Dezvouz1946's Content - Malwarebytes Forums

Can't run MBAM, can't install Firefox...what infection is this? Help!

Dezvouz1946 replied to Dezvouz1946's topic in Resolved Malware Removal Logs

How do I update it? Can you point me to the proper site? Any step by step guide? There is no other pc here in my house...we only have this one laptop. Where can I check my connectivity settings?

Can't run MBAM, can't install Firefox...what infection is this? Help!

Dezvouz1946 replied to Dezvouz1946's topic in Resolved Malware Removal Logs

Im back. I have already "removed" the detections by mbam. Here is the log after I have removed the 6 items/malware>>> Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 24/11/2009 20:27:01 mbam-log-2009-11-24 (20-27-01).txt Scan type: Quick Scan Objects scanned: 100582 Time elapsed: 6 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 3 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) I have also ran the AVG scan while waiting for your reply. I updated it first...I was surprised that I was able to update it because before it was saying "General Error...Update Failed" but eventually the update was successful. Here is the AVG scan result. overview, Infections, Warnings By the way I just would like to add that whenever I am posting my reply to you I am having difficulty because the cursor of my mouse keeps on going everywhere...I have to re-write/delete again. Is this another symptom of infection? I am still getting occassional message in my laptop of "Connectivity Problem" which when I click "Diagnose" the connectivity will eventually succeed. Why is it like that? I am sorry if I have lots of questions...my laptop is really just acting weird. I'll wait for your reply again. Thanks!

Can't run MBAM, can't install Firefox...what infection is this? Help!

Dezvouz1946 replied to Dezvouz1946's topic in Resolved Malware Removal Logs

Hi again.I am lucky today that i can scan the MBAM and i was surprise.why 4 days ago i can't run the MBAM Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 24/11/2009 18:11:29 MBAM LOG 1 Scan type: Quick Scan Objects scanned: 100582 Time elapsed: 6 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 3 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken. Files Infected: (No malicious items detect What do i do next?My MBAM still open and i don't know what i am going to do next.

Can't run MBAM, can't install Firefox...what infection is this? Help!

Dezvouz1946 replied to Dezvouz1946's topic in Resolved Malware Removal Logs

Sorry again. I can see that you are really there to help me. Thanks for your patience. Here again is the complete DDS scan log: DDS (Ver_09-10-26.01) - NTFSx86 Run by Evelyn Dequilla at 21:10:37.61 on 23/11/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.245 [GMT 0:00] AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Evelyn Dequilla\My Documents\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.pep.ph/index.php uDefault_Page_URL = hxxp://www.dell.co.uk/myway uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html?p=DK uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uURLSearchHooks: H - No File uURLSearchHooks: H - No File uURLSearchHooks: H - No File BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File ============= SERVICES / DRIVERS =============== R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-11-18 25608] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-18 161800] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-18 333192] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-18 360584] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-11 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 74480] R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-18 906520] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-18 285392] R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-11-18 2304192] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-18 5832712] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-2 55152] R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-18 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-11-18 122376] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-11-18 30216] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-11-18 25736] S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-18 30104] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-19 38224] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 7408] S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-11-15 163840] =============== Created Last 30 ================ 2009-11-19 14:36:44 0 d-----w- c:\program files\Eusing Free Registry Cleaner 2009-11-19 13:21:50 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-11-19 13:21:49 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-19 03:08:23 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-11-19 03:07:51 0 d-----w- c:\program files\SUPERAntiSpyware 2009-11-19 03:07:51 0 d-----w- c:\docume~1\evelyn~1\applic~1\SUPERAntiSpyware.com 2009-11-19 03:06:30 0 d-----w- c:\program files\common files\Wise Installation Wizard 2009-11-19 02:04:26 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-19 02:04:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-11-19 01:05:47 0 d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2009-11-19 01:05:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-19 01:05:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-19 01:05:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-18 19:54:10 0 d--h--w- C:\$AVG 2009-11-18 19:53:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-18 19:53:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-18 19:53:29 0 d-----w- c:\windows\system32\drivers\Avg 2009-11-18 19:53:26 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2009-11-18 19:53:02 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys 2009-11-18 19:53:01 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-11-18 19:52:56 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-18 19:52:24 50968 ----a-w- c:\windows\system32\avgfwdx.dll 2009-11-18 19:52:24 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys 2009-11-18 19:52:23 0 d-----w- c:\program files\AVG 2009-11-18 19:47:40 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2009-11-18 17:57:11 0 d-----w- c:\docume~1\evelyn~1\applic~1\abelhadigital.com 2009-11-18 17:57:11 0 d-----w- c:\docume~1\alluse~1\applic~1\abelhadigital.com 2009-11-18 17:57:05 0 d-----w- c:\program files\HostsMan 2009-11-18 17:42:08 0 d-----w- c:\program files\CCleaner 2009-11-18 17:40:10 0 d-----w- c:\docume~1\evelyn~1\applic~1\Malwarebytes 2009-11-18 17:40:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-11-18 16:58:28 0 d-----w- c:\windows\pss 2009-11-11 21:06:20 0 d-----w- C:\divx 2009-11-11 18:26:56 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-11-11 18:26:56 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-11-11 18:26:55 129784 ------w- c:\windows\system32\pxafs.dll 2009-11-11 18:20:28 0 d-----w- c:\program files\common files\DivX Shared 2009-11-11 18:20:26 0 d-----w- c:\program files\DivX 2009-11-08 08:16:12 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-11-08 08:16:12 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys ==================== Find3M ==================== 2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll 2009-09-25 16:42:38 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys 2009-09-25 16:42:38 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-09-25 16:42:38 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-09-25 16:41:28 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll 2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll 2008-09-27 10:41:50 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat ============= FINISH: 21:11:50.09 =============== Here is the Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-26.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 15/11/2007 19:17:57 System Uptime: 23/11/2009 20:54:25 (1 hours ago) Motherboard: Dell Inc. | | 0X9238 Processor: Intel® Pentium® M processor 1.73GHz | Microprocessor | 1729/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 53 GiB total, 23.382 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP150: 26/08/2009 11:37:48 - System Checkpoint RP151: 26/08/2009 16:22:15 - Software Distribution Service 3.0 RP152: 28/08/2009 10:05:46 - System Checkpoint RP153: 30/08/2009 13:40:12 - System Checkpoint RP154: 09/09/2009 17:09:42 - Software Distribution Service 3.0 RP155: 22/09/2009 23:25:24 - System Checkpoint RP156: 14/10/2009 17:42:57 - System Checkpoint RP157: 17/10/2009 15:17:59 - Software Distribution Service 3.0 RP158: 22/10/2009 14:55:12 - System Checkpoint RP159: 06/11/2009 12:36:49 - System Checkpoint RP160: 06/11/2009 13:06:28 - Software Distribution Service 3.0 RP161: 11/11/2009 23:09:29 - Software Distribution Service 3.0 RP162: 18/11/2009 17:17:24 - Removed Norton Security Center RP163: 18/11/2009 19:52:20 - Installed AVG 9.0 RP164: 19/11/2009 01:52:21 - Removed Skype

Can't run MBAM, can't install Firefox...what infection is this? Help!

Dezvouz1946 replied to Dezvouz1946's topic in Resolved Malware Removal Logs

Sorry if the DDS Log got cut off.I am new to the forum like this.Here is the DDS Log again.I need to run the DDS scan again to get this scan result. Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 15/11/2007 19:17:57 System Uptime: 22/11/2009 17:07:22 (4 hours ago) Motherboard: Dell Inc. | | 0X9238 Processor: Intel® Pentium® M processor 1.73GHz | Microprocessor | 1729/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 53 GiB total, 23.32 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP149: 24/08/2009 14:19:44 - System Checkpoint RP150: 26/08/2009 11:37:48 - System Checkpoint RP151: 26/08/2009 16:22:15 - Software Distribution Service 3.0 RP152: 28/08/2009 10:05:46 - System Checkpoint RP153: 30/08/2009 13:40:12 - System Checkpoint RP154: 09/09/2009 17:09:42 - Software Distribution Service 3.0 RP155: 22/09/2009 23:25:24 - System Checkpoint RP156: 14/10/2009 17:42:57 - System Checkpoint RP157: 17/10/2009 15:17:59 - Software Distribution Service 3.0 RP158: 22/10/2009 14:55:12 - System Checkpoint RP159: 06/11/2009 12:36:49 - System Checkpoint RP160: 06/11/2009 13:06:28 - Software Distribution Service 3.0 RP161: 11/11/2009 23:09:29 - Software Distribution Service 3.0 RP162: 18/11/2009 17:17:24 - Removed Norton Security Center RP163: 18/11/2009 19:52:20 - Installed AVG 9.0 RP164: 19/11/2009 01:52:21 - Removed Skype

Can't run MBAM, can't install Firefox...what infection is this? Help!

Dezvouz1946 replied to Dezvouz1946's topic in Resolved Malware Removal Logs

Thank for replying to my post. Here is the result of the ot the antirootkit.the scan took about 40 minutes to finished. ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF782C470] SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF1A390B0] SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF782C5C0] SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF782C660] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\AVG\AVG9\avgfws9.exe[188] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\AVG\AVG9\avgfws9.exe[188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\AVG\AVG9\avgfws9.exe[188] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10033D7C .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10033BEC .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10033DEC .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10033AA0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10033214 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100327E4 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10032778 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10033A4C .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10033D7C .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10033BEC .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10033DEC .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10033AA0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10033214 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100327E4 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10032778 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10033A4C .text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\Bonjour\mDNSResponder.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\Bonjour\mDNSResponder.exe[724] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10043D7C .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10043BEC .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10043DEC .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10043AA0 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10043214 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100427E4 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10042778 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10043A4C .text C:\Program Files\Dell Support\DSAgnt.exe[776] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\Dell Support\DSAgnt.exe[776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\Dell Support\DSAgnt.exe[776] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0101F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation) .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\Java\jre6\bin\jqs.exe[1216] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\Java\jre6\bin\jqs.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\Java\jre6\bin\jqs.exe[1216] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\system32\winlogon.exe[1460] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\system32\winlogon.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\system32\winlogon.exe[1460] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\system32\spoolsv.exe[1488] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\system32\lsass.exe[1524] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\system32\lsass.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\system32\lsass.exe[1524] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\AVG\AVG9\avgam.exe[2260] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\AVG\AVG9\avgam.exe[2260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\AVG\AVG9\avgam.exe[2260] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\AVG\AVG9\avgemc.exe[2384] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\AVG\AVG9\avgemc.exe[2384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\AVG\AVG9\avgemc.exe[2384] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\system32\ctfmon.exe[2756] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\System32\alg.exe[2820] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\System32\alg.exe[2820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\System32\alg.exe[2820] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C .text C:\WINDOWS\system32\wscntfy.exe[5380] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C .text C:\WINDOWS\system32\wscntfy.exe[5380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC .text C:\WINDOWS\system32\wscntfy.exe[5380] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC .text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0 .text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214 .text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4 .text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778 .text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device EDBC9D20 AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{087F3405-C50C-733B-1D4C-B82680176732}\InProcServer32@ %SystemRoot%\system32\dsuiext.dll Reg HKLM\SOFTWARE\Classes\CLSID\{087F3405-C50C-733B-1D4C-B82680176732}\InProcServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{087F3405-C50C-733B-1D4C-B82680176732}\ShellEx\MayChangeDefaultMenu Reg HKLM\SOFTWARE\Classes\CLSID\{087F3405-C50C-733B-1D4C-B82680176732}\ShellEx\MayChangeDefaultMenu@ 1 Reg HKLM\SOFTWARE\Classes\CLSID\{156F457B-4571-256D-D57D-647A582984D3}\InprocServer32@ C:\WINDOWS\system32\CLBCatQ.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{156F457B-4571-256D-D57D-647A582984D3}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{4FED0344-3AEA-8BD4-B455-1990AE7C334F}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll Reg HKLM\SOFTWARE\Classes\CLSID\{4FED0344-3AEA-8BD4-B455-1990AE7C334F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{4FED0344-3AEA-8BD4-B455-1990AE7C334F}\ProgID@ DAO.Index.36 ---- EOF - GMER 1.0.15 ---- Here is the result of DDS scan. FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Evelyn Dequilla\My Documents\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.pep.ph/index.php uDefault_Page_URL = hxxp://www.dell.co.uk/myway

Can't run MBAM, can't install Firefox...what infection is this? Help!

Dezvouz1946 posted a topic in Resolved Malware Removal Logs

Hi! I am having a nightmare with my laptop. Occassionally I will get a message that my pc is unable to connect to internet...http error something I cant understand. I tried installing Firefox but installation won't proceed...the interface just dies out. I am also unable to run MBAM(I was lucky I was able to install it maybe)...I can't even run F-Secure Online Scanner coz the screen keeps on getting back to "start scan" . I'd like to run HijckThis but don't know where to get the latest installer. I have run Spybot and SuperAntispyware OK...found mostly tracking cookies and quarantined it BUT still I can't run my MBAM and why I cant install Firefox? I've ran Process Explorer and the report is in my desktop but dont know if you would require it. Help please. What kind of infection is this?

Six Rogue Installers MBAM Detection...what to do now?

Dezvouz1946 replied to Dezvouz1946's topic in Malwarebytes for Windows Support Forum

Oh yes...I've scanned again today, did the update prior first(999 to 1000) then proceed with the full scan which finds nothing. I'm a happy man now! Thanks!

Six Rogue Installers MBAM Detection...what to do now?

Dezvouz1946 posted a topic in Malwarebytes for Windows Support Forum

Hi! I'm new to this forum and I don't know where to put this post but this is about six Rogue Installers detected by MBAM yesterday when I did an on-demand scanning. This is the result I got. It was the first time my MBAM had a detection in my almost a year of using it so I don't quite know how to deal with it...I just close/exited from the scanner without doing anything(I wonder why there is no "Quarantine" option, there are only "Remove" and "Ignore"). Scanning with my other on-demand scanner, SuperAntispyware, reveals nothing as is a-squared online scanner. My AVG Free 8 also flags nothing and Eset's Antivirus online scanner also found nothing. I don't know if this is a false positive detections but I know it is only the MBAM people/expert who can clarify this for me. I'll await your guidance on what to do next about this detections. Thanks! Windows XP MCE(SP3),IE7 & FireFox3(default),AVG 8.0 Free,CCleaner,SUPERAntispyware Free 3.9.1008,MBAM 1.23,F-Secure BlackLight AntiRootKit,ZoneAlarm Free 7.0.483

Sign In

Dezvouz1946

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Dezvouz1946

Can't run MBAM, can't install Firefox...what infection is this? Help!

Can't run MBAM, can't install Firefox...what infection is this? Help!

Can't run MBAM, can't install Firefox...what infection is this? Help!

Can't run MBAM, can't install Firefox...what infection is this? Help!

Can't run MBAM, can't install Firefox...what infection is this? Help!

Can't run MBAM, can't install Firefox...what infection is this? Help!

Can't run MBAM, can't install Firefox...what infection is this? Help!

Six Rogue Installers MBAM Detection...what to do now?

Six Rogue Installers MBAM Detection...what to do now?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information