Jump to content

hoosier

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by hoosier

  1. Elise, I did a full system reformat and reinstall. thank you for all your help and advice.
  2. Elise, Thank you for your assistance. I don't believe it to be wise to try and clean this mess up if there is no way to guarantee integrity of the system. I will do a reformat/reinstall of the operating system. I would ask only one additional question: should I reformat the entire drive, or just the C:/ partition? once again thank you for your help.
  3. thank you for taking the time to help me, Elise. and for your quick response. as requested, I downloaded and ran OTL and rootkit unhooker. i've obviously done something wrong, because OTL provides me only with an OTL.txt file. I ran this quick scan 4 times, and still have no extras.txt. but I am providing what those reports gave me, and will follow your instructions to the letter. OTL REPORT: OTL logfile created on: 2/6/2011 11:59:07 AM - Run 4 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Administrator\Desktop\Utilities Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 4092 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 292.97 Gb Total Space | 270.48 Gb Free Space | 92.32% Space Free | Partition Type: NTFS Drive M: | 405.66 Gb Total Space | 156.87 Gb Free Space | 38.67% Space Free | Partition Type: NTFS Computer Name: BB | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/06 11:58:51 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\Utilities\OTL(2).exe PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe PRC - [2010/11/02 20:06:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/11 17:20:27 | 000,094,208 | ---- | M] (Cypress Semiconductor) -- C:\Documents and Settings\Administrator\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\mxoaldr.exe PRC - [2005/10/31 10:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe ========== Modules (SafeList) ========== MOD - [2011/02/06 11:58:51 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\Utilities\OTL(2).exe MOD - [2011/02/01 00:19:24 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll MOD - [2009/07/11 23:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll MOD - [2009/07/11 23:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll MOD - [2008/04/13 19:11:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll MOD - [2004/02/23 03:00:00 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Disabled | Stopped] -- -- (gusvc) SRV - File not found [Disabled | Stopped] -- -- (gupdate1c9c93dba9d0d14) Google Update Service (gupdate1c9c93dba9d0d14) SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2006/07/18 16:58:30 | 000,804,864 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) ========== Driver Services (SafeList) ========== DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2006/07/18 16:53:58 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2006/07/18 16:53:46 | 000,029,568 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2006/07/18 16:53:26 | 000,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005/07/07 03:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17) DRV - [2005/01/10 05:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2005/01/10 05:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2004/10/07 10:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD) DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2003/10/10 04:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO) DRV - [2001/09/24 09:39:04 | 000,044,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvce.sys -- (QCEmerald) Logitech QuickCam Web(PID_0850) DRV - [2001/09/24 09:38:26 | 000,033,280 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-507921405-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shepherdschapel.com/ IE - HKU\S-1-5-21-2025429265-507921405-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-507921405-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "YouTube" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 18:00:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/01 00:19:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/01 00:19:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/01 00:19:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/02/01 00:19:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/02/01 00:19:51 | 000,000,000 | ---D | M] [2010/04/18 11:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010/04/18 11:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/02/04 20:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\extensions [2011/01/15 16:26:34 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010/11/02 13:52:45 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010/11/02 13:52:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/02 13:52:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011/01/11 00:22:13 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2010/11/10 20:16:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/10/20 15:53:47 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2010/02/09 01:15:55 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\searchplugins\cisco-docs.xml [2010/02/09 02:15:58 | 000,002,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\searchplugins\rapidshare-files-search.xml [2008/05/07 19:29:22 | 000,001,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\searchplugins\wikipedia-en.xml [2009/11/03 20:21:47 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qttao2h7.Default\searchplugins\youtube.xml [2011/02/04 20:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/12/16 12:57:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/01 00:19:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2010/12/28 18:00:57 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX [2010/10/26 19:44:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [MXOBG] C:\Documents and Settings\Administrator\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\mxoaldr.exe (Cypress Semiconductor) O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll () O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2025429265-507921405-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKU\S-1-5-21-2025429265-507921405-725345543-500\..Trusted Domains: madmartin.co.za ([www] http in Trusted sites) O15 - HKU\S-1-5-21-2025429265-507921405-725345543-500\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O15 - HKU\S-1-5-21-2025429265-507921405-725345543-500\..Trusted Domains: ohio.gov ([scoti] * in Trusted sites) O15 - HKU\S-1-5-21-2025429265-507921405-725345543-500\..Trusted Domains: symantec.com ([security] * in Trusted sites) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1262626465375 (WUWebControl Class) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1262628553468 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareup...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15113/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/03/11 17:05:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/05 15:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/02/05 15:27:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/02/05 15:27:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/02/05 15:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/02/04 22:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner [2011/02/04 19:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger [2011/02/01 00:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/02/01 00:18:55 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/02/01 00:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/02/01 00:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Real [2002/04/10 20:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/02/06 11:57:25 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/02/06 11:57:08 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-507921405-725345543-500.job [2011/02/06 11:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/02/06 11:56:08 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-507921405-725345543-500UA.job [2011/02/05 18:14:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable [2011/02/05 16:28:32 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk [2011/02/05 16:23:47 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hello.doc [2011/02/05 14:56:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-507921405-725345543-500Core.job [2011/02/05 10:56:54 | 105,408,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/02/04 22:00:06 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011/02/04 22:00:06 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011/02/04 20:57:24 | 000,000,245 | -HS- | M] () -- C:\boot.ini [2011/02/01 11:32:25 | 000,693,302 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Guide.pdf [2011/02/01 00:24:18 | 000,217,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/01 00:24:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/02/01 00:20:47 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-507921405-725345543-500.job [2011/02/01 00:18:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/01/17 14:54:40 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/01/14 00:33:56 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\UserScript.doc [2011/01/08 02:05:42 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/01/08 01:44:29 | 000,000,029 | ---- | M] () -- C:\WINDOWS\sfbm.INI [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/02/05 18:14:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable [2011/02/05 16:08:35 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hello.doc [2011/02/05 15:01:07 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk [2011/02/04 21:54:45 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini [2011/02/04 21:54:45 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2011/01/17 14:54:40 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/01/17 14:51:31 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-507921405-725345543-500UA.job [2011/01/17 14:51:30 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-507921405-725345543-500Core.job [2011/01/14 00:33:55 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\UserScript.doc [2011/01/08 02:59:28 | 007,572,224 | ---- | C] () -- C:\WINDOWS\System32\CT8MGM.SF2 [2011/01/08 01:44:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI [2010/10/17 13:51:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/09/25 01:25:59 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/09/25 01:25:59 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/09/17 15:55:43 | 000,356,218 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2010/09/17 15:55:43 | 000,356,218 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-507921405-725345543-500-0.dat [2010/09/17 01:34:25 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/09/17 01:06:13 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll [2010/03/09 20:14:58 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2009/10/16 15:14:13 | 000,000,071 | ---- | C] () -- C:\WINDOWS\updates.ini [2009/10/07 12:23:52 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2009/09/09 14:38:14 | 000,399,872 | ---- | C] () -- C:\WINDOWS\c4dstand.dll [2009/09/09 14:38:00 | 000,003,452 | ---- | C] () -- C:\WINDOWS\splash.ini [2009/01/08 22:04:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AVSDVDPlayer.m3u [2008/11/15 18:58:46 | 000,001,550 | ---- | C] () -- C:\WINDOWS\yahtzee.ini [2008/11/15 18:48:42 | 000,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/07/05 23:14:59 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008/05/30 20:20:09 | 000,000,491 | ---- | C] () -- C:\WINDOWS\bible.ini [2008/03/14 18:39:04 | 000,217,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/13 20:38:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008/03/13 20:35:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/03/11 22:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI [2008/03/11 18:54:12 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2008/03/11 18:33:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/03/11 17:50:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2008/03/11 17:33:15 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys [2008/03/11 17:33:14 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll [2008/03/11 17:33:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll [2008/03/11 17:33:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll [2008/03/11 17:27:12 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL [2008/03/11 17:09:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2008/03/11 10:58:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/05/03 06:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll [2003/10/02 05:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2008/03/11 17:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems [2008/03/11 17:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACDInTouch [2010/09/12 22:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics [2010/10/17 15:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10 [2010/03/29 23:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG9 [2008/07/03 08:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon [2008/03/18 14:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo [2010/02/09 02:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NetSimSDM [2010/09/18 10:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Participatory Culture Foundation [2010/10/09 20:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCF-VLC [2009/03/08 23:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab [2010/04/18 11:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird [2010/10/25 06:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2011/02/05 10:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/17 15:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/17 13:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVGQTS [2010/06/12 17:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boson [2009/10/16 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boson Software [2008/03/11 17:27:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2010/10/17 15:20:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2009/10/31 20:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX [2010/10/15 21:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit [2010/10/14 18:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/10/19 15:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2008/03/30 20:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp [2008/03/15 22:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2010/09/17 01:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/08/12 01:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland ========== Purity Check ========== < End of report > RKUNHOOK REPORT: RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #1 ============================================== >Drivers ============================================== 0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189184 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2189184 bytes 0x804D7000 RAW 2189184 bytes 0x804D7000 WMIxWDM 2189184 bytes 0xBF800000 Win32k 1851392 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xB962D000 C:\WINDOWS\system32\drivers\P17.sys 1392640 bytes (Creative Technology Ltd., WDM Audio Miniport) 0xB97B9000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver) 0xBFA3B000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology) 0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xADFEF000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xB94A0000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xAE156000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xA7675000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver) 0xAE10E000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xA71D4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xACC31000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver) 0xBFA06000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver) 0xB95B6000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 196608 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM)) 0xB94FE000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xA7717000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xF7411000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xA6F26000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xAE05F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xA75D5000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.) 0xAE0AC000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xB9590000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 155648 bytes (Creative Technology Ltd, SoundFont® Manager (WDM)) 0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xB956A000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver) 0xAE0E8000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xB9609000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xB9781000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xB95E6000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xAE08A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xBF9E4000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver) 0x806EE000 ACPI_HAL 131840 bytes 0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF747A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xAE1C2000 C:\WINDOWS\system32\drivers\InCDFs.sys 106496 bytes (Nero AG, InCD File System Driver) 0xF787D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xF7451000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xB953F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xA7792000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xB9556000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver) 0xB97A5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xAE1AF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xF743E000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xB952E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xF76D7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xBAF48000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xBAF58000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver) 0xBAF98000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xBAF38000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xA7B6F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xBAF78000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBF9D6000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver) 0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xBAF68000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xBA731000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xAEF08000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver) 0xBA711000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xAE9B7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xF7687000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xBA721000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xB9907000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.) 0xB0EF4000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.) 0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xF76B7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF7647000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xBA6F1000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF7657000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.) 0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xAE9A7000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xF7677000 C:\WINDOWS\system32\drivers\InCDRm.sys 36864 bytes (Nero AG, Nero MRW Filter Driver) 0xBAFA8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xBA701000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xAEEE8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xB98F7000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xAEEF8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xF779F000 C:\WINDOWS\system32\drivers\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver) 0xAEEB3000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF778F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xAEEA3000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xF7707000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xF7797000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xF77BF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xF7787000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xAEEC3000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xF7717000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver) 0xAEEBB000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xF77AF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF77B7000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xF77A7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xA7A64000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xBA5BE000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xA79B3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xBAF1B000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xA79A7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xAECE3000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xAF496000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer) 0xA77EF000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER) 0xAE214000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xBAF07000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xAF492000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xBAFD8000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer) 0xF79BB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xF798D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xF79B9000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver) 0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xF79BD000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xF79DF000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver) 0xF79BF000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xF79D1000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xF79F5000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xBA51D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xA784A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xAE513000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xF7A4F000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) !!!!!!!!!!!Hidden driver: 0x8A58FAEA ?_empty_? 1302 bytes 0x8A58FEC5 unknown_irp_handler 315 bytes !!!!!!!!!!!Hidden driver: 0x8A643EA8 ?_empty_? 0 bytes ============================================== >Stealth ============================================== 0xF749A000 WARNING: suspicious driver modification [atapi.sys::0x8A58FAEA] 0xF75F7000 WARNING: Virus alike driver modification [isapnp.sys], 40960 bytes
  4. Hello, I hope I am finally posting in the right sub-forum. for the past few weeks now I have been having issues with my system: 1. Every time I boot the computer up I get the message "The instruction at '0x001a16b0' referenced memory at '0x00000000'. The memory could not be 'written' " with svhost.exe being the referring .exe. as long as I do not click on it, or close it, I can operate normally, but should I click ok or cancel, it auto changes my taskbar to what we see in safe mode. plus every two minutes I get the same popup box repeated. event log shows the error, and number of the error, but there is no information available on the microsoft KB. 2. I have a redirection issue in my firefox. any search terms redirect to some other search site. a search of the firefox folders reveals nothing (to me). 3. Spybot S&D, MAB, GMER scanner all show no infection or issues. In order to use them, I had to rename the exe in program folders to get them to run. For purposes of analysis, I have disabled linkscanner and resident shield in my AVG, used fogger to disable emulation drivers and include a MBAM scan result log and GMER log. Thank you for your help. GMER LOG: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2011-02-05 22:34:10 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgldqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF75896C0] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF7589770] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7589810] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF75898B0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 450 804E2AAC 2 Bytes [70, 97] {JO 0xffffffffffffff99} .text ntoskrnl.exe!_abnormal_termination + 453 804E2AAF 5 Bytes [F7, 10, 98, 58, F7] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[872] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3728] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device InCDFs.sys (InCD File System Driver/Nero AG) ---- Services - GMER 1.0.15 ---- Service system32\DRIVERS\obvious.sys (*** hidden *** ) [sYSTEM] obvious <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@ServiceBinary C:\WINDOWS\system32\drivers\OBVIOUS.SYS Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@Group SCSI Miniport Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@ImagePath system32\DRIVERS\obvious.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious@Tag 64 Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\Enum Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\Enum@Count 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\Enum@NextInstance 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\Enum@INITSTARTFAILED 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\parameters\pnpinterface Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\security Reg HKLM\SYSTEM\CurrentControlSet\Services\obvious\security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet003\Services\obvious@ServiceBinary C:\WINDOWS\system32\drivers\OBVIOUS.SYS Reg HKLM\SYSTEM\ControlSet003\Services\obvious@Group SCSI Miniport Reg HKLM\SYSTEM\ControlSet003\Services\obvious@ImagePath system32\DRIVERS\obvious.sys Reg HKLM\SYSTEM\ControlSet003\Services\obvious@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\Services\obvious@Start 1 Reg HKLM\SYSTEM\ControlSet003\Services\obvious@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\obvious@Tag 64 Reg HKLM\SYSTEM\ControlSet003\Services\obvious\Enum (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\obvious\Enum@Count 0 Reg HKLM\SYSTEM\ControlSet003\Services\obvious\Enum@NextInstance 0 Reg HKLM\SYSTEM\ControlSet003\Services\obvious\Enum@INITSTARTFAILED 1 Reg HKLM\SYSTEM\ControlSet003\Services\obvious\parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\obvious\parameters\pnpinterface (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\obvious\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\ControlSet003\Services\obvious\security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\obvious\security@Security 0x01 0x00 0x14 0x80 ... ---- EOF - GMER 1.0.15 ---- MBAM LOG: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5686 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 2/5/2011 4:22:31 PM mbam-log-2011-02-05 (16-22-31).txt Scan type: Quick scan Objects scanned: 143304 Time elapsed: 2 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. My apologies for posting in the wrong forum. I will put it in the appropriate place. thank you very much.
  6. Hello, for the past few weeks now I have been having issues with my system: 1. Every time I boot the computer up I get the message "The instruction at '0x001a16b0' referenced memory at '0x00000000'. The memory could not be 'written' " with svhost.exe being the referring .exe. as long as I do not click on it, or close it, I can operate normally, but should I click ok or cancel, it auto changes my taskbar to what we see in safe mode. plus every two minutes I get the same popup box repeated. event log shows the error, and number of the error, but there is no information available on the microsoft KB. 2. I have a redirection issue in my firefox. any search terms redirect to some other search site. a search of the firefox folders reveals nothing (to me). 3. Spybot S&D, MAB, norton online scanner all show no infection or issues. In order to use them, I had to rename the exe in program folders to get them to run. 4. AVG rootkit scanner showed no infections. rootkit revealer, GMER, root repeal all showed no infections. I uninstalled those programs after use. Chkdsk and defrag were both performed on my system as well. I use auslogics registry cleaner and have also used eusing registry cleaner. Both were run till there were 0 errors, then reboot to the same problems. For purposes of analysis, I have disabled linkscanner and resident shield in my AVG, and include a MAB scan result log, hijack this log and add/remove programs log. Thank you for your help. MBAM LOG: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5686 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 2/5/2011 4:22:31 PM mbam-log-2011-02-05 (16-22-31).txt Scan type: Quick scan Objects scanned: 143304 Time elapsed: 2 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HIJACK THIS LOG: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:16:53 PM, on 2/5/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\Program Files\AVG\AVG10\avgchsvx.exe C:\Program Files\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Documents and Settings\Administrator\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shepherdschapel.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Administrator\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.madmartin.co.za O15 - Trusted Zone: scoti.ohio.gov O15 - Trusted Zone: security.symantec.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1262626465375 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1262628553468 O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareup...13/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15113/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 6048 bytes ADD/REMOVE PROGRAMS LIST: 7-Zip 4.65 ACDSee Adobe Digital Editions Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.2.5 Apple Application Support Auslogics Registry Cleaner AVG 2011 AVG 2011 AVG 2011 Boson Exam Environment Boson NetSim for CCNP 7.0 Boson NetSim for CCNP 7.0 Bulk Rename Utility 2, 4, 1, 0 Cisco Packet Tracer 5.2 Compatibility Pack for the 2007 Office system Creative Software AutoUpdate Creative System Information Critical Update for Windows Media Player 11 (KB959772) DivX Setup doPDF 7.1 printer Eusing Free Registry Cleaner Google Earth HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers InterVideo WinDVD 8 Java 6 Update 23 LG USB Modem driver Logitech QuickCam Malwarebytes' Anti-Malware Maxtor OneTouch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office FrontPage 2003 Microsoft Office OneNote 2003 Microsoft Office Professional Edition 2003 Microsoft Office Project Professional 2003 Microsoft Office Visio Professional 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.6.12) Mozilla Thunderbird (3.0.11) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Nero 7 Essentials Packet Tracer 5.0 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB976325) SolarWinds Advanced Subnet Calculator Sound Blaster Audigy SoundMAX Spybot - Search & Destroy System Requirements Lab Uninstall 1.0.0.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB Storage Adapter FX (MXO) VideoLAN VLC media player 0.8.6f Winamp Windows Imaging Component Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Service Pack 3 Xvid 1.2.2 final uninstall Yahoo! Messenger Yahtzee
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.