Jump to content

The_Dave

Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by The_Dave

  1. WOOHOO! Mbam is updating and I am no longer getting redirected! Thank you so much for all your help!
  2. Just realized that I attached the runscanner.exe in my last post DOH! here is the log: Runscanner logfile * = signed file - = file not found General info ------------ Computer name : DTOWER Creation time : 2/26/2010 9:44:16 AM Hosts <> 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 7.0.5730.11 OS : Microsoft Windows XP OS Build : 2600 OS SP : Service Pack 3 RunScanner Version : 1.9.0.9 User Language : English (United States) User rights : Administrator Windows folder : C:\WINDOWS Running processes ----------------- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe * C:\WINDOWS\System32\alg.exe (Microsoft Corporation) * C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) * C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.) * C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) * C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) * C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) * C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) * C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) * C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) * C:\WINDOWS\system32\csrss.exe (Microsoft Corporation) * C:\Program Files\CometBird\CometBird.exe (CometNetwork) * C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation) * C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) * C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) * C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) * C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) * C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) * C:\WINDOWS\System32\svchost.exe (Microsoft Corporation) * C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) * C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.) * C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) * C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) * C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) * C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) * C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR) * C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) * C:\WINDOWS\system32\PnkBstrA.exe * C:\WINDOWS\system32\RUNDLL32.EXE (Microsoft Corporation) * C:\WINDOWS\system32\Rundll32.exe (Microsoft Corporation) * C:\Documents and Settings\Administrator\Desktop\runscanner.exe (Runscanner.net) * C:\WINDOWS\system32\services.exe (Microsoft Corporation) * C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) * C:\WINDOWS\Explorer.EXE (Microsoft Corporation) * C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation) * c:\windows\System32\smss.exe (Microsoft Corporation) * C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) Unrated items ------------- 002 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation) 002 C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) 002 C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.) 003 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) 005 C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe (Hewlett-Packard Co.) 005 C:\PROGRA~1\NETGEAR\WG111T\wlan111t.exe (NETGEAR) 010 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe (ForceWare Intelligent Application Manager (IAM)) 010 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (NMIndexingService) 010 C:\WINDOWS\system32\HPZipm12.exe (Pml Driver HPZ12) 010 * C:\WINDOWS\system32\PnkBstrA.exe (PnkBstrA) 010 C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Manager Service) 011 C:\WINDOWS\system32\DRIVERS\AegisP.sys (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) 011 C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile USB Driver) 011 C:\WINDOWS\system32\DNINDIS5.SYS (DNINDIS5 NDIS Protocol Driver) 011 * C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR ASPI Filter Driver) 011 C:\WINDOWS\system32\DRIVERS\Alpham.sys (Ideazon Merc Composite Keyboard Driver) 011 * C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio USB Driver) 011 C:\WINDOWS\system32\drivers\usbkt1x1.sys (M-Audio USB Keystation) 011 * C:\WINDOWS\system32\drivers\uks11ldr.sys (M-Audio USB Keystation Loader) 011 C:\WINDOWS\system32\drivers\TPkd.sys (TPkd) 011 C:\WINDOWS\system32\DRIVERS\VClone.sys (VClone) 052 GUID / CLSID not found {53707962-6F74-2D53-2644-206D7942484F} 061 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 061 C:\WINDOWS\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D} 061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} 061 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3} 061 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8} 061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} 061 C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll (Intuit Inc.) {7D5C4BDD-B015-4401-8731-1507B87DE297} 062 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882} 069 C:\WINDOWS\system32\HpTcpMon.dll (Hewlett Packard) 100 Start Page HKCU : http://www.ask.com?o=14196&l=dis 104 GUID / CLSID not found {00000075-9980-0010-8000-00AA00389B71} 104 * C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx (Creative Technology Ltd) {F6ACF75C-C32C-447B-9BEF-46B766368D29} 105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) 120 NameServer {10D5D574-4818-4953-9E0E-218BFEAA6B97} : 93.188.162.96,93.188.166.34 153 * C:\WINDOWS\system32\ma_cmidn.dll (M-Audio) 171 C:\WINDOWS\system32\SPHOME~1.SCR (ScreenTime Media) 173 GUID / CLSID not found 173 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 221 GUID / CLSID not found 221 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 222 GUID / CLSID not found {736AF091-C361-49B4-A928-87C586130D33} 223 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} 225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} 225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} 227 GUID / CLSID not found 227 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 229 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} 231 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) NeroDigitalExt.NeroDigitalColumnHandler 251 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} Missing files ------------- 011 C:\WINDOWS\system32\drivers\Abiosdsk.sys 011 C:\WINDOWS\system32\drivers\abp480n5.sys 011 C:\WINDOWS\system32\drivers\adpu160m.sys 011 C:\WINDOWS\system32\drivers\Aha154x.sys 011 C:\WINDOWS\system32\drivers\aic78u2.sys 011 C:\WINDOWS\system32\drivers\aic78xx.sys 011 C:\WINDOWS\system32\drivers\AliIde.sys 011 C:\WINDOWS\system32\drivers\amsint.sys 011 C:\WINDOWS\system32\drivers\asc.sys 011 C:\WINDOWS\system32\drivers\asc3350p.sys 011 C:\WINDOWS\system32\drivers\asc3550.sys 011 C:\WINDOWS\system32\drivers\Atdisk.sys 011 C:\WINDOWS\system32\drivers\Beep.sys 011 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys 011 C:\WINDOWS\system32\drivers\cd20xrnt.sys 011 C:\WINDOWS\system32\drivers\Changer.sys 011 C:\WINDOWS\system32\drivers\CmdIde.sys 011 C:\WINDOWS\system32\drivers\Cpqarray.sys 011 C:\WINDOWS\system32\drivers\dac2w2k.sys 011 C:\WINDOWS\system32\drivers\dac960nt.sys 011 c:\windows\system32\drivers\dalwdm.sys 011 C:\WINDOWS\system32\drivers\dpti2o.sys 011 C:\WINDOWS\system32\drivers\hpn.sys 011 C:\WINDOWS\system32\drivers\i2omgmt.sys 011 C:\WINDOWS\system32\drivers\i2omp.sys 011 C:\WINDOWS\system32\drivers\ini910u.sys 011 C:\WINDOWS\system32\drivers\IntelIde.sys 011 c:\windows\system32\DRIVERS\Lbd.sys 011 C:\WINDOWS\system32\drivers\lbrtfdc.sys 011 C:\WINDOWS\system32\drivers\mraid35x.sys 011 C:\WINDOWS\system32\drivers\PCIDump.sys 011 C:\WINDOWS\system32\drivers\PDCOMP.sys 011 C:\WINDOWS\system32\drivers\PDFRAME.sys 011 C:\WINDOWS\system32\drivers\PDRELI.sys 011 C:\WINDOWS\system32\drivers\PDRFRAME.sys 011 C:\WINDOWS\system32\drivers\perc2.sys 011 C:\WINDOWS\system32\drivers\perc2hib.sys 011 C:\WINDOWS\system32\drivers\ql1080.sys 011 C:\WINDOWS\system32\drivers\Ql10wnt.sys 011 C:\WINDOWS\system32\drivers\ql12160.sys 011 C:\WINDOWS\system32\drivers\ql1240.sys 011 C:\WINDOWS\system32\drivers\ql1280.sys 011 C:\WINDOWS\system32\drivers\rk_remover.sys 011 C:\WINDOWS\system32\drivers\Simbad.sys 011 C:\WINDOWS\system32\drivers\Sparrow.sys 011 C:\WINDOWS\system32\drivers\sym_hi.sys 011 C:\WINDOWS\system32\drivers\sym_u3.sys 011 c:\windows\system32\DRIVERS\SymIM.sys 011 C:\WINDOWS\system32\drivers\symc810.sys 011 C:\WINDOWS\system32\drivers\symc8xx.sys 011 c:\windows\system32\DRIVERS\SymIM.sys 011 C:\WINDOWS\system32\drivers\TosIde.sys 011 C:\WINDOWS\system32\drivers\ultra.sys 011 C:\WINDOWS\system32\drivers\ViaIde.sys 011 C:\WINDOWS\system32\drivers\WDICA.sys 061 deskpan.dll
  3. Here is the HijackThis log, with the latest GMER and the Runscanner files attached. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:41:00 AM, on 2/26/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Ideazon\ZEngine\Zboard.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\CometBird\CometBird.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgupd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188764132406 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15109/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10D5D574-4818-4953-9E0E-218BFEAA6B97}: NameServer = 93.188.162.96,93.188.166.34 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7937 bytes 2_26.zip
  4. Now on the Kspersky one it wont update and I keep getting a dialogue box that says "Program has failed to start. Program has failed to start. Close the Kaspersky Online Scan 7.0 window and open it again to install the program." Ive tried 10 times and this is still what I get.
  5. I cant get ESET Scan to run. Im not sure why. My guess would be that I have to use a proxy to access the site?
  6. latest combo fix: ComboFix 10-02-24.01 - Administrator 02/24/2010 22:33:47.3.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2443 [GMT -8:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66} . ((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 ))))))))))))))))))))))))))))))) . 2010-02-19 09:20 . 2010-02-19 09:20 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2010-02-19 08:04 . 2010-02-19 08:05 -------- d-----w- c:\program files\ERUNT 2010-02-19 07:44 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-19 07:44 . 2010-02-19 09:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-19 07:44 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\program files\Common Files\Config 2010-02-19 06:05 . 2010-02-19 06:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite 2010-02-19 06:05 . 2010-02-23 05:31 -------- d-----w- c:\program files\uTorrent 2010-02-14 10:04 . 2010-02-19 05:59 -------- d-----w- c:\program files\Mediafour 2010-02-14 07:36 . 2010-02-14 07:36 -------- d-----w- c:\program files\Sony 2010-02-14 07:35 . 2010-02-14 07:35 -------- d-----w- c:\program files\Sony Setup 2010-02-12 09:53 . 2010-02-19 06:06 -------- d-----w- c:\program files\Moyea 2010-02-12 07:53 . 2010-02-19 06:00 -------- d-----w- c:\program files\AC3Filter 2010-02-12 07:27 . 2010-02-12 07:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU 2010-02-12 07:26 . 2003-05-21 20:50 24576 ----a-w- c:\windows\system32\msxml3a.dll 2010-02-11 09:29 . 2010-02-19 06:00 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-11 01:31 . 2010-02-05 06:28 245760 ----a-w- c:\documents and settings\Administrator\Application Data\CometNetwork\CometBird\Profiles\1xa8kvgf.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll 2010-02-05 09:42 . 2010-02-05 09:42 -------- d-----w- c:\program files\Common Files\Inet 2010-02-05 09:41 . 2010-02-05 09:41 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll 2010-02-05 09:41 . 2010-02-05 09:41 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll 2010-02-05 09:41 . 2010-02-05 09:41 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll 2010-02-05 09:39 . 2010-02-05 09:39 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll 2010-02-05 09:37 . 2010-02-05 09:37 241512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE 2010-02-05 09:37 . 2010-02-05 09:37 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll 2010-02-05 09:36 . 2010-02-05 09:36 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd 2010-02-05 09:36 . 2009-09-08 20:42 4199784 ----a-w- c:\windows\system32\cdintf400.dll 2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe 2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe 2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Hab\Custom\billmind.exe 2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe 2010-02-05 09:35 . 2010-02-19 06:01 -------- d-----w- c:\program files\Quicken 2010-02-05 09:35 . 2010-02-05 09:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit 2010-02-05 09:26 . 2010-02-05 09:26 -------- d-----w- c:\program files\Elaborate Bytes 2010-02-05 09:14 . 2010-02-05 09:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-05 02:59 . 2010-02-23 07:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2010-02-05 02:49 . 2010-02-05 02:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CometNetwork 2010-02-05 02:49 . 2010-02-05 02:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\CometNetwork 2010-02-05 02:49 . 2010-02-19 06:01 -------- d-----w- c:\program files\CometBird 2010-02-05 00:08 . 2010-02-05 00:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2010-02-05 00:07 . 2010-02-19 06:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2010-02-04 20:35 . 2010-02-04 20:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sunbelt 2010-02-04 20:34 . 2010-02-04 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2010-02-04 20:32 . 2010-02-04 20:32 -------- d-----w- c:\program files\Sunbelt Software 2010-02-02 05:46 . 2010-02-19 06:05 -------- d-----w- c:\program files\iPod 2010-02-02 05:46 . 2010-02-19 06:05 -------- d-----w- c:\program files\iTunes 2010-02-02 05:25 . 2010-02-02 05:25 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-01-28 19:59 . 2010-01-28 20:00 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-23 09:12 . 2009-03-14 22:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire 2010-02-23 03:39 . 2006-02-28 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-02-22 08:19 . 2009-03-14 22:41 -------- d-----w- c:\program files\FrostWire 2010-02-19 09:05 . 2008-03-18 08:25 -------- d-----w- c:\program files\Lavasoft 2010-02-19 09:05 . 2008-01-25 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-19 07:44 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-02-19 07:39 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-19 06:07 . 2007-08-28 08:45 -------- d-----w- c:\program files\DivX 2010-02-19 06:07 . 2009-08-21 07:18 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-02-19 06:07 . 2007-08-28 07:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-02-19 06:06 . 2007-08-28 06:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-19 06:05 . 2007-08-28 08:56 -------- d-----w- c:\program files\Common Files\Apple 2010-02-19 06:04 . 2009-09-11 04:22 -------- d-----w- c:\program files\QuickTime 2010-02-19 06:04 . 2009-04-24 17:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0 2010-02-05 09:35 . 2008-06-15 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2010-01-28 21:26 . 2008-10-02 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-01-22 07:44 . 2010-01-22 07:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage 2010-01-05 10:00 . 2006-02-28 12:00 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll 2010-01-03 08:36 . 2009-12-25 06:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Moyea 2010-01-02 18:54 . 2010-01-02 18:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\.BitTornado 2010-01-02 10:56 . 2010-01-02 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\PCF-VLC 2009-12-22 08:34 . 2008-10-24 07:27 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-12-22 08:34 . 2008-07-20 20:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-12-22 08:34 . 2008-03-26 08:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-12-22 08:34 . 2009-10-30 20:09 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys 2009-12-22 08:34 . 2008-07-20 20:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 21:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-05 57344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "P17Helper"="P17.dll" [2005-05-03 64512] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-8-27 884840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-12-22 08:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi3"=ma_cmidn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 12:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-12-24 01:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler] 2006-01-09 02:43 53340 ------w- c:\program files\Creative\Shared Files\CTSched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-23 03:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 22:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-18 07:55 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] 2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 11:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/30/2009 12:09 PM 25608] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/20/2008 12:12 PM 333192] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/23/2008 11:27 PM 360584] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/22/2009 12:34 AM 285392] R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/22/2009 12:34 AM 2304192] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/22/2009 12:34 AM 5832712] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2007 7:50 PM 24652] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/23/2008 11:26 PM 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/30/2009 12:09 PM 122376] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/30/2009 12:09 PM 30216] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/30/2009 12:09 PM 25736] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/27/2007 10:21 PM 17149] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/4/2005 12:55 PM 34944] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/23/2008 11:26 PM 30104] S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys --> c:\windows\system32\drivers\dalwdm.sys [?] S3 rk_remover;rk_remover;\??\c:\windows\system32\drivers\rk_remover.sys --> c:\windows\system32\drivers\rk_remover.sys [?] S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [11/10/2007 12:43 PM 20168] S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [11/10/2007 12:43 PM 22304] . Contents of the 'Scheduled Tasks' folder 2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com?o=14196&l=dis uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {10D5D574-4818-4953-9E0E-218BFEAA6B97} = 93.188.162.96,93.188.166.34 . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3684) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-02-24 22:40:45 ComboFix-quarantined-files.txt 2010-02-25 06:40 ComboFix2.txt 2010-02-22 02:19 ComboFix3.txt 2010-02-22 01:50 Pre-Run: 381,960,146,944 bytes free Post-Run: 381,926,965,248 bytes free - - End Of File - - 079C7AC402D3542EBC9CFA02F5A92C12
  7. Here is the TDSSKiller log: 19:37:29:890 3048 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31 19:37:29:890 3048 ================================================================================ 19:37:29:890 3048 SystemInfo: 19:37:29:890 3048 OS Version: 5.1.2600 ServicePack: 3.0 19:37:29:890 3048 Product type: Workstation 19:37:29:890 3048 ComputerName: DTOWER 19:37:29:890 3048 UserName: Administrator 19:37:29:890 3048 Windows directory: C:\WINDOWS 19:37:29:890 3048 Processor architecture: Intel x86 19:37:29:890 3048 Number of processors: 4 19:37:29:890 3048 Page size: 0x1000 19:37:29:890 3048 Boot type: Normal boot 19:37:29:890 3048 ================================================================================ 19:37:29:906 3048 UnloadDriverW: NtUnloadDriver error 2 19:37:29:906 3048 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 19:37:29:906 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 19:37:29:921 3048 UtilityInit: KLMD drop and load success 19:37:29:921 3048 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010) 19:37:29:921 3048 UtilityInit: KLMD open success 19:37:29:921 3048 UtilityInit: Initialize success 19:37:29:921 3048 19:37:29:921 3048 Scanning Services ... 19:37:29:921 3048 CreateRegParser: Registry parser init started 19:37:29:921 3048 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 19:37:29:921 3048 CreateRegParser: DisableWow64Redirection error 19:37:29:921 3048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 19:37:29:937 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 19:37:29:937 3048 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:37:29:937 3048 wfopen_ex: Trying to KLMD file open 19:37:29:937 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 19:37:29:937 3048 wfopen_ex: File opened ok (Flags 2) 19:37:29:937 3048 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 394958 19:37:29:937 3048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 19:37:29:937 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 19:37:29:937 3048 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:37:29:937 3048 wfopen_ex: Trying to KLMD file open 19:37:29:937 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 19:37:29:937 3048 wfopen_ex: File opened ok (Flags 2) 19:37:29:937 3048 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 394A00 19:37:29:937 3048 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 19:37:29:937 3048 CreateRegParser: EnableWow64Redirection error 19:37:29:937 3048 CreateRegParser: RegParser init completed 19:37:30:390 3048 GetAdvancedServicesInfo: Raw services enum returned 373 services 19:37:30:390 3048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 19:37:30:390 3048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 19:37:30:390 3048 19:37:30:390 3048 Scanning Kernel memory ... 19:37:30:390 3048 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 19:37:30:390 3048 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84CE6930 19:37:30:390 3048 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects 19:37:30:390 3048 19:37:30:390 3048 DetectCureTDL3: DEVICE_OBJECT: 84AABC68 19:37:30:390 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84AABC68 19:37:30:390 3048 KLMD_ReadMem: Trying to ReadMemory 0x84AABC68[0x38] 19:37:30:390 3048 DetectCureTDL3: DRIVER_OBJECT: 84CE6930 19:37:30:390 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CE6930[0xA8] 19:37:30:390 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1D85328[0x18] 19:37:30:390 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CREATE : BA91EBB0 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CLOSE : BA91EBB0 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_READ : BA918D1F 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_WRITE : BA918D1F 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA9192E2 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA9193BB 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA91CF28 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA9192E2 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_POWER : BA91AC82 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA91F99E 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 19:37:30:390 3048 TDL3_FileDetect: Processing driver: Disk 19:37:30:390 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:37:30:390 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:37:30:406 3048 TDL3_FileDetect: Processing driver: Disk 19:37:30:406 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:37:30:406 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:37:30:406 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:37:30:406 3048 19:37:30:406 3048 DetectCureTDL3: DEVICE_OBJECT: 84BBE218 19:37:30:406 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84BBE218 19:37:30:406 3048 DetectCureTDL3: DEVICE_OBJECT: 848543C8 19:37:30:406 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 848543C8 19:37:30:406 3048 KLMD_ReadMem: Trying to ReadMemory 0x848543C8[0x38] 19:37:30:406 3048 DetectCureTDL3: DRIVER_OBJECT: 84953040 19:37:30:406 3048 KLMD_ReadMem: Trying to ReadMemory 0x84953040[0xA8] 19:37:30:406 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1F70828[0x1E] 19:37:30:406 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CREATE : BABB5218 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CLOSE : BABB5218 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_READ : BABB523C 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_WRITE : BABB523C 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BABB5180 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BABB09E6 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_POWER : BABB45F0 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BABB2A6E 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 19:37:30:406 3048 TDL3_FileDetect: Processing driver: USBSTOR 19:37:30:406 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:37:30:406 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0xBABB1F26[0x400] 19:37:30:421 3048 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:37:30:421 3048 TDL3_FileDetect: Processing driver: USBSTOR 19:37:30:421 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:37:30:421 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:37:30:421 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:37:30:421 3048 19:37:30:421 3048 DetectCureTDL3: DEVICE_OBJECT: 84CE59F0 19:37:30:421 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CE59F0 19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CE59F0[0x38] 19:37:30:421 3048 DetectCureTDL3: DRIVER_OBJECT: 84CE6930 19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CE6930[0xA8] 19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1D85328[0x18] 19:37:30:421 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE : BA91EBB0 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CLOSE : BA91EBB0 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_READ : BA918D1F 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_WRITE : BA918D1F 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA9192E2 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA9193BB 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA91CF28 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA9192E2 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_POWER : BA91AC82 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA91F99E 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 19:37:30:421 3048 TDL3_FileDetect: Processing driver: Disk 19:37:30:421 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:37:30:421 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:37:30:421 3048 TDL3_FileDetect: Processing driver: Disk 19:37:30:421 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:37:30:421 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:37:30:421 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:37:30:421 3048 19:37:30:421 3048 DetectCureTDL3: DEVICE_OBJECT: 84CA8AB8 19:37:30:421 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CA8AB8 19:37:30:421 3048 DetectCureTDL3: DEVICE_OBJECT: 84CE83A8 19:37:30:421 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CE83A8 19:37:30:421 3048 DetectCureTDL3: DEVICE_OBJECT: 84CAA940 19:37:30:421 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CAA940 19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CAA940[0x38] 19:37:30:421 3048 DetectCureTDL3: DRIVER_OBJECT: 84CAB320 19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CAB320[0xA8] 19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1D707D8[0x1A] 19:37:30:421 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CLOSE : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_READ : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_WRITE : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_INFORMATION : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_EA : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_EA : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CLEANUP : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_SECURITY : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_POWER : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : BA714B3A 19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_QUOTA : BA714B3A 19:37:30:421 3048 TDL3_FileDetect: Processing driver: atapi 19:37:30:421 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 19:37:30:421 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 19:37:30:437 3048 DetectCureTDL3: All IRP handlers pointed to one addr: BA714B3A 19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0xBA714B3A[0x400] 19:37:30:437 3048 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr 19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4] 19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0x84D210B4[0x4] 19:37:30:437 3048 TDL3_IrpHookDetect: New IrpHandler addr: 84D518C8 19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0x84D518C8[0x400] 19:37:30:437 3048 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120 19:37:30:437 3048 Driver "atapi" Irp handler infected by TDSS rootkit ... 19:37:30:437 3048 KLMD_WriteMem: Trying to WriteMemory 0x84D5194E[0xD] 19:37:30:437 3048 cured 19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0xBA712864[0x400] 19:37:30:437 3048 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:37:30:437 3048 TDL3_FileDetect: Processing driver: atapi 19:37:30:437 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 19:37:30:437 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 19:37:30:437 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected 19:37:30:437 3048 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 19:37:30:437 3048 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 19:37:30:437 3048 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3 19:37:30:468 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab 19:37:30:531 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp2.cab 19:37:30:546 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp3.cab 19:37:30:562 3048 CabinetCallback: Backup candidate found: atapi.sys:96512, extracting.. 19:37:30:609 3048 CabinetCallback: File extracted successfully: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bckE.tmp 19:37:30:609 3048 ValidateDriverFile: Stage 1 passed 19:37:30:609 3048 ValidateDriverFile: Stage 2 passed 19:37:30:656 3048 DigitalSignVerifyByHandle: Embedded DS result: 800B0100 19:37:31:390 3048 DigitalSignVerifyByHandle: Cat DS result: 00000000 19:37:31:390 3048 ValidateDriverFile: Stage 3 passed 19:37:31:390 3048 CabinetCallback: File validated successfully, restore information prepared 19:37:31:390 3048 FindDriverFileBackup: Backup copy found in cab-file 19:37:31:390 3048 TDL3_FileCure: Backup copy found, using it.. 19:37:31:390 3048 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tskF.tmp 19:37:31:437 3048 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskF.tmp, system32\drivers\atapi.sys) 19:37:31:437 3048 TDL3_FileCure: KLMD jobs schedule success 19:37:31:437 3048 will be cured on next reboot 19:37:31:437 3048 UtilityBootReinit: Reboot required for cure complete.. 19:37:31:437 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000 19:37:31:437 3048 UtilityBootReinit: KLMD drop success 19:37:31:437 3048 KLMD_ApplyPendList: Pending buffer(7E2_322F, 600) dropped successfully 19:37:31:437 3048 UtilityBootReinit: Cure on reboot scheduled successfully 19:37:31:437 3048 19:37:31:437 3048 Completed 19:37:31:437 3048 19:37:31:437 3048 Results: 19:37:31:437 3048 Memory objects infected / cured / cured on reboot: 1 / 1 / 0 19:37:31:437 3048 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 19:37:31:437 3048 File objects infected / cured / cured on reboot: 1 / 0 / 1 19:37:31:437 3048 19:37:31:437 3048 UnloadDriverW: NtUnloadDriver error 1 19:37:31:437 3048 KLMD_Unload: UnloadDriverW(klmd21) error 1 19:37:31:437 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 19:37:31:437 3048 UtilityDeinit: KLMD(ARK) unloaded successfully
  8. Ok here is the combo fix log: ComboFix 10-02-21.02 - Administrator 02/21/2010 18:11:41.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2507 [GMT -8:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66} . ((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 ))))))))))))))))))))))))))))))) . 2010-02-19 09:20 . 2010-02-19 09:20 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2010-02-19 08:04 . 2010-02-19 08:05 -------- d-----w- c:\program files\ERUNT 2010-02-19 07:44 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-19 07:44 . 2010-02-19 09:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-19 07:44 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\program files\Common Files\Config 2010-02-19 06:05 . 2010-02-19 06:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite 2010-02-19 06:05 . 2010-02-19 06:05 -------- d-----w- c:\program files\uTorrent 2010-02-14 10:04 . 2010-02-19 05:59 -------- d-----w- c:\program files\Mediafour 2010-02-14 07:36 . 2010-02-14 07:36 -------- d-----w- c:\program files\Sony 2010-02-14 07:35 . 2010-02-14 07:35 -------- d-----w- c:\program files\Sony Setup 2010-02-12 09:53 . 2010-02-19 06:06 -------- d-----w- c:\program files\Moyea 2010-02-12 07:53 . 2010-02-19 06:00 -------- d-----w- c:\program files\AC3Filter 2010-02-12 07:27 . 2010-02-12 07:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU 2010-02-12 07:26 . 2003-05-21 20:50 24576 ----a-w- c:\windows\system32\msxml3a.dll 2010-02-11 09:29 . 2010-02-19 06:00 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-11 01:31 . 2010-02-05 06:28 245760 ----a-w- c:\documents and settings\Administrator\Application Data\CometNetwork\CometBird\Profiles\1xa8kvgf.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll 2010-02-05 09:42 . 2010-02-05 09:42 -------- d-----w- c:\program files\Common Files\Inet 2010-02-05 09:41 . 2010-02-05 09:41 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll 2010-02-05 09:41 . 2010-02-05 09:41 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll 2010-02-05 09:41 . 2010-02-05 09:41 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll 2010-02-05 09:39 . 2010-02-05 09:39 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll 2010-02-05 09:37 . 2010-02-05 09:37 241512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE 2010-02-05 09:37 . 2010-02-05 09:37 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll 2010-02-05 09:36 . 2010-02-05 09:36 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd 2010-02-05 09:36 . 2009-09-08 20:42 4199784 ----a-w- c:\windows\system32\cdintf400.dll 2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe 2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe 2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Hab\Custom\billmind.exe 2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe 2010-02-05 09:35 . 2010-02-19 06:01 -------- d-----w- c:\program files\Quicken 2010-02-05 09:35 . 2010-02-05 09:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit 2010-02-05 09:26 . 2010-02-05 09:26 -------- d-----w- c:\program files\Elaborate Bytes 2010-02-05 09:14 . 2010-02-05 09:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-05 02:59 . 2010-02-20 01:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2010-02-05 02:49 . 2010-02-05 02:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CometNetwork 2010-02-05 02:49 . 2010-02-05 02:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\CometNetwork 2010-02-05 02:49 . 2010-02-19 06:01 -------- d-----w- c:\program files\CometBird 2010-02-05 00:08 . 2010-02-05 00:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2010-02-05 00:07 . 2010-02-19 06:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2010-02-04 20:35 . 2010-02-04 20:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sunbelt 2010-02-04 20:34 . 2010-02-04 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2010-02-04 20:32 . 2010-02-04 20:32 -------- d-----w- c:\program files\Sunbelt Software 2010-02-02 05:46 . 2010-02-19 06:05 -------- d-----w- c:\program files\iPod 2010-02-02 05:46 . 2010-02-19 06:05 -------- d-----w- c:\program files\iTunes 2010-02-02 05:25 . 2010-02-02 05:25 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-01-28 19:59 . 2010-01-28 20:00 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-19 09:05 . 2008-03-18 08:25 -------- d-----w- c:\program files\Lavasoft 2010-02-19 09:05 . 2008-01-25 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-19 07:44 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-02-19 07:39 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-19 06:07 . 2007-08-28 08:45 -------- d-----w- c:\program files\DivX 2010-02-19 06:07 . 2009-08-21 07:18 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-02-19 06:07 . 2007-08-28 07:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-02-19 06:06 . 2007-08-28 06:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-19 06:05 . 2007-08-28 08:56 -------- d-----w- c:\program files\Common Files\Apple 2010-02-19 06:04 . 2009-09-11 04:22 -------- d-----w- c:\program files\QuickTime 2010-02-19 06:04 . 2009-04-24 17:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0 2010-02-16 02:15 . 2009-03-14 22:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire 2010-02-05 09:35 . 2008-06-15 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2010-01-29 01:06 . 2009-03-14 22:41 -------- d-----w- c:\program files\FrostWire 2010-01-28 21:26 . 2008-10-02 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-01-22 07:44 . 2010-01-22 07:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage 2010-01-05 10:00 . 2006-02-28 12:00 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll 2010-01-03 08:36 . 2009-12-25 06:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Moyea 2010-01-02 18:54 . 2010-01-02 18:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\.BitTornado 2010-01-02 10:56 . 2010-01-02 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\PCF-VLC 2009-12-22 08:34 . 2008-10-24 07:27 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-12-22 08:34 . 2008-07-20 20:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-12-22 08:34 . 2008-03-26 08:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-12-22 08:34 . 2009-10-30 20:09 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys 2009-12-22 08:34 . 2008-07-20 20:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 21:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-05 57344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "P17Helper"="P17.dll" [2005-05-03 64512] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-8-27 884840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-12-22 08:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi3"=ma_cmidn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 12:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-12-24 01:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler] 2006-01-09 02:43 53340 ------w- c:\program files\Creative\Shared Files\CTSched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-23 03:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 22:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-18 07:55 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] 2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 11:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/30/2009 12:09 PM 25608] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/20/2008 12:12 PM 333192] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/23/2008 11:27 PM 360584] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/22/2009 12:34 AM 285392] R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/22/2009 12:34 AM 2304192] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/22/2009 12:34 AM 5832712] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2007 7:50 PM 24652] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/23/2008 11:26 PM 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/30/2009 12:09 PM 122376] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/30/2009 12:09 PM 30216] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/30/2009 12:09 PM 25736] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/27/2007 10:21 PM 17149] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/4/2005 12:55 PM 34944] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/23/2008 11:26 PM 30104] S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys --> c:\windows\system32\drivers\dalwdm.sys [?] S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [11/10/2007 12:43 PM 20168] S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [11/10/2007 12:43 PM 22304] . Contents of the 'Scheduled Tasks' folder 2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com?o=14196&l=dis uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {10D5D574-4818-4953-9E0E-218BFEAA6B97} = 93.188.162.96,93.188.166.34 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-21 18:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x84D508C8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba91cf28 \Driver\ACPI -> ACPI.sys @ 0xba77fcb8 \Driver\atapi -> atapi.sys @ 0xba714b3a IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2436) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-02-21 18:19:31 ComboFix-quarantined-files.txt 2010-02-22 02:19 ComboFix2.txt 2010-02-22 01:50 Pre-Run: 382,302,822,400 bytes free Post-Run: 382,259,277,824 bytes free - - End Of File - - 5502D821D4495790C65929CAB4ECECDD
  9. Hello, I have been having some issues, which through searching on here are not uncommon. A week or two ago I started getting the 732 (12007,0) error. I uninstalled and reinstalled mbam a few times hoping that was the issue. I noticed that i couldnt get onto Antivirus, spyware, or malware websites such as this nor run windows update. After using another computer to log on here I found out I could have remaing malware/virus parts on my computer. I am using a proxy to get on here. Ive seen others with similar issues so I am hopefully mine can be resolved. My comp: Windox XP Pro SP3 AVG 9 (can update) - Latest scan came back clean Mbam (can't update) Spyware S&D (can't update) Here is the latest DDS log: DDS (Ver_09-12-01.01) - NTFSx86 Run by Administrator at 15:40:39.70 on Fri 02/19/2010 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2282 [GMT -8:00] AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Ideazon\ZEngine\Zboard.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\CometBird\CometBird.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearch Bar = uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188764132406 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab TCP: NameServer = 93.188.162.96,93.188.166.34 TCP: {10D5D574-4818-4953-9E0E-218BFEAA6B97} = 93.188.162.96,93.188.166.34 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll AppInit_DLLs: cru629.dat SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll IFEO: taskmgr.exe - E6B343 Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-30 25608] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-20 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-26 28424] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-23 360584] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-22 285392] R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-12-22 2304192] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-12-22 5832712] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-10-23 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-10-30 122376] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-30 30216] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-30 25736] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-8-27 17149] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2005-12-4 34944] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-10-23 30104] S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys --> c:\windows\system32\drivers\dalwdm.sys [?] S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-10 20168] S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2007-11-10 22304] =============== Created Last 30 ================ 2010-02-19 22:11:04 0 ----a-w- c:\documents and settings\administrator\defogger_reenable 2010-02-19 09:20:10 0 d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2010-02-19 07:44:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-19 07:44:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-19 07:44:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-19 06:06:41 0 d-----w- c:\program files\common files\AVSMedia 2010-02-19 06:06:41 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU 2010-02-19 06:06:02 0 d-----w- c:\program files\common files\Config 2010-02-19 06:05:42 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite 2010-02-19 06:05:39 0 d-----w- c:\program files\uTorrent 2010-02-15 07:21:04 6394 ----a-w- c:\documents and settings\administrator\.recently-used.xbel 2010-02-14 10:04:39 0 d-----w- c:\program files\Mediafour 2010-02-14 07:36:06 0 d-----w- c:\program files\Sony 2010-02-14 07:35:33 0 d-----w- c:\program files\Sony Setup 2010-02-12 09:53:19 0 d-----w- c:\program files\Moyea 2010-02-12 07:53:32 380928 ----a-w- c:\windows\system32\ac3filter.acm 2010-02-12 07:53:31 0 d-----w- c:\program files\AC3Filter 2010-02-12 07:27:16 0 d-----w- c:\docume~1\admini~1\applic~1\AVS4YOU 2010-02-12 07:26:04 24576 ----a-w- c:\windows\system32\msxml3a.dll 2010-02-05 09:42:13 0 d-----w- c:\program files\common files\Inet 2010-02-05 09:36:19 4199784 ----a-w- c:\windows\system32\cdintf400.dll 2010-02-05 09:35:51 0 d-----w- c:\program files\Quicken 2010-02-05 09:35:51 0 d-----w- c:\docume~1\admini~1\applic~1\Intuit 2010-02-05 09:35:41 120 ----a-w- c:\windows\QUICKEN.INI 2010-02-05 09:26:29 0 d-----w- c:\program files\Elaborate Bytes 2010-02-05 09:14:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-05 02:59:56 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent 2010-02-05 02:49:46 0 d-----w- c:\docume~1\admini~1\applic~1\CometNetwork 2010-02-05 02:49:31 0 d-----w- c:\program files\CometBird 2010-02-04 20:35:46 0 d-----w- c:\docume~1\admini~1\applic~1\Sunbelt 2010-02-04 20:34:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt 2010-02-04 20:32:23 0 d-----w- c:\program files\Sunbelt Software 2010-02-02 05:46:07 0 d-----w- c:\program files\iPod 2010-02-02 05:46:01 0 d-----w- c:\program files\iTunes 2010-01-22 07:44:08 0 d-----w- c:\docume~1\admini~1\applic~1\Office Genuine Advantage ==================== Find3M ==================== 2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll 2009-12-22 08:34:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-12-22 08:34:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-12-22 08:34:39 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys 2009-12-22 08:34:37 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2008-08-27 21:43:15 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat ============= FINISH: 15:41:46.95 =============== Latest Mbam Log: Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 2/19/2010 12:37:31 PM mbam-log-2010-02-19 (12-37-31).txt Scan type: Full Scan (C:\|) Objects scanned: 225106 Time elapsed: 1 hour(s), 26 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Temp\cd1cba31-0742-4e24-a642-ba5e7c73459c.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Attach.txt + Ark.txt attached. Attatch_Ark.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.