TechSpot

Redirect virus and IE running with out me opening it

Inactive
By Bigace11
Jun 7, 2011
  1. Hello I been having a few problems with my laptop with a redirect and also with this redirect I had some trouble with another program I want to fix the redirect thing first. I have all the log files from the scans. Thanks in advance for the help



    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6796

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    6/7/2011 6:42:07 AM
    mbam-log-2011-06-07 (06-42-07).txt

    Scan type: Quick scan
    Objects scanned: 147432
    Time elapsed: 12 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\jeremy\local settings\Temp\2143E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\jeremy\local settings\Temp\tmp96B6.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\jeremy\local settings\Temp\ldra5aa.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-07 09:23:22
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC74P
    Running: 45fwy3do.exe; Driver: C:\DOCUME~1\jeremy\LOCALS~1\Temp\agndapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7916738]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF79167DC]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7916878]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7916914]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? mduh.sys The system cannot find the file specified. !
    INITc VolSnap.sys F75D8BD0 4 Bytes [50, A5, 53, 80]
    INITc VolSnap.sys F75D8BF8 4 Bytes [A8, A1, 4F, 80]
    INITc VolSnap.sys F75D8C20 4 Bytes [A6, AE, 4F, 80]
    INITc VolSnap.sys F75D8C48 4 Bytes [20, FF, 4F, 80]
    INITc VolSnap.sys F75D8C70 4 Bytes [6A, A8, 4F, 80]
    INITc ...
    ? C:\DOCUME~1\jeremy\LOCALS~1\Temp\agndapod.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[568] WININET.dll!HttpAddRequestHeadersA 771C40CA 7 Bytes JMP 00BC64C0
    .text C:\Program Files\Internet Explorer\iexplore.exe[568] WININET.dll!HttpAddRequestHeadersW 771CEEF4 5 Bytes JMP 00BC66C0
    .text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C1000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0051000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0050000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C0000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:128] 86CD5E7A
    Thread System [4:132] 86CD8008



    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512
    Run by jeremy at 9:27:19 on 2011-06-07
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.306 [GMT -4:00]
    .
    AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    svchost.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgam.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\avgsrmax.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uRun: [Google Update] "c:\documents and settings\jeremy\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\docume~1\jeremy\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9BA159E7-9127-4D5C-8D7F-5749B16B341E} : DhcpNameServer = 192.168.1.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\jeremy\application data\mozilla\firefox\profiles\4m7nco2g.default\
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\jeremy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    FF - Ext: AVG Security Toolbar em:version=7.004.022.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-7 366640]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-23 984392]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-7 39984]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
    .
    =============== Created Last 30 ================
    .
    2011-06-07 10:26:30 -------- d-----w- c:\documents and settings\jeremy\application data\Malwarebytes
    2011-06-07 10:26:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-07 10:25:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-07 10:25:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-07 07:33:38 -------- d-----w- c:\windows\system32\appmgmt
    2011-06-02 00:26:54 -------- d-----w- c:\documents and settings\all users\application data\Norton
    2011-06-02 00:26:49 -------- d-----w- c:\documents and settings\jeremy\local settings\application data\NPE
    2011-05-24 16:28:42 -------- d-----w- c:\documents and settings\jeremy\local settings\application data\AVG Security Toolbar
    2011-05-23 14:21:30 -------- d--h--w- C:\$AVG
    2011-05-23 12:05:14 -------- d-----w- c:\documents and settings\jeremy\application data\AVG10
    2011-05-23 11:50:37 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
    2011-05-23 11:47:13 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-05-23 11:47:13 -------- d-----w- c:\documents and settings\all users\application data\AVG10
    2011-05-23 11:45:57 -------- d-----w- c:\program files\AVG
    2011-05-23 11:14:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-05-23 11:14:04 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-05-21 23:42:44 -------- d-----w- c:\documents and settings\all users\application data\Common Files
    2011-05-21 23:42:20 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    .
    ==================== Find3M ====================
    .
    2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    ============= FINISH: 9:28:14.84 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-03.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/24/2010 8:31:56 AM
    System Uptime: 6/7/2011 6:44:07 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0MD666
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 797/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 68 GiB total, 40.521 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP203: 4/6/2011 1:32:39 AM - System Checkpoint
    RP204: 4/7/2011 1:34:46 AM - System Checkpoint
    RP205: 4/8/2011 2:33:48 AM - System Checkpoint
    RP206: 4/9/2011 3:32:44 AM - System Checkpoint
    RP207: 4/10/2011 4:33:49 AM - System Checkpoint
    RP208: 4/11/2011 9:31:29 PM - System Checkpoint
    RP209: 4/13/2011 9:23:18 PM - System Checkpoint
    RP210: 4/16/2011 7:54:04 AM - System Checkpoint
    RP211: 4/17/2011 8:45:58 AM - System Checkpoint
    RP212: 4/18/2011 9:20:48 AM - System Checkpoint
    RP213: 4/19/2011 10:19:03 AM - System Checkpoint
    RP214: 4/20/2011 7:45:21 PM - System Checkpoint
    RP215: 4/21/2011 8:58:41 PM - System Checkpoint
    RP216: 4/23/2011 4:43:39 PM - System Checkpoint
    RP217: 4/24/2011 9:06:12 PM - System Checkpoint
    RP218: 4/26/2011 2:55:46 AM - System Checkpoint
    RP219: 4/27/2011 3:37:45 AM - System Checkpoint
    RP220: 4/28/2011 10:24:28 AM - System Checkpoint
    RP221: 4/29/2011 1:21:23 PM - System Checkpoint
    RP222: 5/2/2011 3:23:55 PM - System Checkpoint
    RP223: 5/3/2011 6:24:07 PM - System Checkpoint
    RP224: 5/4/2011 10:52:40 PM - System Checkpoint
    RP225: 5/6/2011 8:48:43 PM - System Checkpoint
    RP226: 5/8/2011 10:09:24 PM - System Checkpoint
    RP227: 5/9/2011 10:20:26 PM - System Checkpoint
    RP228: 5/11/2011 12:39:10 AM - System Checkpoint
    RP229: 5/12/2011 12:46:09 AM - System Checkpoint
    RP230: 5/13/2011 1:44:17 AM - System Checkpoint
    RP231: 5/14/2011 3:01:20 AM - System Checkpoint
    RP232: 5/15/2011 3:29:34 AM - System Checkpoint
    RP233: 5/16/2011 10:43:26 PM - System Checkpoint
    RP234: 5/17/2011 11:42:29 PM - System Checkpoint
    RP235: 5/19/2011 8:54:27 PM - System Checkpoint
    RP236: 5/21/2011 5:33:13 PM - System Checkpoint
    RP237: 5/21/2011 6:38:29 PM - Restore Operation
    RP238: 5/22/2011 8:09:41 PM - System Checkpoint
    RP239: 5/23/2011 7:07:10 AM - Restore Operation
    RP240: 5/23/2011 7:36:47 AM - avast! Free Antivirus Setup
    RP241: 5/23/2011 7:45:54 AM - Installed AVG 2011
    RP242: 5/23/2011 7:46:44 AM - Installed AVG 2011
    RP243: 5/24/2011 9:09:26 AM - System Checkpoint
    RP244: 5/25/2011 7:42:23 PM - System Checkpoint
    RP245: 5/26/2011 9:15:36 PM - System Checkpoint
    RP246: 5/28/2011 7:05:06 PM - System Checkpoint
    RP247: 5/30/2011 8:07:14 PM - System Checkpoint
    RP248: 5/31/2011 11:43:28 AM - Removed Skype Toolbars
    RP249: 6/1/2011 7:52:43 PM - Restore Operation
    RP250: 6/1/2011 7:58:01 PM - Restore Operation
    RP251: 6/1/2011 8:03:18 PM - Restore Operation
    RP252: 6/2/2011 9:50:56 PM - System Checkpoint
    RP253: 6/6/2011 11:13:40 PM - System Checkpoint
    RP254: 6/7/2011 3:37:59 AM - Restore Operation
    RP255: 6/7/2011 3:39:17 AM - Removed Skype™ 5.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    ATI - Software Uninstall Utility
    AVG 2011
    Broadcom 440x 10/100 Integrated Controller
    Conexant HDA D110 MDC V.92 Modem
    Dell Resource CD
    Dell Wireless WLAN Card
    ESPNMotion
    FINAL FANTASY XI
    FINAL FANTASY XI: Chains of Promathia
    FINAL FANTASY XI: Rise of the Zilart
    FINAL FANTASY XI: Treasures of Aht Urhgan
    FINAL FANTASY XI: Wings of the Goddess
    FrostWire 4.21.1
    GemMaster Mystic
    Google Chrome
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB954550-v5)
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 22
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WinUsb 1.0
    Mozilla Firefox (3.6.13)
    MSN
    Otto
    PlayOnline Viewer & Tetra Master
    SigmaTel Audio
    Sonic Encoders
    Synaptics Pointing Device Driver
    Update Rollup 2 for Windows XP Media Center Edition 2005
    WebFldrs XP
    Windows Media Format 11 runtime
    Windows Mobile Device Updater Component
    Windows XP Service Pack 3
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/7/2011 8:49:47 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    6/7/2011 8:41:30 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    6/7/2011 6:45:02 AM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    6/7/2011 6:45:02 AM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    6/7/2011 6:15:18 AM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    6/7/2011 6:15:09 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
    6/7/2011 6:14:31 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    6/7/2011 6:13:03 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    6/7/2011 6:12:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    6/7/2011 6:12:37 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    6/7/2011 6:12:26 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/6/2011 5:46:53 PM, error: Service Control Manager [7031] - The Zune Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    6/3/2011 5:44:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR162.SYS' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    6/1/2011 8:03:10 PM, error: ZuneNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupt. Verify that DRM-protected files play correctly in the Zune software, then restart the ZuneNetworkSvc service.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I will help with the malware.

    You mentioned having a problem with particular program. Please let me know what that is so I can determine if it's related to malware.
    =============================================
    I'd like you to run Combofix. Unfortunately, it won't run with AVG and there is no way to fully disable it. So please use the following:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =======================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =========================================
    Please leave all logs in your next reply.

    Note: You are using Frost wire which is a file sharing program. Please either uninstall it or disable it. Do not use while we are cleaning.
     
  3. Bigace11

    Bigace11 TS Rookie Topic Starter

    ESET won't let me run it. It says proxy server configure. Here is the log from CF



    ComboFix 11-06-06.07 - jeremy 06/07/2011 16:48:05.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.715 [GMT -4:00]
    Running from: c:\documents and settings\jeremy\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-07 19:07 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-07 19:07 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-07 19:07 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-06-07 19:07 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-06-07 19:07 . 2011-06-07 19:07 -------- d-----w- c:\program files\Avira
    2011-06-07 19:07 . 2011-06-07 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-06-07 17:00 . 2011-06-07 17:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-07 10:26 . 2011-06-07 10:26 -------- d-----w- c:\documents and settings\jeremy\Application Data\Malwarebytes
    2011-06-07 10:26 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-07 10:25 . 2011-06-07 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-07 10:25 . 2011-06-07 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-02 00:26 . 2011-06-07 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2011-06-02 00:26 . 2011-06-02 00:35 -------- d-----w- c:\documents and settings\jeremy\Local Settings\Application Data\NPE
    2011-05-24 16:28 . 2011-05-24 16:28 -------- d-----w- c:\documents and settings\jeremy\Local Settings\Application Data\AVG Security Toolbar
    2011-05-23 14:21 . 2011-05-23 14:21 -------- d-----w- C:\$AVG
    2011-05-23 11:47 . 2011-06-07 18:42 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-05-23 11:14 . 2011-05-23 11:14 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-05-21 23:42 . 2011-05-21 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-07_19.33.20 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-07 19:48 . 2011-06-07 19:48 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
    + 2004-08-10 11:00 . 2011-06-07 19:53 83848 c:\windows\system32\perfc009.dat
    - 2004-08-10 11:00 . 2011-06-07 18:56 83848 c:\windows\system32\perfc009.dat
    + 2004-08-10 11:00 . 2008-04-14 07:11 52352 c:\windows\system32\dllcache\volsnap.sys
    + 2004-08-10 11:00 . 2011-06-07 19:53 472204 c:\windows\system32\perfh009.dat
    - 2004-08-10 11:00 . 2011-06-07 18:56 472204 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-02 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-02 114688]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-02 94208]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    .
    c:\documents and settings\jeremy\Start Menu\Programs\Startup\
    FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-8-17 114688]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    openURL.vbs [2011-6-7 131]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/7/2011 3:08 PM 136360]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 6:26 AM 366640]
    S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 4:19 PM 268528]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - SSMDRV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1450960922-1801674531-1003Core.job
    - c:\documents and settings\jeremy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 03:49]
    .
    2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1450960922-1801674531-1003UA.job
    - c:\documents and settings\jeremy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 03:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\jeremy\Application Data\Mozilla\Firefox\Profiles\4m7nco2g.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-07 16:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-06-07 17:00:08
    ComboFix-quarantined-files.txt 2011-06-07 21:00
    ComboFix2.txt 2011-06-07 19:36
    .
    Pre-Run: 44,961,898,496 bytes free
    Post-Run: 44,948,332,544 bytes free
    .
    - - End Of File - - 9F8D9A0729AB7B35BCF57200306BA8A5
     
  4. Bigace11

    Bigace11 TS Rookie Topic Starter

    Anything at all?
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    One should no tget so impatient in one day! I am still helping people who started threads days ago!

    To disable the proxy:
    Internet Explorer
    1. Under "Tools" in the browser tool bar select "Internet Options".
    2. In the "Internet Options" window that pops up, click the "Connections" tab at the top.
    3. Click "LAN Settings" near the bottom of the "Connections" section.
    4. If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
    5. Click "OK" to close the "Local Area Network (LAN) Settings" window.
    6. Click "OK" to close the "Internet Options" window.
    7. You have completed removing the proxy settings for Internet Explorer.
    Firefox
    1. Under "Tools" in the browser tool bar select "Options".
    2. In the "Options" window that pops up, click the "Advanced" tab at the top.
    3. Click the "Network" subtab, and then click the "Settings" button in the "Connections" area.
    4. If "No proxy" isn't selected, click it to mark "No proxy" as your preference

    Please reboot and try the Eset scan again.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.