TechSpot

Win32/zbot.g & trojan hider.mpr

Inactive
By oneill2004uk
Oct 10, 2011
  1. Computer at works picked up the following couple of viruses so AVG says :-

    Win32/zbot.g
    Trojan horse rider.mpr
    Trojan horse crystic.bgf

    Don't want to have to reformat it if i can help it as its connected to a Cad Cutting System and we had to get someone to come in and install it last time which cost loads :(

    I've followed the "6-step Viruses...." instructions and produced the following logs :-
    (p.s. i forgot to put the MBAM log on my usb drive so i'll have to post that tomorrow morning sorry.)

    GMER LOG PART 1

    GMER log------------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-10 15:45:36
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815AS rev.4.AAA
    Running: k87m9wmw.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pgtdypob.sys


    ---- System - GMER 1.0.15 ----

    SSDT BA7F77D4 ZwClose
    SSDT BA7F778E ZwCreateKey
    SSDT BA7F77DE ZwCreateSection
    SSDT BA7F7784 ZwCreateThread
    SSDT BA7F7793 ZwDeleteKey
    SSDT BA7F779D ZwDeleteValueKey
    SSDT BA7F77CF ZwDuplicateObject
    SSDT BA7F77A2 ZwLoadKey
    SSDT BA7F7770 ZwOpenProcess
    SSDT BA7F7775 ZwOpenThread
    SSDT BA7F77AC ZwReplaceKey
    SSDT BA7F77A7 ZwRestoreKey
    SSDT BA7F77E3 ZwSetContextThread
    SSDT BA7F7798 ZwSetValueKey
    SSDT BA7F777F ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    ? ecael.sys The system cannot find the file specified. !
    .text atapi.sys B9F11852 1 Byte [CC] {INT 3 }
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95C3360, 0x307F47, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\ctfmon.exe[256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\WINDOWS\system32\ctfmon.exe[256] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\WINDOWS\system32\ctfmon.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\WINDOWS\system32\ctfmon.exe[256] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    ? C:\WINDOWS\system32\svchost.exe[512] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[512] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\WINDOWS\system32\svchost.exe[512] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\WINDOWS\system32\svchost.exe[512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\WINDOWS\system32\svchost.exe[512] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\WINDOWS\system32\SearchFilterHost.exe[680] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
    .text C:\WINDOWS\system32\SearchFilterHost.exe[680] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
    .text C:\WINDOWS\system32\SearchFilterHost.exe[680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
    .text C:\WINDOWS\system32\SearchFilterHost.exe[680] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    ? C:\WINDOWS\system32\services.exe[772] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\WINDOWS\system32\services.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\WINDOWS\system32\services.exe[772] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
    .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
    .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
    .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
    .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
    .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
    .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
    .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
    .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\WINDOWS\system32\lsass.exe[784] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
    .text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
    .text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
    .text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
    .text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
    .text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
    .text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
    .text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
    .text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
    ? C:\WINDOWS\system32\svchost.exe[948] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
    .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
    .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
    .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
    .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
    .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
    .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
    .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
    .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
    .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
    ? C:\WINDOWS\system32\svchost.exe[1032] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
    ? C:\WINDOWS\System32\svchost.exe[1088] time/date stamp mismatch;
    .text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200B32FB
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200B2F86
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 200B2FDC
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200B33B6
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200B281D
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200B33E3
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestA 3D95EE91 5 Bytes JMP 200B27E8
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 200B3410
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetReadFileExW 3D963229 5 Bytes JMP 200B31E0
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetReadFileExA 3D963261 5 Bytes JMP 200B3139
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetWriteFile 3D9A6086 5 Bytes JMP 200B284F
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 200B3437
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestExA 3D9BA65A 5 Bytes JMP 200B27A2
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestExW 3D9BA6B3 5 Bytes JMP 200B275C
    ? C:\WINDOWS\system32\svchost.exe[1180] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
    ? C:\WINDOWS\system32\svchost.exe[1232] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
    .text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
    .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\WINDOWS\system32\spoolsv.exe[1412] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
    .text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
    .text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
    .text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
    .text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
    .text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
    .text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
    .text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
    .text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
    ? C:\WINDOWS\Explorer.EXE[1708] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
    .text C:\WINDOWS\Explorer.EXE[1708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
    .text C:\WINDOWS\Explorer.EXE[1708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
    .text C:\WINDOWS\Explorer.EXE[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
    .text C:\WINDOWS\Explorer.EXE[1708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200B32FB
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200B2F86
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 200B2FDC
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200B33B6
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200B281D
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200B33E3
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpSendRequestA 3D95EE91 5 Bytes JMP 200B27E8
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 200B3410
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetReadFileExW 3D963229 5 Bytes JMP 200B31E0
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetReadFileExA 3D963261 5 Bytes JMP 200B3139
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetWriteFile 3D9A6086 5 Bytes JMP 200B284F
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 200B3437
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpSendRequestExA 3D9BA65A 5 Bytes JMP 200B27A2
    .text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpSendRequestExW 3D9BA6B3 5 Bytes JMP 200B275C
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2124] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2192] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\WINDOWS\system32\CAP3RSK.EXE[2264] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
     
  2. oneill2004uk

    oneill2004uk TS Rookie Topic Starter Posts: 20

    GMER LOG part 2
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
    .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2006197B
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20061CA5
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20061FBE
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2006192D
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20061E02
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20061C36
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20061D1A
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20061EDD
    .text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20061D8B
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2628] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2628] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2628] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
    .text C:\WINDOWS\system32\SearchProtocolHost.exe[2676] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
    .text C:\WINDOWS\system32\SearchProtocolHost.exe[2676] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
    .text C:\WINDOWS\system32\SearchProtocolHost.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
    .text C:\WINDOWS\system32\SearchProtocolHost.exe[2676] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2006197B
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20061CA5
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20061FBE
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2006192D
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20061E02
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20061C36
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20061D1A
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20061EDD
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20061D8B
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2900] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2900] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\WINDOWS\system32\nvsvc32.exe[3132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\WINDOWS\system32\nvsvc32.exe[3132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\WINDOWS\system32\nvsvc32.exe[3132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\WINDOWS\system32\nvsvc32.exe[3132] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text D:\downloads\k87m9wmw.exe[3296] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text D:\downloads\k87m9wmw.exe[3296] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text D:\downloads\k87m9wmw.exe[3296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text D:\downloads\k87m9wmw.exe[3296] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3420] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3420] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3420] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    ? C:\WINDOWS\system32\svchost.exe[3484] time/date stamp mismatch;
    .text C:\WINDOWS\system32\svchost.exe[3484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\WINDOWS\system32\svchost.exe[3484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\WINDOWS\system32\svchost.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\WINDOWS\system32\svchost.exe[3484] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
    .text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
    .text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
    .text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
    .text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
    .text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
    .text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
    .text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
    .text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3728] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\WINDOWS\system32\wuauclt.exe[3796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\WINDOWS\system32\wuauclt.exe[3796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\WINDOWS\system32\wuauclt.exe[3796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\WINDOWS\system32\wuauclt.exe[3796] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\WINDOWS\System32\alg.exe[4052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
    .text C:\WINDOWS\System32\alg.exe[4052] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
    .text C:\WINDOWS\System32\alg.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
    .text C:\WINDOWS\System32\alg.exe[4052] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
    .text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
    .text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
    .text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
    .text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
    .text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
    .text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
    .text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
    .text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
    .text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:312] 8A33E16D
    Thread System [4:620] 89239B90

    ---- Files - GMER 1.0.15 ----

    File C:\System Volume Information\_restore{7CE057A4-6929-4922-A033-35A39E9CFEE9}\RP1\A0004280.dll 120168 bytes executable
    File C:\System Volume Information\_restore{7CE057A4-6929-4922-A033-35A39E9CFEE9}\RP1\A0004281.exe 251296 bytes executable
    File C:\System Volume Information\_restore{7CE057A4-6929-4922-A033-35A39E9CFEE9}\RP1\A0004282.exe 280024 bytes executable
    File C:\System Volume Information\_restore{7CE057A4-6929-4922-A033-35A39E9CFEE9}\RP1\A0004283.dll 20547000 bytes executable
    File C:\Documents and Settings\User\Local Settings\Application Data\fawkipfv\ngowspoj.exe 114035 bytes executable
    File C:\Documents and Settings\User\Start Menu\Programs\Startup\ngowspoj.exe 114035 bytes executable

    ---- EOF - GMER 1.0.15 ----
     
  3. oneill2004uk

    oneill2004uk TS Rookie Topic Starter Posts: 20


    DDS LOG

    --------------------------------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Run by User at 15:46:00 on 2011-10-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1069 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\CAP3RSK.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\user\local settings\application data\fawkipfv\ngowspoj.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [NgoWspoj] c:\documents and settings\user\local settings\application data\fawkipfv\ngowspoj.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\office\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ardensupport.webex.com/client/T26L/support/ieatgpc.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{7D169066-9198-46B4-8C93-20AD4B762C49} : DhcpNameServer = 192.168.1.254
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\k3zxk4zj.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://uk.ask.com/?o=16148&l=dis
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-10-10 11608]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-2 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-2 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-2 108552]
    R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [2009-2-4 49720]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-10 136360]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-2 297752]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-10 66616]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-10 366152]
    R2 MSSQL$DESKTOPCAD3D;SQL Server (DESKTOPCAD3D);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R3 dk2usb;DK2usb Driver;c:\windows\system32\drivers\dk2usb.sys [2009-2-4 18224]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-10 22216]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-10-10 269480]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 sdusb;TECHKON SpectroDens Driver (sdusb.sys);c:\windows\system32\drivers\sdusb.sys [2010-9-27 22912]
    S3 SPSniff;SPSniff;c:\program files\eltima software\serial port monitor\SPSniff.sys [2009-3-17 9984]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
    .
    =============== Created Last 30 ================
    .
    2011-10-10 12:07:10 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
    2011-10-10 12:06:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-10-10 12:06:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-10 12:06:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-10 10:23:10 -------- d-----w- c:\documents and settings\user\application data\Avira
    2011-10-10 10:22:02 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-10-10 10:22:01 -------- d-----w- c:\program files\Avira
    2011-10-10 10:22:01 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-10-07 14:56:19 -------- d-----w- c:\documents and settings\user\local settings\application data\fawkipfv
    2011-09-26 10:42:53 -------- d-----w- c:\documents and settings\user\local settings\application data\Google
    .
    ==================== Find3M ====================
    .
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-23 08:22:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    .
    ============= FINISH: 15:46:43.09 ===============
     
  4. oneill2004uk

    oneill2004uk TS Rookie Topic Starter Posts: 20

    and the attach.txt log
    -------------------------------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/02/2009 14:08:22
    System Uptime: 10/10/2011 14:19:05 (1 hours ago)
    .
    Motherboard: FUJITSU SIEMENS | | D2730-A1
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 126.529 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 10/10/2011 10:30:03 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office system
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.6
    Adobe SVG Viewer 3.0
    AMD Processor Driver
    Apple Application Support
    Apple Software Update
    Arden Package Installer
    AutoDWG DWG to PDF Converter
    AVG Free 8.5
    Avira AntiVir Personal - Free Antivirus
    Brother Driver Deployment Wizard
    Brother MFL-Pro Suite
    Canon LASER SHOT LBP-1120
    CCleaner
    desktopCAD 3D 2008
    DK2 DESkey Drivers v7.18.0.33
    EPSON Printer Software
    EpsonNet Config V3
    EpsonNet SetupManager
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Java Auto Updater
    Java(TM) 6 Update 21
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (DESKTOPCAD3D)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.5.5)
    MSXML 6.0 Parser
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.1
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sentinel Protection Installer 7.2.2
    Serial Port Monitor 2.1 (Build 2.1.6.67)
    Spybot - Search & Destroy
    TECHKON SpectroDens Connect
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2553110)
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VLC media player 1.1.4
    WebEx
    WebFldrs XP
    Windows Driver Package - TECHKON GmbH (sdusb) TECHKONUSBDevices (01/31/2003 2.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Search 4.0
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/10/2011 15:04:56, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6010.
    10/10/2011 15:04:41, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
    10/10/2011 15:04:41, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpband.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
    10/10/2011 15:04:40, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5146.
    10/10/2011 15:04:38, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
    10/10/2011 14:59:57, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.6040.
    10/10/2011 14:59:45, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5931.
    10/10/2011 14:48:14, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4028.0.
    10/10/2011 14:48:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    10/10/2011 14:21:04, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 amdagp sisagp viaagp
    10/10/2011 11:25:29, error: Service Control Manager [7034] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 3 time(s).
    10/10/2011 11:25:27, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    10/10/2011 11:25:25, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    10/10/2011 11:22:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service to connect.
    10/10/2011 11:22:41, error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/10/2011 11:21:25, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
    10/10/2011 11:21:25, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    10/10/2011 11:21:25, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
    10/10/2011 10:43:52, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    10/10/2011 10:43:52, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/10/2011 10:43:52, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: Access is denied.
    06/10/2011 09:18:03, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    .
    ==== End Of File ===========================

    will post the mbam log tomorrow morning about 9:30am gmt

    thank - you

    Tom
     
  5. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    I'll wait for MBAM log then.

    Meanwhile you're running two AV programs, Avira and AVG.
    One of them has to go.
    If AVG (preferably), make sure to use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities
     
  6. oneill2004uk

    oneill2004uk TS Rookie Topic Starter Posts: 20

    the boss decided this morning that he couldn't wait and we reformatted the computer.

    sorry for wasting your time

    apologies

    tom.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Thank you for letting me know :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.