Inactive Win32/zbot.g & trojan hider.mpr

O

oneill2004uk

Posts: 16   +0
Computer at works picked up the following couple of viruses so AVG says :-

Win32/zbot.g
Trojan horse rider.mpr
Trojan horse crystic.bgf

Don't want to have to reformat it if i can help it as its connected to a Cad Cutting System and we had to get someone to come in and install it last time which cost loads :(

I've followed the "6-step Viruses...." instructions and produced the following logs :-
(p.s. i forgot to put the MBAM log on my usb drive so i'll have to post that tomorrow morning sorry.)

GMER LOG PART 1

GMER log------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-10 15:45:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815AS rev.4.AAA
Running: k87m9wmw.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pgtdypob.sys


---- System - GMER 1.0.15 ----

SSDT BA7F77D4 ZwClose
SSDT BA7F778E ZwCreateKey
SSDT BA7F77DE ZwCreateSection
SSDT BA7F7784 ZwCreateThread
SSDT BA7F7793 ZwDeleteKey
SSDT BA7F779D ZwDeleteValueKey
SSDT BA7F77CF ZwDuplicateObject
SSDT BA7F77A2 ZwLoadKey
SSDT BA7F7770 ZwOpenProcess
SSDT BA7F7775 ZwOpenThread
SSDT BA7F77AC ZwReplaceKey
SSDT BA7F77A7 ZwRestoreKey
SSDT BA7F77E3 ZwSetContextThread
SSDT BA7F7798 ZwSetValueKey
SSDT BA7F777F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? ecael.sys The system cannot find the file specified. !
.text atapi.sys B9F11852 1 Byte [CC] {INT 3 }
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95C3360, 0x307F47, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\ctfmon.exe[256] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\ctfmon.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\ctfmon.exe[256] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
? C:\WINDOWS\system32\svchost.exe[512] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[512] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\svchost.exe[512] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\svchost.exe[512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\svchost.exe[512] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\SearchFilterHost.exe[680] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
.text C:\WINDOWS\system32\SearchFilterHost.exe[680] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
.text C:\WINDOWS\system32\SearchFilterHost.exe[680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
.text C:\WINDOWS\system32\SearchFilterHost.exe[680] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
? C:\WINDOWS\system32\services.exe[772] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\WINDOWS\system32\services.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\WINDOWS\system32\services.exe[772] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
.text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
.text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
.text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
.text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
.text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
.text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
.text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
.text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\WINDOWS\system32\lsass.exe[784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\WINDOWS\system32\lsass.exe[784] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
.text C:\WINDOWS\system32\lsass.exe[784] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
? C:\WINDOWS\system32\svchost.exe[948] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1028] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
? C:\WINDOWS\system32\svchost.exe[1032] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
? C:\WINDOWS\System32\svchost.exe[1088] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200B32FB
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200B2F86
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 200B2FDC
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200B33B6
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200B281D
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200B33E3
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestA 3D95EE91 5 Bytes JMP 200B27E8
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 200B3410
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetReadFileExW 3D963229 5 Bytes JMP 200B31E0
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetReadFileExA 3D963261 5 Bytes JMP 200B3139
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetWriteFile 3D9A6086 5 Bytes JMP 200B284F
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 200B3437
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestExA 3D9BA65A 5 Bytes JMP 200B27A2
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestExW 3D9BA6B3 5 Bytes JMP 200B275C
? C:\WINDOWS\system32\svchost.exe[1180] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
? C:\WINDOWS\system32\svchost.exe[1232] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1316] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\WINDOWS\system32\spoolsv.exe[1412] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
.text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
.text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
.text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
.text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
.text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
.text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
.text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
.text C:\WINDOWS\system32\spoolsv.exe[1412] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\WINDOWS\system32\SearchIndexer.exe[1556] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200B197B
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200B1CA5
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200B1FBE
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200B192D
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200B1E02
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200B1C36
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200B1D1A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200B1EDD
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200B1D8B
? C:\WINDOWS\Explorer.EXE[1708] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[1708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200B637E
.text C:\WINDOWS\Explorer.EXE[1708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 200AA164
.text C:\WINDOWS\Explorer.EXE[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200B61FA
.text C:\WINDOWS\Explorer.EXE[1708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200B0BA0
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200B32FB
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200B2F86
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 200B2FDC
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200B33B6
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200B281D
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200B33E3
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpSendRequestA 3D95EE91 5 Bytes JMP 200B27E8
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 200B3410
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetReadFileExW 3D963229 5 Bytes JMP 200B31E0
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetReadFileExA 3D963261 5 Bytes JMP 200B3139
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetWriteFile 3D9A6086 5 Bytes JMP 200B284F
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 200B3437
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpSendRequestExA 3D9BA65A 5 Bytes JMP 200B27A2
.text C:\WINDOWS\Explorer.EXE[1708] WININET.dll!HttpSendRequestExW 3D9BA6B3 5 Bytes JMP 200B275C
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2124] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\Program Files\Java\jre6\bin\jqs.exe[2192] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\CAP3RSK.EXE[2264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\CAP3RSK.EXE[2264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\CAP3RSK.EXE[2264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\CAP3RSK.EXE[2264] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
 
GMER LOG part 2
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2352] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2456] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2006197B
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20061CA5
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20061FBE
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2006192D
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20061E02
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20061C36
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20061D1A
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20061EDD
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE[2536] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20061D8B
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2628] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2628] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2628] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
.text C:\WINDOWS\system32\SearchProtocolHost.exe[2676] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
.text C:\WINDOWS\system32\SearchProtocolHost.exe[2676] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
.text C:\WINDOWS\system32\SearchProtocolHost.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
.text C:\WINDOWS\system32\SearchProtocolHost.exe[2676] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200661FA
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2006197B
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20061CA5
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20061FBE
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2006192D
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20061E02
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20061C36
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20061D1A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20061EDD
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20061D8B
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2700] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
.text C:\WINDOWS\system32\RUNDLL32.EXE[2900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\RUNDLL32.EXE[2900] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\RUNDLL32.EXE[2900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\RUNDLL32.EXE[2900] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\nvsvc32.exe[3132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\nvsvc32.exe[3132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\nvsvc32.exe[3132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\nvsvc32.exe[3132] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text D:\downloads\k87m9wmw.exe[3296] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text D:\downloads\k87m9wmw.exe[3296] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text D:\downloads\k87m9wmw.exe[3296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text D:\downloads\k87m9wmw.exe[3296] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3324] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3420] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3420] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3420] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
? C:\WINDOWS\system32\svchost.exe[3484] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[3484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\svchost.exe[3484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\svchost.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\svchost.exe[3484] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\WINDOWS\system32\svchost.exe[3484] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[3728] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\wuauclt.exe[3796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\wuauclt.exe[3796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\wuauclt.exe[3796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\wuauclt.exe[3796] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\System32\alg.exe[4052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\System32\alg.exe[4052] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\System32\alg.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200261FA
.text C:\WINDOWS\System32\alg.exe[4052] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\WINDOWS\System32\alg.exe[4052] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Threads - GMER 1.0.15 ----

Thread System [4:312] 8A33E16D
Thread System [4:620] 89239B90

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\_restore{7CE057A4-6929-4922-A033-35A39E9CFEE9}\RP1\A0004280.dll 120168 bytes executable
File C:\System Volume Information\_restore{7CE057A4-6929-4922-A033-35A39E9CFEE9}\RP1\A0004281.exe 251296 bytes executable
File C:\System Volume Information\_restore{7CE057A4-6929-4922-A033-35A39E9CFEE9}\RP1\A0004282.exe 280024 bytes executable
File C:\System Volume Information\_restore{7CE057A4-6929-4922-A033-35A39E9CFEE9}\RP1\A0004283.dll 20547000 bytes executable
File C:\Documents and Settings\User\Local Settings\Application Data\fawkipfv\ngowspoj.exe 114035 bytes executable
File C:\Documents and Settings\User\Start Menu\Programs\Startup\ngowspoj.exe 114035 bytes executable

---- EOF - GMER 1.0.15 ----
 

DDS LOG
--------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by User at 15:46:00 on 2011-10-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1069 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\user\local settings\application data\fawkipfv\ngowspoj.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NgoWspoj] c:\documents and settings\user\local settings\application data\fawkipfv\ngowspoj.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\office\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ardensupport.webex.com/client/T26L/support/ieatgpc.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7D169066-9198-46B4-8C93-20AD4B762C49} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\k3zxk4zj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://uk.ask.com/?o=16148&l=dis
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-10-10 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-2 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-2 108552]
R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [2009-2-4 49720]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-10 136360]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-2 297752]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-10 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-10 366152]
R2 MSSQL$DESKTOPCAD3D;SQL Server (DESKTOPCAD3D);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R3 dk2usb;DK2usb Driver;c:\windows\system32\drivers\dk2usb.sys [2009-2-4 18224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-10 22216]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-10-10 269480]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 sdusb;TECHKON SpectroDens Driver (sdusb.sys);c:\windows\system32\drivers\sdusb.sys [2010-9-27 22912]
S3 SPSniff;SPSniff;c:\program files\eltima software\serial port monitor\SPSniff.sys [2009-3-17 9984]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
.
=============== Created Last 30 ================
.
2011-10-10 12:07:10 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2011-10-10 12:06:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-10 12:06:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-10 12:06:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-10 10:23:10 -------- d-----w- c:\documents and settings\user\application data\Avira
2011-10-10 10:22:02 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-10 10:22:01 -------- d-----w- c:\program files\Avira
2011-10-10 10:22:01 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-10-07 14:56:19 -------- d-----w- c:\documents and settings\user\local settings\application data\fawkipfv
2011-09-26 10:42:53 -------- d-----w- c:\documents and settings\user\local settings\application data\Google
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-23 08:22:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 15:46:43.09 ===============
 
and the attach.txt log
-------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2009 14:08:22
System Uptime: 10/10/2011 14:19:05 (1 hours ago)
.
Motherboard: FUJITSU SIEMENS | | D2730-A1
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 126.529 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 10/10/2011 10:30:03 - System Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe SVG Viewer 3.0
AMD Processor Driver
Apple Application Support
Apple Software Update
Arden Package Installer
AutoDWG DWG to PDF Converter
AVG Free 8.5
Avira AntiVir Personal - Free Antivirus
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Canon LASER SHOT LBP-1120
CCleaner
desktopCAD 3D 2008
DK2 DESkey Drivers v7.18.0.33
EPSON Printer Software
EpsonNet Config V3
EpsonNet SetupManager
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (DESKTOPCAD3D)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.5.5)
MSXML 6.0 Parser
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel Protection Installer 7.2.2
Serial Port Monitor 2.1 (Build 2.1.6.67)
Spybot - Search & Destroy
TECHKON SpectroDens Connect
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.4
WebEx
WebFldrs XP
Windows Driver Package - TECHKON GmbH (sdusb) TECHKONUSBDevices (01/31/2003 2.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
10/10/2011 15:04:56, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6010.
10/10/2011 15:04:41, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
10/10/2011 15:04:41, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpband.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
10/10/2011 15:04:40, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5146.
10/10/2011 15:04:38, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
10/10/2011 14:59:57, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.6040.
10/10/2011 14:59:45, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5931.
10/10/2011 14:48:14, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4028.0.
10/10/2011 14:48:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
10/10/2011 14:21:04, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 amdagp sisagp viaagp
10/10/2011 11:25:29, error: Service Control Manager [7034] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 3 time(s).
10/10/2011 11:25:27, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/10/2011 11:25:25, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/10/2011 11:22:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service to connect.
10/10/2011 11:22:41, error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2011 11:21:25, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
10/10/2011 11:21:25, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
10/10/2011 11:21:25, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
10/10/2011 10:43:52, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
10/10/2011 10:43:52, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2011 10:43:52, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: Access is denied.
06/10/2011 09:18:03, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
.
==== End Of File ===========================

will post the mbam log tomorrow morning about 9:30am gmt

thank - you

Tom
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

I'll wait for MBAM log then.

Meanwhile you're running two AV programs, Avira and AVG.
One of them has to go.
If AVG (preferably), make sure to use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities
 
the boss decided this morning that he couldn't wait and we reformatted the computer.

sorry for wasting your time

apologies

tom.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back