Jump to content

Tricky (for me) infection....seems common tho'


Recommended Posts

Hi there...

Yesterday I got infected with this insidious malware that is nearly identical to something I picked up about a year ago, so I instantly recognized it. It's the "Windows Security Center" (WSC) fake antivirus scheme. This is on an old Dell Inspiron 2650 laptop with XP that is sitting next to me (I'm typing on a desktop computer that is not connected in any way.)

Last year, I followed instructions online and ended up loading on Malwarebytes anti-malware program (MWB) which successfully cleaned up the computer. I had AVG free version on there already, and the two have always seemed to "get along" in tandem, so I left them as is. Yesterday, when I first noticed the WSC screen pop up, I immediately closed everything and did a full AVG scan (after successful update), and it found 12 infections, 6 of something called Katusha.A, and 6 of the Trojan called Java.Agent.EO, and it told me that it was able to successfully delete all of them. However, I then went to update Malwarebytes too, in order to run that as well, but then it shut off about about three minutes with no warning/message. It wouldn't reopen then (I get the same message as everyone else), and so I went online here and searched to find that this is common. (I now find that I am even unable to uninstall Malwarebytes through the Add/Remove programs in CP) Obviously, the infection was not entirely cleared by AVG, or else there were mutiple infections of a different type(?). I haven't been able to determine if Katusha.A or Java.Agent.EO have anything to do with the WSC malware or something else entirely.

I did the simplest suggestions first...ie., downloaded the more recent version of the MWB program here, renamed the executable and then tried to run it on the infected machine, but it failed just the same. Inherit reactivates the program for a moment, but the scan still fails every time. (Note: it fails at different points every time...sometimes a few minutes, often 10-20 seconds, now sometimes only a couple seconds.) AVG scan also does not continue now, even though it worked once the first time just after noticing the infection. Most other simple plans to deal with this (reading online) have included loading some other std A-V program onto the machine to clear it up, but I gather the malware will immediately attack it just as it is doing to the two I have on there already. And anyway, I know I'm not supposed to be loading multiple equivalent anti-malware programs on the machine, so I want to avoid this if I can. It seems that several people in my situation have been prompted to try something called combofix.exe, but they always give a warning that other people should not follow these instructions unless they really know what they are doing. I guess I need advice now specifically for my computer. I did run something called TDSSKiller.exe, which turned up only one suspicious file (labelled as 'hidden') which I gathered was not related to my actual problems.

Don't know what else to say...if I'm to include a log of some kind, let me know how/where to find it. I only know enough to be dangerous and haven't had any problem serious enough to date to learn a great deal about malware removal of a tricky sort....

Any help appreciated. RK

Ah...OK, learned how to create logs...Here's the dds log (below is the GMER log, recreated manually because I couldn't save it as normal because of the screen formatting in safe mode - couldn't scroll down to save and Ctrl-S didn't work - hopefully I transcribed it without mistake, and luckily it was short)...RK

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 7.0.5730.13

Run by Home at 11:51:12 on 2011-10-01

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.379 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\2354190571:350727539.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

StartupFolder: c:\docume~1\home\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207185872480

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{A6FE5394-E034-423B-8808-4F8CB7E43B04} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\db4rmfl8.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc78e40&v=7.008.031.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-13 984392]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]

S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\drivers\cbpmp50.sys --> c:\windows\system32\drivers\CBPMp50.sys [?]

S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [2008-8-29 27072]

.

=============== Created Last 30 ================

.

2011-09-30 05:58:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

==================== Find3M ====================

.

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 02:31:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 11:51:45.26 ===============

GMER log went as follows (the Rootkit bit), transcribed manually:

Type Name Value

AttachedDevice \Driver\Tcpip\Device\Ip avgtdix.sys (AVG Network Connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip\Device\RawIp avgtdix.sys (AVG Network Connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip\Device\Tcp avgtdix.sys (AVG Network Connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip\Device\Udp avgtdix.sys (AVG Network Connection watcher/AVG Technologies CZ, s.r.o.)

Thread System [4:260] F86BA9B5

Thread System [4:264] 82270875

Link to post
Share on other sites

  • Replies 72
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hi...first off, thanks so much for your help...this is certainly the worst thing I've ever been infected with.

Anyway, I've done what you have asked. I tried at first to run in safe mode, but I had no access to AVG Control Center this way, so I had to re-start up Windows in regular mode (in the future, let me know how I should start the computer). I did temporarily disable AVG 2011 according to the instructions, but maybe it wouldn't "take" because of the malware itself (?), because ComboFix told me it was still active. I set it to 15 min. and ran ComboFix immediately, so time was not the issue. I continued with ComboFix anyway, since it was already started and there was nothing else to do. ComboFix took a LONG time to run completely, about 45 min. and required two auto-reboots in the process. It told me right away I have Rootkit.ZeroAccess and that this thing was particularly nasty.

Here are the logs you asked for....

ComboFix 11-10-04.04 - Home 10/05/2011 0:37.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.225 [GMT -4:00]

Running from: c:\documents and settings\Home\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Desktop\Malware Protection.lnk

c:\documents and settings\Home\Application Data\completescan

c:\documents and settings\Home\Application Data\install

c:\documents and settings\Home\WINDOWS

c:\program files\messenger\msmsgsin.exe

c:\windows\$NtUninstallKB18027$\1036211260

c:\windows\$NtUninstallKB18027$\3944239756\@

c:\windows\$NtUninstallKB18027$\3944239756\click.tlb

c:\windows\$NtUninstallKB18027$\3944239756\L\zizcpulz

c:\windows\$NtUninstallKB18027$\3944239756\loader.tlb

c:\windows\$NtUninstallKB18027$\3944239756\U\@00000001

c:\windows\$NtUninstallKB18027$\3944239756\U\@000000c0

c:\windows\$NtUninstallKB18027$\3944239756\U\@000000cb

c:\windows\$NtUninstallKB18027$\3944239756\U\@000000cf

c:\windows\$NtUninstallKB18027$\3944239756\U\@80000000

c:\windows\$NtUninstallKB18027$\3944239756\U\@800000c0

c:\windows\$NtUninstallKB18027$\3944239756\U\@800000cb

c:\windows\$NtUninstallKB18027$\3944239756\U\@800000cf

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\2354190571

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\system32\

c:\windows\$NtUninstallKB18027$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_eb18528c

.

.

((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))

.

.

2011-09-30 05:58 . 2011-09-30 06:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 21:00 . 2010-10-30 05:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 02:31 . 2011-05-15 03:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-11 16:44 . 2011-05-16 05:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-04-22 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-04-22 17:56 2495816 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-04-22 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-04-22 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512]

"nwiz"="nwiz.exe" [2003-06-24 323584]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

.

c:\documents and settings\Home\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 248656]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 4:23 PM 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 4:23 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 4:23 PM 27216]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 297168]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/13/2011 11:41 PM 984392]

S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys --> c:\windows\system32\Drivers\CBPMp50.sys [?]

S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [8/29/2008 5:21 PM 27072]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\db4rmfl8.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc78e40&v=7.008.031.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-05 00:59

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1935655697-746137067-1343024091-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(520)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(108)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG10\avgrsx.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2011-10-05 01:01:45 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-05 05:01

.

Pre-Run: 68,969,926,656 bytes free

Post-Run: 69,357,301,760 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - A93BFB6D55CF57BEEFA24B8905A96F87

Now, dds....

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Home at 1:03:07 on 2011-10-05

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.154 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

StartupFolder: c:\docume~1\home\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207185872480

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{A6FE5394-E034-423B-8808-4F8CB7E43B04} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\db4rmfl8.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc78e40&v=7.008.031.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 0

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-13 984392]

S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\drivers\cbpmp50.sys --> c:\windows\system32\drivers\CBPMp50.sys [?]

S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [2008-8-29 27072]

.

=============== Created Last 30 ================

.

2011-10-05 04:27:16 -------- d-sha-r- C:\cmdcons

2011-10-05 04:23:59 98816 ----a-w- c:\windows\sed.exe

2011-10-05 04:23:59 518144 ----a-w- c:\windows\SWREG.exe

2011-10-05 04:23:59 256000 ----a-w- c:\windows\PEV.exe

2011-10-05 04:23:59 208896 ----a-w- c:\windows\MBR.exe

2011-09-30 05:58:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

==================== Find3M ====================

.

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 02:31:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 1:03:42.05 ===============

Thanks...Roger

Link to post
Share on other sites

  • Root Admin

STEP 01

Open Firefox, then go to Tools > Options > Advanced > Network tab > Connection section > Settings button and delet the proxy settings. Then set to No Proxy and click OK and close.

STEP 02

Download and run this tool from Kaspersky. http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Please try to run it in Normal Mode. If it won't run you can run it from Safe Mode but Normal would be better. Follow any on-screen instructions

It will create a log in the root with a name something like this: C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please post back that log when done.

STEP 03

Uninstall all versions of Java

STEP 04

Run DDS one more time and post back the new logs.

Link to post
Share on other sites

Done.

STEP 1: was already set on No Proxy, but text existed in Manual fields for "HTTP Proxy" and "No Proxy for..." Switched to manual, erased text, and then set back to No Proxy. Right?

STEP 2: log below, said nothing found.

STEP 3: Uninstalled Java v. 6 Update 16 (nothing else under Java running)

STEP 4: log below

Thanks...RK

01:36:47.0175 1864 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

01:36:47.0276 1864 ============================================================

01:36:47.0276 1864 Current date / time: 2011/10/05 01:36:47.0276

01:36:47.0286 1864 SystemInfo:

01:36:47.0286 1864

01:36:47.0286 1864 OS Version: 5.1.2600 ServicePack: 2.0

01:36:47.0286 1864 Product type: Workstation

01:36:47.0286 1864 ComputerName: 3XMG150-VJE883K

01:36:47.0286 1864 UserName: Home

01:36:47.0286 1864 Windows directory: C:\WINDOWS

01:36:47.0286 1864 System windows directory: C:\WINDOWS

01:36:47.0286 1864 Processor architecture: Intel x86

01:36:47.0286 1864 Number of processors: 1

01:36:47.0286 1864 Page size: 0x1000

01:36:47.0286 1864 Boot type: Normal boot

01:36:47.0286 1864 ============================================================

01:36:48.0748 1864 Initialize success

01:36:58.0492 1964 ============================================================

01:36:58.0502 1964 Scan started

01:36:58.0502 1964 Mode: Manual;

01:36:58.0502 1964 ============================================================

01:36:59.0093 1964 Abiosdsk - ok

01:36:59.0153 1964 abp480n5 - ok

01:36:59.0243 1964 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

01:36:59.0263 1964 ac97intc - ok

01:36:59.0353 1964 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

01:36:59.0383 1964 ACPI - ok

01:36:59.0433 1964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

01:36:59.0453 1964 ACPIEC - ok

01:36:59.0503 1964 adpu160m - ok

01:36:59.0593 1964 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

01:36:59.0623 1964 aec - ok

01:36:59.0683 1964 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

01:36:59.0703 1964 AFD - ok

01:36:59.0763 1964 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

01:36:59.0784 1964 agp440 - ok

01:36:59.0834 1964 Aha154x - ok

01:36:59.0874 1964 aic78u2 - ok

01:36:59.0914 1964 aic78xx - ok

01:36:59.0984 1964 AliIde - ok

01:37:00.0024 1964 amsint - ok

01:37:00.0114 1964 asc - ok

01:37:00.0154 1964 asc3350p - ok

01:37:00.0194 1964 asc3550 - ok

01:37:00.0254 1964 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys

01:37:00.0254 1964 Aspi32 - ok

01:37:00.0334 1964 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

01:37:00.0354 1964 AsyncMac - ok

01:37:00.0374 1964 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

01:37:00.0384 1964 atapi - ok

01:37:00.0414 1964 Atdisk - ok

01:37:00.0505 1964 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

01:37:00.0525 1964 Atmarpc - ok

01:37:00.0605 1964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

01:37:00.0625 1964 audstub - ok

01:37:00.0745 1964 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

01:37:00.0745 1964 AVGIDSDriver - ok

01:37:00.0805 1964 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

01:37:00.0825 1964 AVGIDSEH - ok

01:37:00.0905 1964 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

01:37:00.0905 1964 AVGIDSFilter - ok

01:37:00.0985 1964 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

01:37:00.0985 1964 AVGIDSShim - ok

01:37:01.0065 1964 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

01:37:01.0105 1964 Avgldx86 - ok

01:37:01.0155 1964 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

01:37:01.0176 1964 Avgmfx86 - ok

01:37:01.0246 1964 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

01:37:01.0266 1964 Avgrkx86 - ok

01:37:01.0336 1964 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

01:37:01.0386 1964 Avgtdix - ok

01:37:01.0536 1964 BCM43XX (52d67c5465c01913b03b7daca0cc4077) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

01:37:01.0566 1964 BCM43XX - ok

01:37:01.0686 1964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

01:37:01.0706 1964 Beep - ok

01:37:01.0776 1964 catchme - ok

01:37:01.0836 1964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

01:37:01.0856 1964 cbidf2k - ok

01:37:01.0897 1964 CBPMp50 - ok

01:37:01.0987 1964 CBPSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\CBPSp50.sys

01:37:02.0017 1964 CBPSp50 - ok

01:37:02.0057 1964 cd20xrnt - ok

01:37:02.0137 1964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

01:37:02.0157 1964 Cdaudio - ok

01:37:02.0237 1964 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

01:37:02.0257 1964 Cdfs - ok

01:37:02.0337 1964 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

01:37:02.0357 1964 Cdrom - ok

01:37:02.0397 1964 Changer - ok

01:37:02.0517 1964 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

01:37:02.0537 1964 CmBatt - ok

01:37:02.0578 1964 CmdIde - ok

01:37:02.0628 1964 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

01:37:02.0638 1964 Compbatt - ok

01:37:02.0738 1964 Cpqarray - ok

01:37:02.0798 1964 dac2w2k - ok

01:37:02.0838 1964 dac960nt - ok

01:37:02.0908 1964 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

01:37:02.0928 1964 Disk - ok

01:37:03.0078 1964 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

01:37:03.0138 1964 dmboot - ok

01:37:03.0198 1964 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

01:37:03.0218 1964 dmio - ok

01:37:03.0279 1964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

01:37:03.0289 1964 dmload - ok

01:37:03.0369 1964 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

01:37:03.0389 1964 DMusic - ok

01:37:03.0509 1964 dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys

01:37:03.0549 1964 dot4 - ok

01:37:03.0609 1964 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

01:37:03.0629 1964 Dot4Print - ok

01:37:03.0679 1964 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

01:37:03.0699 1964 Dot4Scan - ok

01:37:03.0739 1964 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

01:37:03.0759 1964 dot4usb - ok

01:37:03.0789 1964 dpti2o - ok

01:37:03.0849 1964 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

01:37:03.0859 1964 drmkaud - ok

01:37:03.0929 1964 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

01:37:03.0939 1964 EL90XBC - ok

01:37:04.0060 1964 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

01:37:04.0080 1964 Fastfat - ok

01:37:04.0140 1964 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

01:37:04.0160 1964 Fdc - ok

01:37:04.0240 1964 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

01:37:04.0250 1964 Fips - ok

01:37:04.0300 1964 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

01:37:04.0320 1964 Flpydisk - ok

01:37:04.0410 1964 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys

01:37:04.0450 1964 FltMgr - ok

01:37:04.0560 1964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

01:37:04.0580 1964 Fs_Rec - ok

01:37:04.0640 1964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

01:37:04.0661 1964 Ftdisk - ok

01:37:04.0711 1964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

01:37:04.0731 1964 GEARAspiWDM - ok

01:37:04.0791 1964 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

01:37:04.0801 1964 Gpc - ok

01:37:04.0921 1964 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

01:37:04.0941 1964 HidUsb - ok

01:37:04.0961 1964 hpn - ok

01:37:05.0061 1964 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys

01:37:05.0101 1964 HTTP - ok

01:37:05.0151 1964 i2omgmt - ok

01:37:05.0201 1964 i2omp - ok

01:37:05.0241 1964 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

01:37:05.0261 1964 i8042prt - ok

01:37:05.0311 1964 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

01:37:05.0331 1964 Imapi - ok

01:37:05.0382 1964 ini910u - ok

01:37:05.0432 1964 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

01:37:05.0462 1964 IntelIde - ok

01:37:05.0512 1964 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

01:37:05.0532 1964 intelppm - ok

01:37:05.0572 1964 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

01:37:05.0592 1964 ip6fw - ok

01:37:05.0672 1964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

01:37:05.0692 1964 IpFilterDriver - ok

01:37:05.0752 1964 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

01:37:05.0772 1964 IpInIp - ok

01:37:05.0852 1964 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

01:37:05.0882 1964 IpNat - ok

01:37:05.0942 1964 IPSec (f3c766d2051b187d9d387d16e2b930ec) C:\WINDOWS\system32\DRIVERS\ipsec.sys

01:37:05.0962 1964 IPSec - ok

01:37:06.0022 1964 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

01:37:06.0043 1964 IRENUM - ok

01:37:06.0133 1964 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

01:37:06.0153 1964 isapnp - ok

01:37:06.0213 1964 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

01:37:06.0223 1964 Kbdclass - ok

01:37:06.0313 1964 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

01:37:06.0343 1964 kmixer - ok

01:37:06.0403 1964 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

01:37:06.0433 1964 KSecDD - ok

01:37:06.0503 1964 lbrtfdc - ok

01:37:06.0633 1964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

01:37:06.0653 1964 mnmdd - ok

01:37:06.0734 1964 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

01:37:06.0754 1964 Modem - ok

01:37:06.0814 1964 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

01:37:06.0834 1964 Mouclass - ok

01:37:06.0904 1964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

01:37:06.0914 1964 mouhid - ok

01:37:06.0964 1964 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

01:37:06.0974 1964 MountMgr - ok

01:37:07.0014 1964 mraid35x - ok

01:37:07.0084 1964 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

01:37:07.0104 1964 MRxDAV - ok

01:37:07.0204 1964 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

01:37:07.0254 1964 MRxSmb - ok

01:37:07.0304 1964 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

01:37:07.0324 1964 Msfs - ok

01:37:07.0404 1964 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

01:37:07.0424 1964 MSKSSRV - ok

01:37:07.0475 1964 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

01:37:07.0495 1964 MSPCLOCK - ok

01:37:07.0545 1964 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

01:37:07.0555 1964 MSPQM - ok

01:37:07.0635 1964 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

01:37:07.0655 1964 mssmbios - ok

01:37:07.0705 1964 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

01:37:07.0725 1964 Mup - ok

01:37:07.0765 1964 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

01:37:07.0795 1964 NDIS - ok

01:37:07.0885 1964 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

01:37:07.0915 1964 NdisTapi - ok

01:37:07.0965 1964 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

01:37:07.0985 1964 Ndisuio - ok

01:37:08.0035 1964 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

01:37:08.0055 1964 NdisWan - ok

01:37:08.0095 1964 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

01:37:08.0115 1964 NDProxy - ok

01:37:08.0166 1964 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

01:37:08.0186 1964 NetBIOS - ok

01:37:08.0276 1964 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

01:37:08.0306 1964 NetBT - ok

01:37:08.0456 1964 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

01:37:08.0476 1964 Npfs - ok

01:37:08.0576 1964 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

01:37:08.0616 1964 Ntfs - ok

01:37:08.0716 1964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

01:37:08.0736 1964 Null - ok

01:37:08.0867 1964 nv (d21cdbd7c5fce5d3dfbd2f3859e1eb4e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

01:37:08.0967 1964 nv - ok

01:37:09.0077 1964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

01:37:09.0087 1964 NwlnkFlt - ok

01:37:09.0117 1964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

01:37:09.0137 1964 NwlnkFwd - ok

01:37:09.0207 1964 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

01:37:09.0227 1964 Parport - ok

01:37:09.0317 1964 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

01:37:09.0327 1964 PartMgr - ok

01:37:09.0377 1964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

01:37:09.0387 1964 ParVdm - ok

01:37:09.0457 1964 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

01:37:09.0477 1964 PCI - ok

01:37:09.0507 1964 PCIDump - ok

01:37:09.0538 1964 PCIIde - ok

01:37:09.0578 1964 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

01:37:09.0598 1964 Pcmcia - ok

01:37:09.0628 1964 PDCOMP - ok

01:37:09.0678 1964 PDFRAME - ok

01:37:09.0738 1964 PDRELI - ok

01:37:09.0778 1964 PDRFRAME - ok

01:37:09.0818 1964 perc2 - ok

01:37:09.0858 1964 perc2hib - ok

01:37:10.0028 1964 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

01:37:10.0048 1964 PptpMiniport - ok

01:37:10.0098 1964 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

01:37:10.0118 1964 Processor - ok

01:37:10.0168 1964 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

01:37:10.0188 1964 PSched - ok

01:37:10.0249 1964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

01:37:10.0269 1964 Ptilink - ok

01:37:10.0309 1964 ql1080 - ok

01:37:10.0349 1964 Ql10wnt - ok

01:37:10.0389 1964 ql12160 - ok

01:37:10.0429 1964 ql1240 - ok

01:37:10.0469 1964 ql1280 - ok

01:37:10.0549 1964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

01:37:10.0559 1964 RasAcd - ok

01:37:10.0629 1964 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

01:37:10.0649 1964 Rasl2tp - ok

01:37:10.0709 1964 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

01:37:10.0729 1964 RasPppoe - ok

01:37:10.0769 1964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

01:37:10.0789 1964 Raspti - ok

01:37:10.0879 1964 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

01:37:10.0910 1964 Rdbss - ok

01:37:10.0940 1964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

01:37:10.0960 1964 RDPCDD - ok

01:37:11.0080 1964 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

01:37:11.0120 1964 RDPWD - ok

01:37:11.0210 1964 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

01:37:11.0220 1964 redbook - ok

01:37:11.0450 1964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

01:37:11.0450 1964 Secdrv - ok

01:37:11.0580 1964 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

01:37:11.0601 1964 Serial - ok

01:37:11.0651 1964 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

01:37:11.0671 1964 Sfloppy - ok

01:37:11.0721 1964 Simbad - ok

01:37:11.0771 1964 Sparrow - ok

01:37:11.0861 1964 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

01:37:11.0871 1964 splitter - ok

01:37:11.0931 1964 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

01:37:11.0951 1964 sr - ok

01:37:12.0001 1964 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys

01:37:12.0021 1964 Srv - ok

01:37:12.0081 1964 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

01:37:12.0101 1964 swenum - ok

01:37:12.0181 1964 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

01:37:12.0201 1964 swmidi - ok

01:37:12.0271 1964 symc810 - ok

01:37:12.0322 1964 symc8xx - ok

01:37:12.0342 1964 sym_hi - ok

01:37:12.0392 1964 sym_u3 - ok

01:37:12.0452 1964 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

01:37:12.0462 1964 sysaudio - ok

01:37:12.0582 1964 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys

01:37:12.0612 1964 Tcpip - ok

01:37:12.0682 1964 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

01:37:12.0692 1964 TDPIPE - ok

01:37:12.0742 1964 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

01:37:12.0762 1964 TDTCP - ok

01:37:12.0832 1964 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

01:37:12.0862 1964 TermDD - ok

01:37:12.0922 1964 TosIde - ok

01:37:13.0003 1964 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

01:37:13.0023 1964 Udfs - ok

01:37:13.0063 1964 ultra - ok

01:37:13.0143 1964 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

01:37:13.0173 1964 Update - ok

01:37:13.0233 1964 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

01:37:13.0263 1964 usbhub - ok

01:37:13.0333 1964 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

01:37:13.0353 1964 usbprint - ok

01:37:13.0423 1964 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

01:37:13.0443 1964 USBSTOR - ok

01:37:13.0543 1964 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

01:37:13.0553 1964 usbuhci - ok

01:37:13.0623 1964 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

01:37:13.0653 1964 VgaSave - ok

01:37:13.0673 1964 ViaIde - ok

01:37:13.0764 1964 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

01:37:13.0774 1964 VolSnap - ok

01:37:13.0934 1964 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

01:37:13.0954 1964 Wanarp - ok

01:37:13.0994 1964 WDICA - ok

01:37:14.0064 1964 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

01:37:14.0084 1964 wdmaud - ok

01:37:14.0324 1964 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

01:37:14.0344 1964 WudfPf - ok

01:37:14.0405 1964 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

01:37:14.0425 1964 WudfRd - ok

01:37:14.0555 1964 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

01:37:14.0715 1964 \Device\Harddisk0\DR0 - ok

01:37:14.0745 1964 Boot (0x1200) (db71d96f4e53d271d2178a1d9770895f) \Device\Harddisk0\DR0\Partition0

01:37:14.0745 1964 \Device\Harddisk0\DR0\Partition0 - ok

01:37:14.0755 1964 ============================================================

01:37:14.0765 1964 Scan finished

01:37:14.0765 1964 ============================================================

01:37:14.0815 1740 Detected object count: 0

01:37:14.0815 1740 Actual detected object count: 0

01:37:29.0797 1980 Deinitialize success

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Home at 1:40:47 on 2011-10-05

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.166 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

StartupFolder: c:\docume~1\home\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207185872480

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{A6FE5394-E034-423B-8808-4F8CB7E43B04} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\db4rmfl8.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc78e40&v=7.008.031.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-13 984392]

S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\drivers\cbpmp50.sys --> c:\windows\system32\drivers\CBPMp50.sys [?]

S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [2008-8-29 27072]

.

=============== Created Last 30 ================

.

2011-10-05 04:27:16 -------- d-sha-r- C:\cmdcons

2011-10-05 04:23:59 98816 ----a-w- c:\windows\sed.exe

2011-10-05 04:23:59 518144 ----a-w- c:\windows\SWREG.exe

2011-10-05 04:23:59 256000 ----a-w- c:\windows\PEV.exe

2011-10-05 04:23:59 208896 ----a-w- c:\windows\MBR.exe

2011-09-30 05:58:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

==================== Find3M ====================

.

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 02:31:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 1:41:24.73 ===============

Link to post
Share on other sites

  • Root Admin

Great. There are still a couple of entries for Java shown in the logs but we can deal with that a little later on.

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Please go ahead and download a new fresh copy of Combofix and overwrite your current version. Temporarily disable your Anti-Virus again to include more than enough time to scan and reboot without it coming back on.

Post back the new CF log

Thanks again

Link to post
Share on other sites

Well, it wasn't because of the >15 min. time for ComboFix to run that AVG was active...it told me that very soon after starting. And now I see that it gives me this message (it was the same before, but I didn't notice it too much...I clicked OK simply because the instructions told me to) when I try to reset the Temp. Disable to 15 min.

"An error occurred when saving the configuration. Connection is off-line."

My guess is that if/when I run ComboFix again (I'm ready with a new downloaded version, but will wait for your answer about the above issue since you are currently online), it will still tell me it is active. Is the malware still affecting my ability to control AVG or is this some other issue. (BTW...The computer is still connected to internet.)

RK

Link to post
Share on other sites

  • Root Admin

Please temporarily fully uninstall AVG (if you have a paid version please make sure you have the key to reinstall later on).

Then run CF with AVG removed and post back the log. While we're still checking on the system and trying to fix it you can temporarily install Microsoft Security Essentials and scan with it as well once CF has completed.

Link to post
Share on other sites

Sorry, may have botched it again. I foolishly allowed the LinkScanner part of AVG to remain during Uninstall, because that is what it strongly recommended, and I thought since that doesn't actually scan *my* computer, it wouldn't interfere with CF. However, it still did, and so then I went to fully uninstall (midstream while CF waited), which was successful, but then I didn't want to allow the reboot outside of the already-running CF, so I continued as before with it still telling me it was active, even though it was fully uninstalled. It did reboot itself later on during the CF scan, but that may have been too late to get you what you wanted. So if this isn't still right, I'll do it again. (Always download a new CF each and every time???) Will go get that Security Essentials loaded on there now, if you still want me to.

CF took about 15 minutes this time. RK (Don't stay up on my account, this can wait...don't know your TZ but late here too.)

ComboFix 11-10-04.04 - Home 10/05/2011 2:32.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.272 [GMT -4:00]

Running from: c:\documents and settings\Home\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\system32\nvsvc32.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{3031E212-5327-4923-A461-6D206C0947DD}\RP363\A0089032.cfg

.

Infected copy of c:\windows\system32\nvsvc32.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{3031E212-5327-4923-A461-6D206C0947DD}\RP363\A0089032.cfg

.

((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))

.

.

2011-10-05 06:41 . 2011-10-05 06:26 61865 ----a-w- c:\windows\system32\nvsvc32.exe

2011-10-05 06:29 . 2011-10-05 06:29 -------- d-----w- c:\windows\LastGood.Tmp

2011-09-30 05:58 . 2011-09-30 06:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 21:00 . 2010-10-30 05:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 02:31 . 2011-05-15 03:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-11 16:44 . 2011-05-16 05:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

Cryptography Services Error !!

.

((((((((((((((((((((((((((((( SnapShot@2011-10-05_04.57.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-05 06:29 . 2011-02-22 12:13 22992 c:\windows\LastGood.Tmp\system32\DRIVERS\AVGIDSEH.sys

+ 2011-10-05 06:29 . 2011-04-05 04:59 297168 c:\windows\LastGood.Tmp\system32\DRIVERS\avgtdix.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512]

"nwiz"="nwiz.exe" [2003-06-24 323584]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNjQwMzI4MTMzLUJBKzEtS1YzKzctVDEtRkwrOC1GOE0xMUMrMS1VUEcrMjAxMS1GOE0xMUUrMS1GTDEwKzEtVFVHKzMtTElDKzk5LVNQMSsxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzE4MjctREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzItRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzE∏=55&ver=10.0.1410" [?]

.

c:\documents and settings\Home\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys [x]

R3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPSp50.sys [2006-11-29 27072]

.

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\db4rmfl8.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc78e40&v=7.008.031.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-05 02:45

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1935655697-746137067-1343024091-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(384)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(2024)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2011-10-05 02:46:09 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-05 06:46

ComboFix2.txt 2011-10-05 05:01

.

Pre-Run: 69,809,553,408 bytes free

Post-Run: 69,806,190,592 bytes free

.

- - End Of File - - 7669E4E83C464921A02D4E0D595F4364

Link to post
Share on other sites

Ugh...MSE won't install unless I download a so-called Filter Manager Rollup Package first. After some searching, I discover I really need Windows XP Service Pack 3, which I see is 300-some MB, and will not be so quick and easy to do. Right now, because I have no internet access on the infected machine, I have to do everything with this computer and a memory stick (big enough to do the job, but...). BTW, I am woefully uninformed about how viruses/malware work...am I in danger of allowing this malware to come over to this machine by transferring between the two machines these .exe files with my memory stick? This computer has updated protection, but who knows. I know the other computer is still infected because the phony Windows Security Center window just popped up again. Sigh. RK

Link to post
Share on other sites

  • Root Admin

Yes, try not to use a USB stick with an infected machine as it can easily transfer and infect the clean box. If possible burn a CD to do transfer work.

Okay, well then try an install of Avira AV for now. When we're done here you need to get Service Pack 3 - too many exploits on older SP versions.

You can get Avira free from here: http://www.filehippo.com/download_antivir/

Link to post
Share on other sites

Ach, this is turning nightmareish!

I had no idea about the memory stick being a problem...I thought (stupidly) that without the kind of OS files (dll's and the like), a storage device like a memory stick couldn't get (easily) infected. I suppose tho' that it can simply be a carrier as in a true 'trojan horse.' Idiot mistake, but didn't have any other way to proceed to this point. (Didn't think of burning, esp. with tiny files like dss and CF.)

Anyway, as if on cue, the desktop computer here is now showing symptoms. Firefox is suddenly closing on me without warning. Just today now, not even last night. I have updated and run AVG (total scan) twice and it shows no corrupt files, but I gather that is not definitive. This computer is actually the more important one of the two. (Similar age, also Dell with XP, but is not mine!) And anyway, if it gets bad to the point I lose total internet access also, then how can I easily correspond with you here?

OK, to update:

Avira - no good, it also requires SP3

SP3 itself, am ready to download it, burn it to CD-R and install it (on both if necessary, how do I check if the desktop here has it installed already?), but Firefox keeps crashing now before I can get it done. Will try again in a moment.

I tried to restore Internet access on the infected laptop, as via bleepingcomputer tutorial, but the "Repair" function gives me the error message, "Failed to query TCP/IP settings of the connection." It *says* status is connected, but still cannot access any pages w/ Firefox. Would be better to get that access restored, as my access over here suddenly isn't reliable anymore either, and I only have a couple blank discs. Will go out and get more if necessary.

Anyway, this is getting worse faster than it is getting better, and I would feel more comfortable knowing that the desktop here can be confirmed "clean" before moving on much further. Plus, how can I "clean" the memory stick, or see if there's anything nasty on it? I'm outside of my league now, and don't know how to proceed.

RK

P.S. I also have a 640 GB external connected to the desktop here that was attached via a different USB port, which is more important than either computer. Do I have to worry about *that* also?? Sorry for being so stupid.

Link to post
Share on other sites

Still trying to find a way to download SP3 on the desktop.

www.microsoft.com/download/en/details.aspx?displaylang=en&id=24

immediately shuts down Firefox every time. Other MS pages that I've tried to access, to see if there's a mirror site or another way to find SP3 have also shut down Firefox. Other unrelated pages I have been accessing do not cause a problem yet, including this one obviously. The pattern seems worrisome. Can't seem to move forward on either machine at the moment, so will wait until you are available for advice again.

Thanks for your patience & understanding...RK

Link to post
Share on other sites

  • Root Admin

Well first and foremost you need to backup all your important data as soon as possible. A computer can always be rebuilt if needed but you can't easily replace corrupt or lost data. Images, documents, email, etc

Copying them to the external drive may infect the drive but at least you'll have the data. Then simply set it aside and we'll deal with that later.

Do you have the Windows install CD or Recovery CD for either of these systems?

So the first infected system can not connect to the Internet at all now?

Link to post
Share on other sites

First off, from now on, I will use shorthand LT for Laptop (originally infected computer) and DT (for this desktop computer that might also now be infected)....

>>Windows install CD or Recovery CD?

I can't say for sure what I have, there's a lot of old stuff sitting around here, but I don't know what belongs to this DT and what goes with even older ones that are no longer around. The DT was rebuilt by my brother a year ago or so, as I was not confident in doing it myself, esp. without access to instruction via internet (didn't have the LT then). The LT itself is a hand-me-down, so I don't know that I have anything to go with it.

The DT's owner uses it only for email and browsing, and saves very little on it otherwise. I've now copied her email files and a few other minor things over to a different memory stick. ALL of my own files I put directly on the 640 GB external, and this morning I detached that from the DT when I saw the Firefox crashing. I also have another new 1 TB external that I have not had connected here for several weeks, that has 99% of what is on the other external, as an additional backup.

So I am not worried too much about loss of important data files, but I now do worry about mindlessly plugging these externals into the USB ports off and on all the time to move stuff around.

No, the LT has not had internet access since running ComboFix. Rebooting did not reinitialize internet connection, and the manual method using the Repair function as outlined in the BleepingComputer tutorial on ComboFix gave me the error message I copied in my previous mail. I don't know why...it tells me it is connected, but does not load any page.

Link to post
Share on other sites

  • Root Admin

Okay on the laptop please try the following.

Inside Internet Explorer go to Tools/Internet Options/Advanced and click on the Reset button and then quit IE.

Then click on START - RUN and type in CMD and click OK.

Then type the following followed by the Enter key on the keyboard.

netsh int ip reset c:\resetlog.txt

netsh winsock reset catalog

Then shut down the computer.

Then turn off and unplug your network router and/or modem for a minute.

Then plug in and turn the router/modem back on.

Then turn the computer back on and let me know if it's able to access the Internet now or not.

Link to post
Share on other sites

Sorry for the delay...didn't know there would be a Page Two in this thread coming, so didn't see your latest reply until just now.

I did what you asked on the LT, but still no internet access.

Some FYI in case it's important.

Both computers are plugged into the same router, and also a Westell 6100F firewall box (which is something that I have absolutely no understanding of). I unplugged both for >60 min. (after doing the IE reset and other commands), but it only gave me back access here on the DT. I only ever have used Mozilla on the LT, but IE was on there from the previous owner I guess, so I was able to reset it as you specified. No access to internet with either browser on the LT, before or after. Sorry. RK

Link to post
Share on other sites

  • Root Admin

Can you burn a CD/DVD on the Desktop computer? If so please download and burn the ISO image for this. Then boot up with it on the laptop and run it. Make sure you allow it to update it if can.

Kaspersky Rescue Disk 10 is designed to scan and disinfect x86 and x64-compatible computers that have been infected. The application should be used when the infection is at such level that it is impossible to disinfect the computer using anti-virus applications or malware removal utilities (such as Kaspersky Virus Removal Tool) running under the operating system. In this case, disinfection is more efficient because malware programs do not gain control when the operating system is being loaded.

Kaspersky Rescue Disk 10

Kaspersky Rescue Disk 10 - Product Info

Kaspersky Rescue Disk - User Guide (English)

If you need a FREE utility to properly burn the ISO image

ImgBurn

How to write an image file to a disc with ImgBurn

Link to post
Share on other sites

This is maddening!!!

I've got the Kaspersky 10 disc burned (w/ Roxio, as it was already loaded on here) - I'm pretty damned sure I got it right. (Was glad that Firefox didn't close on me at the Kaspersky page as it did on Microsoft's)

I *absolutely* changed the BIOS to read first from CD-ROM drive, and put the disc properly in the drive. However, this stupid laptop continues to ignore the Boot Sequence and goes directly to Windows XP every time. The CD-Rom drive starts to spin eventually, but it never looks there first to do the booting, and the Windows page is already loading by that point. Windows booting on this computer has always been oddly quick; I have a hard time getting F2 and F8 commands registered before the Windows page loads. But the BIOS sequence should *demand* it go to the disc first. This makes no bloody sense to me, and I am getting really frustrated by this stupid piece of junk. Is there something simple I am not taking into account? I've tried it five times now, and it won't boot from the CD-Rom drive. WHY?!

RK

P.S. RIP Steve Jobs

Link to post
Share on other sites

  • Root Admin

Just checking - are you sure you burned the ISO correctly? You can't just burn an iso image like a data file, many people don't realize that.

What program did you use to burn the disk?

You can download any Live Linux type CD and see if it will boot the laptop or use any CD/DVD that is bootable to confirm if it will boot from CD.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.