Hello, I am being attacked by malware, and I believe it is using a back door to come back once I connect to the internet; plus each search is being redirected through someone's ip address and server. MalwareBytes keeps on deleting two items that start with backdoor, and I cannot uninstall my AVG antivirus so that I can then install an updated on because an error tells me that I do not have authority. I have been trying to run GMER too, but several issues have been happening:I first fully ran in in safe mode but could not get to the save button because the vertical resolution was not long enough to extend the window to it; I then used it in the normal boot up but twice the program was cut off, disappeared, when it hit a driver; so, I deleted the driver and it ran for about two hours before disappearing again. BTw, each time I ran the program I had to create a new file with a different name; after the disappearance I could not delete nor run the application becuase a error window told me I did not have permission. I am currently using a differnt computer, with a thumb drive, to read, post dds, and download/transfer programs. Is this potentially dangerous to the not infected computer? In advance, thank You for your assisstance! . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 Run by Owner at 2:21:37 on 2011-09-05 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.969 [GMT -7:00] . AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = <local>;*.local mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [EPSON Stylus CX5000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibva.exe /fu "c:\windows\temp\E_S89.tmp" /EF "HKLM" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMwA4ADcANQA4ADAANQA3ADAALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMgAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAA"&"prod=90"&"ver=9.0.894 mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\owner\startm~1\programs\startup\viikii~1.lnk - c:\program files\viikiidesktopplugin\ViiKiiDesktopPlugin.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: mswsock.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265439346046 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336] S2 avgfws;AVG Firewall;"c:\program files\avg\avg10\avgfws.exe" --> c:\program files\avg\avg10\avgfws.exe [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-26 1025352] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-5 41272] . =============== Created Last 30 ================ . 2011-09-05 09:00:22 54016 ----a-w- c:\windows\system32\drivers\thlimom.sys 2011-09-05 08:49:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-05 08:49:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-04 04:02:14 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-04 03:57:30 50112 --sha-w- c:\windows\system32\c_89674.nl_ 2011-09-04 03:53:16 -------- d--h--w- c:\windows\PIF 2011-09-04 02:56:05 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-09-04 02:56:05 -------- d-----w- c:\windows\system32\wbem\Repository 2011-08-09 21:05:30 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-09 21:05:11 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2011-09-05 08:45:39 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-09-05 03:50:56 248656 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-09-04 07:35:29 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-09-04 07:16:15 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-09-04 03:57:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2010-12-13 04:03:17 1228384 ----a-w- c:\program files\Illustrator_15_LS1.exe 2010-06-28 06:50:14 8589088 ----a-w- c:\program files\Firefox Setup 3.6.6.exe 2010-02-21 00:28:40 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe 2010-02-17 05:14:36 29239088 ----a-w- c:\program files\epson13089.exe . ============= FINISH: 2:22:06.57 =============== Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7654 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 9/5/2011 1:55:25 AM mbam-log-2011-09-05 (01-55-25).txt Scan type: Quick scan Objects scanned: 172800 Time elapsed: 4 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\20ff4275 (Backdoor.0Access) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\1967324960:3741367690.exe (Backdoor.0Access) -> Quarantined and deleted successfully.attach.zip