Cant update mbam and others, getting redirected, etc

[The_Dave]

Hello,

I have been having some issues, which through searching on here are not uncommon. A week or two ago I started getting the 732 (12007,0) error. I uninstalled and reinstalled mbam a few times hoping that was the issue. I noticed that i couldnt get onto Antivirus, spyware, or malware websites such as this nor run windows update. After using another computer to log on here I found out I could have remaing malware/virus parts on my computer. I am using a proxy to get on here. Ive seen others with similar issues so I am hopefully mine can be resolved.

My comp:

Windox XP Pro SP3

AVG 9 (can update) - Latest scan came back clean

Mbam (can't update)

Spyware S&D (can't update)

Here is the latest DDS log:

DDS (Ver_09-12-01.01) - NTFSx86

Run by Administrator at 15:40:39.70 on Fri 02/19/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2282 [GMT -8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files\Ideazon\ZEngine\Zboard.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\NETGEAR\WG111T\wlan111t.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\CometBird\CometBird.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14196&l=dis

uSearch Bar =

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe

mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}

DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188764132406

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab

TCP: NameServer = 93.188.162.96,93.188.166.34

TCP: {10D5D574-4818-4953-9E0E-218BFEAA6B97} = 93.188.162.96,93.188.166.34

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs: cru629.dat

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: taskmgr.exe - E6B343

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-30 25608]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-20 333192]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-26 28424]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-23 360584]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-22 285392]

R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-12-22 2304192]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-12-22 5832712]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-10-23 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-10-30 122376]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-30 30216]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-30 25736]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-8-27 17149]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2005-12-4 34944]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-10-23 30104]

S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys --> c:\windows\system32\drivers\dalwdm.sys [?]

S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-10 20168]

S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2007-11-10 22304]

=============== Created Last 30 ================

2010-02-19 22:11:04 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-02-19 09:20:10 0 d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2010-02-19 07:44:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-19 07:44:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-19 07:44:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-19 06:06:41 0 d-----w- c:\program files\common files\AVSMedia

2010-02-19 06:06:41 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU

2010-02-19 06:06:02 0 d-----w- c:\program files\common files\Config

2010-02-19 06:05:42 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite

2010-02-19 06:05:39 0 d-----w- c:\program files\uTorrent

2010-02-15 07:21:04 6394 ----a-w- c:\documents and settings\administrator\.recently-used.xbel

2010-02-14 10:04:39 0 d-----w- c:\program files\Mediafour

2010-02-14 07:36:06 0 d-----w- c:\program files\Sony

2010-02-14 07:35:33 0 d-----w- c:\program files\Sony Setup

2010-02-12 09:53:19 0 d-----w- c:\program files\Moyea

2010-02-12 07:53:32 380928 ----a-w- c:\windows\system32\ac3filter.acm

2010-02-12 07:53:31 0 d-----w- c:\program files\AC3Filter

2010-02-12 07:27:16 0 d-----w- c:\docume~1\admini~1\applic~1\AVS4YOU

2010-02-12 07:26:04 24576 ----a-w- c:\windows\system32\msxml3a.dll

2010-02-05 09:42:13 0 d-----w- c:\program files\common files\Inet

2010-02-05 09:36:19 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-02-05 09:35:51 0 d-----w- c:\program files\Quicken

2010-02-05 09:35:51 0 d-----w- c:\docume~1\admini~1\applic~1\Intuit

2010-02-05 09:35:41 120 ----a-w- c:\windows\QUICKEN.INI

2010-02-05 09:26:29 0 d-----w- c:\program files\Elaborate Bytes

2010-02-05 09:14:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-02-05 02:59:56 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent

2010-02-05 02:49:46 0 d-----w- c:\docume~1\admini~1\applic~1\CometNetwork

2010-02-05 02:49:31 0 d-----w- c:\program files\CometBird

2010-02-04 20:35:46 0 d-----w- c:\docume~1\admini~1\applic~1\Sunbelt

2010-02-04 20:34:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt

2010-02-04 20:32:23 0 d-----w- c:\program files\Sunbelt Software

2010-02-02 05:46:07 0 d-----w- c:\program files\iPod

2010-02-02 05:46:01 0 d-----w- c:\program files\iTunes

2010-01-22 07:44:08 0 d-----w- c:\docume~1\admini~1\applic~1\Office Genuine Advantage

==================== Find3M ====================

2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll

2009-12-22 08:34:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-22 08:34:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-22 08:34:39 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2009-12-22 08:34:37 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2008-08-27 21:43:15 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 15:41:46.95 ===============

Latest Mbam Log:

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

2/19/2010 12:37:31 PM

mbam-log-2010-02-19 (12-37-31).txt

Scan type: Full Scan (C:\|)

Objects scanned: 225106

Time elapsed: 1 hour(s), 26 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Temp\cd1cba31-0742-4e24-a642-ba5e7c73459c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Attach.txt + Ark.txt attached.

Attatch_Ark.zip

[fenzodahl512]

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:

• Tools->Options->Main tab
  
• Set to "Always ask me where to Save the files".
  

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

[The_Dave]

Ok here is the combo fix log:

ComboFix 10-02-21.02 - Administrator 02/21/2010 18:11:41.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2507 [GMT -8:00]

Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))

.

2010-02-19 09:20 . 2010-02-19 09:20 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2010-02-19 08:04 . 2010-02-19 08:05 -------- d-----w- c:\program files\ERUNT

2010-02-19 07:44 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-19 07:44 . 2010-02-19 09:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-19 07:44 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\program files\Common Files\Config

2010-02-19 06:05 . 2010-02-19 06:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite

2010-02-19 06:05 . 2010-02-19 06:05 -------- d-----w- c:\program files\uTorrent

2010-02-14 10:04 . 2010-02-19 05:59 -------- d-----w- c:\program files\Mediafour

2010-02-14 07:36 . 2010-02-14 07:36 -------- d-----w- c:\program files\Sony

2010-02-14 07:35 . 2010-02-14 07:35 -------- d-----w- c:\program files\Sony Setup

2010-02-12 09:53 . 2010-02-19 06:06 -------- d-----w- c:\program files\Moyea

2010-02-12 07:53 . 2010-02-19 06:00 -------- d-----w- c:\program files\AC3Filter

2010-02-12 07:27 . 2010-02-12 07:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU

2010-02-12 07:26 . 2003-05-21 20:50 24576 ----a-w- c:\windows\system32\msxml3a.dll

2010-02-11 09:29 . 2010-02-19 06:00 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-11 01:31 . 2010-02-05 06:28 245760 ----a-w- c:\documents and settings\Administrator\Application Data\CometNetwork\CometBird\Profiles\1xa8kvgf.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

2010-02-05 09:42 . 2010-02-05 09:42 -------- d-----w- c:\program files\Common Files\Inet

2010-02-05 09:41 . 2010-02-05 09:41 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll

2010-02-05 09:41 . 2010-02-05 09:41 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll

2010-02-05 09:41 . 2010-02-05 09:41 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll

2010-02-05 09:39 . 2010-02-05 09:39 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll

2010-02-05 09:37 . 2010-02-05 09:37 241512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

2010-02-05 09:37 . 2010-02-05 09:37 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll

2010-02-05 09:36 . 2010-02-05 09:36 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd

2010-02-05 09:36 . 2009-09-08 20:42 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe

2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe

2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Hab\Custom\billmind.exe

2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe

2010-02-05 09:35 . 2010-02-19 06:01 -------- d-----w- c:\program files\Quicken

2010-02-05 09:35 . 2010-02-05 09:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit

2010-02-05 09:26 . 2010-02-05 09:26 -------- d-----w- c:\program files\Elaborate Bytes

2010-02-05 09:14 . 2010-02-05 09:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-02-05 02:59 . 2010-02-20 01:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent

2010-02-05 02:49 . 2010-02-05 02:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CometNetwork

2010-02-05 02:49 . 2010-02-05 02:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\CometNetwork

2010-02-05 02:49 . 2010-02-19 06:01 -------- d-----w- c:\program files\CometBird

2010-02-05 00:08 . 2010-02-05 00:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2010-02-05 00:07 . 2010-02-19 06:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2010-02-04 20:35 . 2010-02-04 20:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sunbelt

2010-02-04 20:34 . 2010-02-04 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt

2010-02-04 20:32 . 2010-02-04 20:32 -------- d-----w- c:\program files\Sunbelt Software

2010-02-02 05:46 . 2010-02-19 06:05 -------- d-----w- c:\program files\iPod

2010-02-02 05:46 . 2010-02-19 06:05 -------- d-----w- c:\program files\iTunes

2010-02-02 05:25 . 2010-02-02 05:25 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-01-28 19:59 . 2010-01-28 20:00 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-19 09:05 . 2008-03-18 08:25 -------- d-----w- c:\program files\Lavasoft

2010-02-19 09:05 . 2008-01-25 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-19 07:44 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-02-19 07:39 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-19 06:07 . 2007-08-28 08:45 -------- d-----w- c:\program files\DivX

2010-02-19 06:07 . 2009-08-21 07:18 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-02-19 06:07 . 2007-08-28 07:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3

2010-02-19 06:06 . 2007-08-28 06:21 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-19 06:05 . 2007-08-28 08:56 -------- d-----w- c:\program files\Common Files\Apple

2010-02-19 06:04 . 2009-09-11 04:22 -------- d-----w- c:\program files\QuickTime

2010-02-19 06:04 . 2009-04-24 17:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0

2010-02-16 02:15 . 2009-03-14 22:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire

2010-02-05 09:35 . 2008-06-15 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit

2010-01-29 01:06 . 2009-03-14 22:41 -------- d-----w- c:\program files\FrostWire

2010-01-28 21:26 . 2008-10-02 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-01-22 07:44 . 2010-01-22 07:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage

2010-01-05 10:00 . 2006-02-28 12:00 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll

2010-01-03 08:36 . 2009-12-25 06:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Moyea

2010-01-02 18:54 . 2010-01-02 18:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\.BitTornado

2010-01-02 10:56 . 2010-01-02 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\PCF-VLC

2009-12-22 08:34 . 2008-10-24 07:27 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-22 08:34 . 2008-07-20 20:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-22 08:34 . 2008-03-26 08:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-12-22 08:34 . 2009-10-30 20:09 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2009-12-22 08:34 . 2008-07-20 20:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 21:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]

"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-05 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

"P17Helper"="P17.dll" [2005-05-03 64512]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-8-27 884840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-12-22 08:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 12:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-12-24 01:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]

2006-01-09 02:43 53340 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-01-23 03:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 22:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-09-18 07:55 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]

2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 11:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/30/2009 12:09 PM 25608]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/20/2008 12:12 PM 333192]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/23/2008 11:27 PM 360584]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/22/2009 12:34 AM 285392]

R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/22/2009 12:34 AM 2304192]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/22/2009 12:34 AM 5832712]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2007 7:50 PM 24652]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/23/2008 11:26 PM 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/30/2009 12:09 PM 122376]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/30/2009 12:09 PM 30216]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/30/2009 12:09 PM 25736]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/27/2007 10:21 PM 17149]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/4/2005 12:55 PM 34944]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/23/2008 11:26 PM 30104]

S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys --> c:\windows\system32\drivers\dalwdm.sys [?]

S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [11/10/2007 12:43 PM 20168]

S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [11/10/2007 12:43 PM 22304]

.

Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=14196&l=dis

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {10D5D574-4818-4953-9E0E-218BFEAA6B97} = 93.188.162.96,93.188.166.34

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-21 18:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x84D508C8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba91cf28

\Driver\ACPI -> ACPI.sys @ 0xba77fcb8

\Driver\atapi -> atapi.sys @ 0xba714b3a

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: -> SendCompleteHandler -> 0x0

PacketIndicateHandler -> 0x0

SendHandler -> 0x0

user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2436)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-02-21 18:19:31

ComboFix-quarantined-files.txt 2010-02-22 02:19

ComboFix2.txt 2010-02-22 01:50

Pre-Run: 382,302,822,400 bytes free

Post-Run: 382,259,277,824 bytes free

- - End Of File - - 5502D821D4495790C65929CAB4ECECDD

[fenzodahl512]

Download THIS TOOL and unzip it to your Desktop..

Open the tdss_remover_latest folder and run the remover.exe file.. Just choose "Yes" or "Ok" at all prompt.. It will reboot your computer once the cleaning process is finished (if not, you need to reboot the computer yourself)..

If you got something like below screen, please refer to below screen and do as per pictured..

Then proceed with the next step below..

p/s: If you can't unzip it the file, please download 7-zip from below..

http://www.7-zip.org/download.html

Then please navigate the 7-zip YouTube tutorial below..

Please download TDSSKiller.zip and unzip it to your Desktop

Run the TDSSKiller and wait until it finishes (should be just a few seconds or below a minute).. Then find the log at your %systemdrive% (drive that contains Windows)

The log shall be named something like this one..

(TDSSKiller.version_date_time_log) for example.. (TDSSKiller.2.1.1_22.12.2009_19.33.44_log)

[The_Dave]

Here is the TDSSKiller log:

19:37:29:890 3048 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31

19:37:29:890 3048 ================================================================================

19:37:29:890 3048 SystemInfo:

19:37:29:890 3048 OS Version: 5.1.2600 ServicePack: 3.0

19:37:29:890 3048 Product type: Workstation

19:37:29:890 3048 ComputerName: DTOWER

19:37:29:890 3048 UserName: Administrator

19:37:29:890 3048 Windows directory: C:\WINDOWS

19:37:29:890 3048 Processor architecture: Intel x86

19:37:29:890 3048 Number of processors: 4

19:37:29:890 3048 Page size: 0x1000

19:37:29:890 3048 Boot type: Normal boot

19:37:29:890 3048 ================================================================================

19:37:29:906 3048 UnloadDriverW: NtUnloadDriver error 2

19:37:29:906 3048 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

19:37:29:906 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

19:37:29:921 3048 UtilityInit: KLMD drop and load success

19:37:29:921 3048 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)

19:37:29:921 3048 UtilityInit: KLMD open success

19:37:29:921 3048 UtilityInit: Initialize success

19:37:29:921 3048

19:37:29:921 3048 Scanning Services ...

19:37:29:921 3048 CreateRegParser: Registry parser init started

19:37:29:921 3048 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127

19:37:29:921 3048 CreateRegParser: DisableWow64Redirection error

19:37:29:921 3048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

19:37:29:937 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043

19:37:29:937 3048 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

19:37:29:937 3048 wfopen_ex: Trying to KLMD file open

19:37:29:937 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system

19:37:29:937 3048 wfopen_ex: File opened ok (Flags 2)

19:37:29:937 3048 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 394958

19:37:29:937 3048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

19:37:29:937 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043

19:37:29:937 3048 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

19:37:29:937 3048 wfopen_ex: Trying to KLMD file open

19:37:29:937 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software

19:37:29:937 3048 wfopen_ex: File opened ok (Flags 2)

19:37:29:937 3048 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 394A00

19:37:29:937 3048 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127

19:37:29:937 3048 CreateRegParser: EnableWow64Redirection error

19:37:29:937 3048 CreateRegParser: RegParser init completed

19:37:30:390 3048 GetAdvancedServicesInfo: Raw services enum returned 373 services

19:37:30:390 3048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

19:37:30:390 3048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

19:37:30:390 3048

19:37:30:390 3048 Scanning Kernel memory ...

19:37:30:390 3048 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

19:37:30:390 3048 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84CE6930

19:37:30:390 3048 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects

19:37:30:390 3048

19:37:30:390 3048 DetectCureTDL3: DEVICE_OBJECT: 84AABC68

19:37:30:390 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84AABC68

19:37:30:390 3048 KLMD_ReadMem: Trying to ReadMemory 0x84AABC68[0x38]

19:37:30:390 3048 DetectCureTDL3: DRIVER_OBJECT: 84CE6930

19:37:30:390 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CE6930[0xA8]

19:37:30:390 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1D85328[0x18]

19:37:30:390 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CREATE : BA91EBB0

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CLOSE : BA91EBB0

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_READ : BA918D1F

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_WRITE : BA918D1F

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA9192E2

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA9193BB

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA91CF28

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA9192E2

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_POWER : BA91AC82

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA91F99E

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562

19:37:30:390 3048 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562

19:37:30:390 3048 TDL3_FileDetect: Processing driver: Disk

19:37:30:390 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:37:30:390 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:37:30:406 3048 TDL3_FileDetect: Processing driver: Disk

19:37:30:406 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:37:30:406 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:37:30:406 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:37:30:406 3048

19:37:30:406 3048 DetectCureTDL3: DEVICE_OBJECT: 84BBE218

19:37:30:406 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84BBE218

19:37:30:406 3048 DetectCureTDL3: DEVICE_OBJECT: 848543C8

19:37:30:406 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 848543C8

19:37:30:406 3048 KLMD_ReadMem: Trying to ReadMemory 0x848543C8[0x38]

19:37:30:406 3048 DetectCureTDL3: DRIVER_OBJECT: 84953040

19:37:30:406 3048 KLMD_ReadMem: Trying to ReadMemory 0x84953040[0xA8]

19:37:30:406 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1F70828[0x1E]

19:37:30:406 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CREATE : BABB5218

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CLOSE : BABB5218

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_READ : BABB523C

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_WRITE : BABB523C

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BABB5180

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BABB09E6

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_POWER : BABB45F0

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BABB2A6E

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562

19:37:30:406 3048 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562

19:37:30:406 3048 TDL3_FileDetect: Processing driver: USBSTOR

19:37:30:406 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:37:30:406 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0xBABB1F26[0x400]

19:37:30:421 3048 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

19:37:30:421 3048 TDL3_FileDetect: Processing driver: USBSTOR

19:37:30:421 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:37:30:421 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:37:30:421 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

19:37:30:421 3048

19:37:30:421 3048 DetectCureTDL3: DEVICE_OBJECT: 84CE59F0

19:37:30:421 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CE59F0

19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CE59F0[0x38]

19:37:30:421 3048 DetectCureTDL3: DRIVER_OBJECT: 84CE6930

19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CE6930[0xA8]

19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1D85328[0x18]

19:37:30:421 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE : BA91EBB0

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CLOSE : BA91EBB0

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_READ : BA918D1F

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_WRITE : BA918D1F

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA9192E2

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA9193BB

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA91CF28

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA9192E2

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_POWER : BA91AC82

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA91F99E

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562

19:37:30:421 3048 TDL3_FileDetect: Processing driver: Disk

19:37:30:421 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:37:30:421 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:37:30:421 3048 TDL3_FileDetect: Processing driver: Disk

19:37:30:421 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:37:30:421 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:37:30:421 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:37:30:421 3048

19:37:30:421 3048 DetectCureTDL3: DEVICE_OBJECT: 84CA8AB8

19:37:30:421 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CA8AB8

19:37:30:421 3048 DetectCureTDL3: DEVICE_OBJECT: 84CE83A8

19:37:30:421 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CE83A8

19:37:30:421 3048 DetectCureTDL3: DEVICE_OBJECT: 84CAA940

19:37:30:421 3048 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CAA940

19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CAA940[0x38]

19:37:30:421 3048 DetectCureTDL3: DRIVER_OBJECT: 84CAB320

19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0x84CAB320[0xA8]

19:37:30:421 3048 KLMD_ReadMem: Trying to ReadMemory 0xE1D707D8[0x1A]

19:37:30:421 3048 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CLOSE : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_READ : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_WRITE : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_INFORMATION : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_EA : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_EA : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CLEANUP : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_SECURITY : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_POWER : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : BA714B3A

19:37:30:421 3048 DetectCureTDL3: IRP_MJ_SET_QUOTA : BA714B3A

19:37:30:421 3048 TDL3_FileDetect: Processing driver: atapi

19:37:30:421 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

19:37:30:421 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys

19:37:30:437 3048 DetectCureTDL3: All IRP handlers pointed to one addr: BA714B3A

19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0xBA714B3A[0x400]

19:37:30:437 3048 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr

19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4]

19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0x84D210B4[0x4]

19:37:30:437 3048 TDL3_IrpHookDetect: New IrpHandler addr: 84D518C8

19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0x84D518C8[0x400]

19:37:30:437 3048 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120

19:37:30:437 3048 Driver "atapi" Irp handler infected by TDSS rootkit ... 19:37:30:437 3048 KLMD_WriteMem: Trying to WriteMemory 0x84D5194E[0xD]

19:37:30:437 3048 cured

19:37:30:437 3048 KLMD_ReadMem: Trying to ReadMemory 0xBA712864[0x400]

19:37:30:437 3048 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

19:37:30:437 3048 TDL3_FileDetect: Processing driver: atapi

19:37:30:437 3048 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

19:37:30:437 3048 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys

19:37:30:437 3048 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected

19:37:30:437 3048 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 19:37:30:437 3048 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

19:37:30:437 3048 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3

19:37:30:468 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab

19:37:30:531 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp2.cab

19:37:30:546 3048 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp3.cab

19:37:30:562 3048 CabinetCallback: Backup candidate found: atapi.sys:96512, extracting..

19:37:30:609 3048 CabinetCallback: File extracted successfully: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bckE.tmp

19:37:30:609 3048 ValidateDriverFile: Stage 1 passed

19:37:30:609 3048 ValidateDriverFile: Stage 2 passed

19:37:30:656 3048 DigitalSignVerifyByHandle: Embedded DS result: 800B0100

19:37:31:390 3048 DigitalSignVerifyByHandle: Cat DS result: 00000000

19:37:31:390 3048 ValidateDriverFile: Stage 3 passed

19:37:31:390 3048 CabinetCallback: File validated successfully, restore information prepared

19:37:31:390 3048 FindDriverFileBackup: Backup copy found in cab-file

19:37:31:390 3048 TDL3_FileCure: Backup copy found, using it..

19:37:31:390 3048 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tskF.tmp

19:37:31:437 3048 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskF.tmp, system32\drivers\atapi.sys)

19:37:31:437 3048 TDL3_FileCure: KLMD jobs schedule success

19:37:31:437 3048 will be cured on next reboot

19:37:31:437 3048 UtilityBootReinit: Reboot required for cure complete..

19:37:31:437 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000

19:37:31:437 3048 UtilityBootReinit: KLMD drop success

19:37:31:437 3048 KLMD_ApplyPendList: Pending buffer(7E2_322F, 600) dropped successfully

19:37:31:437 3048 UtilityBootReinit: Cure on reboot scheduled successfully

19:37:31:437 3048

19:37:31:437 3048 Completed

19:37:31:437 3048

19:37:31:437 3048 Results:

19:37:31:437 3048 Memory objects infected / cured / cured on reboot: 1 / 1 / 0

19:37:31:437 3048 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

19:37:31:437 3048 File objects infected / cured / cured on reboot: 1 / 0 / 1

19:37:31:437 3048

19:37:31:437 3048 UnloadDriverW: NtUnloadDriver error 1

19:37:31:437 3048 KLMD_Unload: UnloadDriverW(klmd21) error 1

19:37:31:437 3048 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

19:37:31:437 3048 UtilityDeinit: KLMD(ARK) unloaded successfully

[fenzodahl512]

Reboot your computer then do below..

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:

• Tools->Options->Main tab
  
• Set to "Always ask me where to Save the files".
  

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

[The_Dave]

latest combo fix:

ComboFix 10-02-24.01 - Administrator 02/24/2010 22:33:47.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2443 [GMT -8:00]

Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))

.

2010-02-19 09:20 . 2010-02-19 09:20 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2010-02-19 08:04 . 2010-02-19 08:05 -------- d-----w- c:\program files\ERUNT

2010-02-19 07:44 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-19 07:44 . 2010-02-19 09:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-19 07:44 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2010-02-19 06:06 . 2010-02-19 06:06 -------- d-----w- c:\program files\Common Files\Config

2010-02-19 06:05 . 2010-02-19 06:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite

2010-02-19 06:05 . 2010-02-23 05:31 -------- d-----w- c:\program files\uTorrent

2010-02-14 10:04 . 2010-02-19 05:59 -------- d-----w- c:\program files\Mediafour

2010-02-14 07:36 . 2010-02-14 07:36 -------- d-----w- c:\program files\Sony

2010-02-14 07:35 . 2010-02-14 07:35 -------- d-----w- c:\program files\Sony Setup

2010-02-12 09:53 . 2010-02-19 06:06 -------- d-----w- c:\program files\Moyea

2010-02-12 07:53 . 2010-02-19 06:00 -------- d-----w- c:\program files\AC3Filter

2010-02-12 07:27 . 2010-02-12 07:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU

2010-02-12 07:26 . 2003-05-21 20:50 24576 ----a-w- c:\windows\system32\msxml3a.dll

2010-02-11 09:29 . 2010-02-19 06:00 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-11 01:31 . 2010-02-05 06:28 245760 ----a-w- c:\documents and settings\Administrator\Application Data\CometNetwork\CometBird\Profiles\1xa8kvgf.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

2010-02-05 09:42 . 2010-02-05 09:42 -------- d-----w- c:\program files\Common Files\Inet

2010-02-05 09:41 . 2010-02-05 09:41 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll

2010-02-05 09:41 . 2010-02-05 09:41 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll

2010-02-05 09:41 . 2010-02-05 09:41 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll

2010-02-05 09:39 . 2010-02-05 09:39 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll

2010-02-05 09:37 . 2010-02-05 09:37 241512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

2010-02-05 09:37 . 2010-02-05 09:37 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll

2010-02-05 09:36 . 2010-02-05 09:36 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd

2010-02-05 09:36 . 2009-09-08 20:42 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe

2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe

2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Hab\Custom\billmind.exe

2010-02-05 09:36 . 2009-09-08 19:40 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe

2010-02-05 09:35 . 2010-02-19 06:01 -------- d-----w- c:\program files\Quicken

2010-02-05 09:35 . 2010-02-05 09:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit

2010-02-05 09:26 . 2010-02-05 09:26 -------- d-----w- c:\program files\Elaborate Bytes

2010-02-05 09:14 . 2010-02-05 09:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-02-05 02:59 . 2010-02-23 07:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent

2010-02-05 02:49 . 2010-02-05 02:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CometNetwork

2010-02-05 02:49 . 2010-02-05 02:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\CometNetwork

2010-02-05 02:49 . 2010-02-19 06:01 -------- d-----w- c:\program files\CometBird

2010-02-05 00:08 . 2010-02-05 00:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2010-02-05 00:07 . 2010-02-19 06:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2010-02-04 20:35 . 2010-02-04 20:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sunbelt

2010-02-04 20:34 . 2010-02-04 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt

2010-02-04 20:32 . 2010-02-04 20:32 -------- d-----w- c:\program files\Sunbelt Software

2010-02-02 05:46 . 2010-02-19 06:05 -------- d-----w- c:\program files\iPod

2010-02-02 05:46 . 2010-02-19 06:05 -------- d-----w- c:\program files\iTunes

2010-02-02 05:25 . 2010-02-02 05:25 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-01-28 19:59 . 2010-01-28 20:00 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-23 09:12 . 2009-03-14 22:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire

2010-02-23 03:39 . 2006-02-28 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-02-22 08:19 . 2009-03-14 22:41 -------- d-----w- c:\program files\FrostWire

2010-02-19 09:05 . 2008-03-18 08:25 -------- d-----w- c:\program files\Lavasoft

2010-02-19 09:05 . 2008-01-25 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-19 07:44 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-02-19 07:39 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-19 06:07 . 2007-08-28 08:45 -------- d-----w- c:\program files\DivX

2010-02-19 06:07 . 2009-08-21 07:18 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-02-19 06:07 . 2007-08-28 07:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3

2010-02-19 06:06 . 2007-08-28 06:21 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-19 06:05 . 2007-08-28 08:56 -------- d-----w- c:\program files\Common Files\Apple

2010-02-19 06:04 . 2009-09-11 04:22 -------- d-----w- c:\program files\QuickTime

2010-02-19 06:04 . 2009-04-24 17:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0

2010-02-05 09:35 . 2008-06-15 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit

2010-01-28 21:26 . 2008-10-02 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-01-22 07:44 . 2010-01-22 07:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage

2010-01-05 10:00 . 2006-02-28 12:00 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll

2010-01-03 08:36 . 2009-12-25 06:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Moyea

2010-01-02 18:54 . 2010-01-02 18:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\.BitTornado

2010-01-02 10:56 . 2010-01-02 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\PCF-VLC

2009-12-22 08:34 . 2008-10-24 07:27 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-22 08:34 . 2008-07-20 20:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-22 08:34 . 2008-03-26 08:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-12-22 08:34 . 2009-10-30 20:09 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2009-12-22 08:34 . 2008-07-20 20:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 21:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]

"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-05 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

"P17Helper"="P17.dll" [2005-05-03 64512]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-8-27 884840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-12-22 08:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 12:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-12-24 01:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]

2006-01-09 02:43 53340 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-01-23 03:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 22:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-09-18 07:55 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]

2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 11:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/30/2009 12:09 PM 25608]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/20/2008 12:12 PM 333192]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/23/2008 11:27 PM 360584]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/22/2009 12:34 AM 285392]

R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/22/2009 12:34 AM 2304192]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/22/2009 12:34 AM 5832712]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2007 7:50 PM 24652]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/23/2008 11:26 PM 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/30/2009 12:09 PM 122376]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/30/2009 12:09 PM 30216]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/30/2009 12:09 PM 25736]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/27/2007 10:21 PM 17149]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/4/2005 12:55 PM 34944]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/23/2008 11:26 PM 30104]

S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys --> c:\windows\system32\drivers\dalwdm.sys [?]

S3 rk_remover;rk_remover;\??\c:\windows\system32\drivers\rk_remover.sys --> c:\windows\system32\drivers\rk_remover.sys [?]

S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [11/10/2007 12:43 PM 20168]

S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [11/10/2007 12:43 PM 22304]

.

Contents of the 'Scheduled Tasks' folder

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=14196&l=dis

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {10D5D574-4818-4953-9E0E-218BFEAA6B97} = 93.188.162.96,93.188.166.34

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3684)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-02-24 22:40:45

ComboFix-quarantined-files.txt 2010-02-25 06:40

ComboFix2.txt 2010-02-22 02:19

ComboFix3.txt 2010-02-22 01:50

Pre-Run: 381,960,146,944 bytes free

Post-Run: 381,926,965,248 bytes free

- - End Of File - - 079C7AC402D3542EBC9CFA02F5A92C12

[fenzodahl512]

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

How's the computer now?

[The_Dave]

I cant get ESET Scan to run. Im not sure why. My guess would be that I have to use a proxy to access the site?

[fenzodahl512]

Lets use another online scanner..

Well.. How's the computer now?

Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Go to Kaspersky Online Scanner

1. Read through the requirements and privacy statement and click on Accept button.

2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

3. When the downloads have finished, click on Settings.

4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

5. Click on My Computer under Scan.

6. Once the scan is complete, it will display the results. Click on View Scan Report.

7. You will see a list of infected items there. Click on Save Report As....

8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[The_Dave]

Now on the Kspersky one it wont update and I keep getting a dialogue box that says "Program has failed to start. Program has failed to start. Close the Kaspersky Online Scan 7.0 window and open it again to install the program." Ive tried 10 times and this is still what I get.

[The_Dave]

Here is what is it saying now:

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Failed to connect to update source]

[fenzodahl512]

Erm.. Something is still lingering on the computer.. Lets do this..

Please run GMER again and attach its report here

Next, Please download HijackThis and save it into Desktop.

• Double-click on HJTInstall.exe and install HijackThis in its default location C:\Program Files\Trend Micro\HijackThis folder
  
• Next, please click on Do a system scan and save a logfile
  
• After the scan finished, a HijackThis log will pop-on to your Desktop.
  
• Please DO NOT fix anything inside HijackThis.. Most of the entries are legit and even needed..
  
• Please post the content of that log in your next reply..
  

Next, Please download RUNSCANNER to your desktop and run it.

• When the first page comes up select Beginner Mode
  
• On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  
• At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  
• It will then ask you to save two files, the .run file and the log. Save both of them in your Desktop.
  
• You will see the .run file on your desktop. Please zip the .run file and attach it in your next reply
  

Then upload that as an attachment in your next post.

[The_Dave]

Here is the HijackThis log, with the latest GMER and the Runscanner files attached.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:41:00 AM, on 2/26/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files\Ideazon\ZEngine\Zboard.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\NETGEAR\WG111T\wlan111t.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\CometBird\CometBird.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgupd.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188764132406

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15109/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{10D5D574-4818-4953-9E0E-218BFEAA6B97}: NameServer = 93.188.162.96,93.188.166.34

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 7937 bytes

2_26.zip

[The_Dave]

Just realized that I attached the runscanner.exe in my last post DOH!

here is the log:

Runscanner logfile

* = signed file

- = file not found

General info

------------

Computer name : DTOWER

Creation time : 2/26/2010 9:44:16 AM

Hosts <> 127.0.0.1 : 0

Hosts file location : %SystemRoot%\System32\drivers\etc

IE version : 7.0.5730.11

OS : Microsoft Windows XP

OS Build : 2600

OS SP : Service Pack 3

RunScanner Version : 1.9.0.9

User Language : English (United States)

User rights : Administrator

Windows folder : C:\WINDOWS

Running processes

-----------------

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)

* C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

* C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)

* C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

* C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

* C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

* C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

* C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

* C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)

* C:\Program Files\CometBird\CometBird.exe (CometNetwork)

* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)

* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

* C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

* C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)

C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)

* C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

* C:\WINDOWS\system32\PnkBstrA.exe

* C:\WINDOWS\system32\RUNDLL32.EXE (Microsoft Corporation)

* C:\WINDOWS\system32\Rundll32.exe (Microsoft Corporation)

* C:\Documents and Settings\Administrator\Desktop\runscanner.exe (Runscanner.net)

* C:\WINDOWS\system32\services.exe (Microsoft Corporation)

* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)

* c:\windows\System32\smss.exe (Microsoft Corporation)

* C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)

Unrated items

-------------

002 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)

002 C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

002 C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)

003 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

005 C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe (Hewlett-Packard Co.)

005 C:\PROGRA~1\NETGEAR\WG111T\wlan111t.exe (NETGEAR)

010 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe (ForceWare Intelligent Application Manager (IAM))

010 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (NMIndexingService)

010 C:\WINDOWS\system32\HPZipm12.exe (Pml Driver HPZ12)

010 * C:\WINDOWS\system32\PnkBstrA.exe (PnkBstrA)

010 C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Manager Service)

011 C:\WINDOWS\system32\DRIVERS\AegisP.sys (AEGIS Protocol (IEEE 802.1x) v3.2.0.3)

011 C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile USB Driver)

011 C:\WINDOWS\system32\DNINDIS5.SYS (DNINDIS5 NDIS Protocol Driver)

011 * C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR ASPI Filter Driver)

011 C:\WINDOWS\system32\DRIVERS\Alpham.sys (Ideazon Merc Composite Keyboard Driver)

011 * C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio USB Driver)

011 C:\WINDOWS\system32\drivers\usbkt1x1.sys (M-Audio USB Keystation)

011 * C:\WINDOWS\system32\drivers\uks11ldr.sys (M-Audio USB Keystation Loader)

011 C:\WINDOWS\system32\drivers\TPkd.sys (TPkd)

011 C:\WINDOWS\system32\DRIVERS\VClone.sys (VClone)

052 GUID / CLSID not found {53707962-6F74-2D53-2644-206D7942484F}

061 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}

061 C:\WINDOWS\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}

061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}

061 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3}

061 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8}

061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

061 C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll (Intuit Inc.) {7D5C4BDD-B015-4401-8731-1507B87DE297}

062 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882}

069 C:\WINDOWS\system32\HpTcpMon.dll (Hewlett Packard)

100 Start Page HKCU : http://www.ask.com?o=14196&l=dis

104 GUID / CLSID not found {00000075-9980-0010-8000-00AA00389B71}

104 * C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx (Creative Technology Ltd) {F6ACF75C-C32C-447B-9BEF-46B766368D29}

105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

120 NameServer {10D5D574-4818-4953-9E0E-218BFEAA6B97} : 93.188.162.96,93.188.166.34

153 * C:\WINDOWS\system32\ma_cmidn.dll (M-Audio)

171 C:\WINDOWS\system32\SPHOME~1.SCR (ScreenTime Media)

173 GUID / CLSID not found

173 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}

221 GUID / CLSID not found

221 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}

222 GUID / CLSID not found {736AF091-C361-49B4-A928-87C586130D33}

223 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

227 GUID / CLSID not found

227 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}

229 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

231 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) NeroDigitalExt.NeroDigitalColumnHandler

251 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}

Missing files

-------------

011 C:\WINDOWS\system32\drivers\Abiosdsk.sys

011 C:\WINDOWS\system32\drivers\abp480n5.sys

011 C:\WINDOWS\system32\drivers\adpu160m.sys

011 C:\WINDOWS\system32\drivers\Aha154x.sys

011 C:\WINDOWS\system32\drivers\aic78u2.sys

011 C:\WINDOWS\system32\drivers\aic78xx.sys

011 C:\WINDOWS\system32\drivers\AliIde.sys

011 C:\WINDOWS\system32\drivers\amsint.sys

011 C:\WINDOWS\system32\drivers\asc.sys

011 C:\WINDOWS\system32\drivers\asc3350p.sys

011 C:\WINDOWS\system32\drivers\asc3550.sys

011 C:\WINDOWS\system32\drivers\Atdisk.sys

011 C:\WINDOWS\system32\drivers\Beep.sys

011 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys

011 C:\WINDOWS\system32\drivers\cd20xrnt.sys

011 C:\WINDOWS\system32\drivers\Changer.sys

011 C:\WINDOWS\system32\drivers\CmdIde.sys

011 C:\WINDOWS\system32\drivers\Cpqarray.sys

011 C:\WINDOWS\system32\drivers\dac2w2k.sys

011 C:\WINDOWS\system32\drivers\dac960nt.sys

011 c:\windows\system32\drivers\dalwdm.sys

011 C:\WINDOWS\system32\drivers\dpti2o.sys

011 C:\WINDOWS\system32\drivers\hpn.sys

011 C:\WINDOWS\system32\drivers\i2omgmt.sys

011 C:\WINDOWS\system32\drivers\i2omp.sys

011 C:\WINDOWS\system32\drivers\ini910u.sys

011 C:\WINDOWS\system32\drivers\IntelIde.sys

011 c:\windows\system32\DRIVERS\Lbd.sys

011 C:\WINDOWS\system32\drivers\lbrtfdc.sys

011 C:\WINDOWS\system32\drivers\mraid35x.sys

011 C:\WINDOWS\system32\drivers\PCIDump.sys

011 C:\WINDOWS\system32\drivers\PDCOMP.sys

011 C:\WINDOWS\system32\drivers\PDFRAME.sys

011 C:\WINDOWS\system32\drivers\PDRELI.sys

011 C:\WINDOWS\system32\drivers\PDRFRAME.sys

011 C:\WINDOWS\system32\drivers\perc2.sys

011 C:\WINDOWS\system32\drivers\perc2hib.sys

011 C:\WINDOWS\system32\drivers\ql1080.sys

011 C:\WINDOWS\system32\drivers\Ql10wnt.sys

011 C:\WINDOWS\system32\drivers\ql12160.sys

011 C:\WINDOWS\system32\drivers\ql1240.sys

011 C:\WINDOWS\system32\drivers\ql1280.sys

011 C:\WINDOWS\system32\drivers\rk_remover.sys

011 C:\WINDOWS\system32\drivers\Simbad.sys

011 C:\WINDOWS\system32\drivers\Sparrow.sys

011 C:\WINDOWS\system32\drivers\sym_hi.sys

011 C:\WINDOWS\system32\drivers\sym_u3.sys

011 c:\windows\system32\DRIVERS\SymIM.sys

011 C:\WINDOWS\system32\drivers\symc810.sys

011 C:\WINDOWS\system32\drivers\symc8xx.sys

011 c:\windows\system32\DRIVERS\SymIM.sys

011 C:\WINDOWS\system32\drivers\TosIde.sys

011 C:\WINDOWS\system32\drivers\ultra.sys

011 C:\WINDOWS\system32\drivers\ViaIde.sys

011 C:\WINDOWS\system32\drivers\WDICA.sys

061 deskpan.dll

[fenzodahl512]

Hello.. Sorry I'm late.. Was outstation for three days..

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O17 - HKLM\System\CCS\Services\Tcpip\..\{10D5D574-4818-4953-9E0E-218BFEAA6B97}: NameServer = 93.188.162.96,93.188.166.34

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.

Then, please reset the router back to its factory setting.. Refer below if you do not know how..

http://www.ehow.com/how_2110924_router-bac...t-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it

http://www.routerpasswords.com/

http://www.phenoelit-us.org/dpl/dpl.html

Then reboot the computer and tell me if you still got the redirect issues

[The_Dave]

WOOHOO! Mbam is updating and I am no longer getting redirected!

Thank you so much for all your help!