver is invalid.
9/11/2012 7:33:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/11/2012 6:43:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp
9/11/2012 6:43:45 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
9/11/2012 6:43:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService service to connect.
9/11/2012 6:43:45 PM, error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/11/2012 6:43:45 PM, error: Service Control Manager [7000] - The 5619 service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by owner at 14:01:22 on 2012-09-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1121 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxeacoms.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - No File
BHO: TM_BHO Class: {60ec89b7-367d-402b-8c55-30faeb32a705} - c:\program files\ford motor company\ids\runtime\TMCtrlBHO.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [TDSReanimator] "c:\program files\common files\teradyne\TDSReanimator.exe"
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [crdrf] "c:\windows\system32\rundll32.exe" "c:\documents and settings\owner\application data\crdrf.dll",ToContiguous
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\ford motor company\ids\runtime\DeviceManager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gn-wp0~1.lnk - c:\program files\gigabyte\gigabyte wp01gs wireless pci adapter softap\installer\winxp\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: yahoo.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345319533534
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292781541281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://webdeploy.teradyne-ds.com/webdeploy/Wireless_11.2.0/setup.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4FF69FB5-376C-460A-AD7F-B6C3AED6C54C} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 TDSNetSetup;TDSNetSetup;c:\program files\common files\teradyne\TDSNetSetup.exe [2011-3-22 17920]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-16 40776]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [2008-2-12 1670016]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-18 27496]
S2 5619;5619;\??\c:\docume~1\owner\locals~1\temp\5619.sys --> c:\docume~1\owner\locals~1\temp\5619.sys [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-5-16 193192]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-16 35144]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2006-5-10 22016]
S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?]
S3 XDva398;XDva398;\??\c:\windows\system32\xdva398.sys --> c:\windows\system32\XDva398.sys [?]
S3 XDva399;XDva399;\??\c:\windows\system32\xdva399.sys --> c:\windows\system32\XDva399.sys [?]
.
=============== Created Last 30 ================
.
2012-09-16 17:50:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-16 14:28:09 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9b1a7bd7-edc5-4a98-9701-d87aa1e07b5b}\offreg.dll
2012-09-16 13:31:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-16 13:12:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-09-16 12:59:24 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-09-16 12:59:21 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9b1a7bd7-edc5-4a98-9701-d87aa1e07b5b}\mpengine.dll
2012-09-16 12:59:20 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-16 12:33:30 -------- d-----w- c:\windows\system32\appmgmt
2012-09-15 18:31:36 -------- d-----w- c:\documents and settings\owner\application data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
2012-08-18 22:52:25 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2012-08-18 20:25:10 -------- d-----w- c:\documents and settings\owner\application data\AVG2012
2012-08-18 20:24:46 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-08-18 20:24:39 -------- d-----w- c:\documents and settings\owner\application data\AVG Secure Search
2012-08-18 20:24:38 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-18 20:24:37 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-08-18 20:24:37 -------- d-----w- c:\program files\AVG Secure Search
2012-08-18 20:21:58 -------- d-----w- c:\program files\AVG
2012-08-18 20:12:33 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-08-18 20:12:33 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-08-18 20:04:29 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-08-18 18:33:45 -------- d-----w- c:\program files\Yontoo
2012-08-18 18:33:43 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
.
==================== Find3M ====================
.
2012-09-16 13:33:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 23:42:24 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 23:42:23 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-07 23:23:49 371712 ----a-w- c:\documents and settings\owner\application data\crdrf.dll
2012-07-27 23:56:16 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-06-28 02:17:05 139136 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-28 02:16:56 233920 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-28 02:16:56 233920 ----a-w- c:\windows\system32\PnkBstrB.exe
.
============= FINISH: 14:02:17.12 ===============
Malwarebytes Anti-Malware 1.65.0.1400
Database version: v2012.09.16.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
owner :: SKULL [administrator]
9/16/2012 12:51:54 PM
mbam-log-2012-09-16 (13-31-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274715
Time elapsed: 34 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken.
Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 4290b82d4017c5d31ef2aabc7ded302c -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Documents and Settings\owner\Local Settings\Temp\install_0_msi.exe (Backdoor.Agent.RC2Gen) -> No action taken.
C:\Documents and Settings\owner\Local Settings\Temp\install_1_msi.exe (Trojan.Sirefef) -> No action taken.
C:\WINDOWS\Installer\{d74cfbfb-0c05-d728-f3fd-0a24268dca5f}\U\80000000.@ (Trojan.Small) -> No action taken.
(end)
-
-
-
-
my search results go to differnt places Malwarebytes didnt find anything
in Resolved Malware Removal Logs
Posted
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.16.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
owner :: SKULL [administrator]
9/16/2012 4:19:12 PM
mbam-log-2012-09-16 (16-19-12).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398828
Time elapsed: 1 hour(s), 19 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\System Volume Information\_restore{65C06EA8-4E62-4E8A-8B9A-A8BE0C4B1B74}\RP441\A0238236.EXE (PUP.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\35\3952a8a3-12c03353 (Trojan.Reza) -> Quarantined and deleted successfully.
(end)