Ran Dr. web and it said I have the Backdoor.Tdss.565 virus.
Read the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/8/2011 3:49:43 PM
mbam-log-2011-05-08 (15-49-43).txt
Scan type: Quick scan
Objects scanned: 132260
Time elapsed: 13 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a962e9f8-b6c7-4073-80cd-59e3083fd8a5} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a962e9f8-b6c7-4073-80cd-59e3083fd8a5} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\dbnetli.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\config\systemprofile\Desktop\PC_Antispyware2010.lnk (Rogue.PCAntispy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
_________________________________________________________________
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-08 19:04:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS548040M9AT00 rev.MG2OA5EA
Running: c1xdgp8w.exe; Driver: C:\DOCUME~1\Home\LOCALS~1\Temp\pwdoikoc.sys
---- Kernel code sections - GMER 1.0.15 ----
? evvkym.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \Fat A90C3D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
_________________________________________________________________
DDS.txt
DDS (Ver_11-03-05.01) - NTFSx86
Run by Home at 19:18:47.76 on Sun 05/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.199 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Home\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.google.com
mURLSearchHooks: H - No File
_________________________________________________________________
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/30/2005 8:13:05 AM
System Uptime: 5/8/2011 3:51:32 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0W9260
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 18.545 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp
.
==== System Restore Points ===================
.
RP1172: 3/6/2011 9:07:38 AM - Software Distribution Service 3.0
RP1173: 3/7/2011 6:51:56 PM - Software Distribution Service 3.0
RP1174: 3/8/2011 7:32:47 PM - Software Distribution Service 3.0
RP1175: 3/8/2011 8:02:09 PM - Software Distribution Service 3.0
RP1176: 3/9/2011 8:34:47 PM - Software Distribution Service 3.0
RP1177: 3/10/2011 10:02:31 PM - Software Distribution Service 3.0
RP1178: 3/12/2011 10:19:08 AM - Software Distribution Service 3.0
RP1179: 3/12/2011 10:57:15 PM - Software Distribution Service 3.0
RP1180: 3/13/2011 6:20:26 PM - Software Distribution Service 3.0
RP1181: 3/14/2011 6:23:20 PM - System Checkpoint
RP1182: 3/15/2011 6:29:23 PM - Software Distribution Service 3.0
RP1183: 3/16/2011 7:33:05 PM - Software Distribution Service 3.0
RP1184: 3/17/2011 8:50:46 PM - Software Distribution Service 3.0
RP1185: 3/18/2011 9:05:41 PM - System Checkpoint
RP1186: 3/19/2011 10:04:07 AM - Software Distribution Service 3.0
RP1187: 3/20/2011 10:15:49 AM - System Checkpoint
RP1188: 3/20/2011 11:14:34 AM - Software Distribution Service 3.0
RP1189: 3/21/2011 5:09:09 PM - Software Distribution Service 3.0
RP1190: 3/22/2011 5:22:45 PM - Software Distribution Service 3.0
RP1191: 3/23/2011 6:34:42 PM - Software Distribution Service 3.0
RP1192: 3/24/2011 6:32:16 PM - Software Distribution Service 3.0
RP1193: 3/24/2011 6:41:46 PM - Software Distribution Service 3.0
RP1194: 3/25/2011 9:16:26 PM - Software Distribution Service 3.0
RP1195: 3/27/2011 8:13:39 AM - Software Distribution Service 3.0
RP1196: 3/28/2011 5:36:30 PM - Software Distribution Service 3.0
RP1197: 3/29/2011 6:53:38 PM - Software Distribution Service 3.0
RP1198: 3/30/2011 7:34:08 PM - Software Distribution Service 3.0
RP1199: 4/2/2011 8:56:09 AM - System Checkpoint
RP1200: 4/2/2011 9:12:08 AM - Software Distribution Service 3.0
RP1201: 4/3/2011 10:58:12 AM - Software Distribution Service 3.0
RP1202: 4/4/2011 6:57:23 PM - Software Distribution Service 3.0
RP1203: 4/5/2011 8:12:46 PM - Software Distribution Service 3.0
RP1204: 4/6/2011 9:17:31 PM - Software Distribution Service 3.0
RP1205: 4/9/2011 8:11:35 PM - Software Distribution Service 3.0
RP1206: 4/11/2011 6:24:36 PM - Software Distribution Service 3.0
RP1207: 4/12/2011 6:53:17 PM - System Checkpoint
RP1208: 4/13/2011 5:57:39 PM - Software Distribution Service 3.0
RP1209: 4/14/2011 8:23:56 PM - Software Distribution Service 3.0
RP1210: 4/15/2011 6:23:21 PM - Software Distribution Service 3.0
RP1211: 4/16/2011 6:34:51 PM - System Checkpoint
RP1212: 4/17/2011 1:44:13 PM - Software Distribution Service 3.0
RP1213: 4/18/2011 6:43:22 PM - Software Distribution Service 3.0
RP1214: 4/20/2011 6:43:45 PM - Software Distribution Service 3.0
RP1215: 4/21/2011 6:08:40 PM - Software Distribution Service 3.0
RP1216: 4/22/2011 7:41:24 PM - Software Distribution Service 3.0
RP1217: 4/23/2011 10:25:56 PM - Software Distribution Service 3.0
RP1218: 4/24/2011 8:00:22 PM - Software Distribution Service 3.0
RP1219: 4/25/2011 7:10:15 PM - Software Distribution Service 3.0
RP1220: 4/26/2011 7:21:21 PM - System Checkpoint
RP1221: 4/26/2011 8:00:18 PM - Software Distribution Service 3.0
RP1222: 4/27/2011 7:59:19 PM - Software Distribution Service 3.0
RP1223: 4/28/2011 8:02:58 PM - Software Distribution Service 3.0
RP1224: 4/29/2011 8:09:32 PM - System Checkpoint
RP1225: 4/30/2011 10:14:45 AM - Software Distribution Service 3.0
RP1226: 5/1/2011 11:02:04 AM - System Checkpoint
RP1227: 5/1/2011 7:02:19 PM - Software Distribution Service 3.0
RP1228: 5/3/2011 7:13:51 PM - Software Distribution Service 3.0
RP1229: 5/5/2011 8:11:33 PM - Software Distribution Service 3.0
RP1230: 5/8/2011 12:37:00 PM - Installed Java(TM) 6 Update 24
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
ALPS Touch Pad Driver
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bicycle Casino
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell System Restore
DellSupport
Digital Line Detect
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
HP Deskjet 6800
HP Diagnostic Assistant
HP PrecisionScan
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 6
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft ActiveSync 4.0
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works 6-9 Converter
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
mWlsSafe
mXML
My Way Search Assistant
mZConfig
Overland
PowerDVD 5.5
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982802)
TurboTax ItsDeductible 2006
TurboTax Premier Investments 2006
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB971029)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/8/2011 3:52:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
5/8/2011 3:52:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/8/2011 2:28:00 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:28:00 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:55 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/8/2011 2:27:54 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:54 PM, error: Service Control Manager [7034] - The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:54 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:54 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:53 PM, error: Service Control Manager [7034] - The WLANKEEPER service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:53 PM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:53 PM, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:53 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
5/8/2011 2:27:53 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/8/2011 12:21:09 PM, error: Service Control Manager [7034] - The Google Update Service service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 11:18:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1115.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
5/7/2011 8:29:10 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1115.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
5/7/2011 8:16:12 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
Read the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/8/2011 3:49:43 PM
mbam-log-2011-05-08 (15-49-43).txt
Scan type: Quick scan
Objects scanned: 132260
Time elapsed: 13 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a962e9f8-b6c7-4073-80cd-59e3083fd8a5} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a962e9f8-b6c7-4073-80cd-59e3083fd8a5} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\dbnetli.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\config\systemprofile\Desktop\PC_Antispyware2010.lnk (Rogue.PCAntispy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
_________________________________________________________________
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-08 19:04:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS548040M9AT00 rev.MG2OA5EA
Running: c1xdgp8w.exe; Driver: C:\DOCUME~1\Home\LOCALS~1\Temp\pwdoikoc.sys
---- Kernel code sections - GMER 1.0.15 ----
? evvkym.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \Fat A90C3D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
_________________________________________________________________
DDS.txt
DDS (Ver_11-03-05.01) - NTFSx86
Run by Home at 19:18:47.76 on Sun 05/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.199 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Home\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.google.com
mURLSearchHooks: H - No File
_________________________________________________________________
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/30/2005 8:13:05 AM
System Uptime: 5/8/2011 3:51:32 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0W9260
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 18.545 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp
.
==== System Restore Points ===================
.
RP1172: 3/6/2011 9:07:38 AM - Software Distribution Service 3.0
RP1173: 3/7/2011 6:51:56 PM - Software Distribution Service 3.0
RP1174: 3/8/2011 7:32:47 PM - Software Distribution Service 3.0
RP1175: 3/8/2011 8:02:09 PM - Software Distribution Service 3.0
RP1176: 3/9/2011 8:34:47 PM - Software Distribution Service 3.0
RP1177: 3/10/2011 10:02:31 PM - Software Distribution Service 3.0
RP1178: 3/12/2011 10:19:08 AM - Software Distribution Service 3.0
RP1179: 3/12/2011 10:57:15 PM - Software Distribution Service 3.0
RP1180: 3/13/2011 6:20:26 PM - Software Distribution Service 3.0
RP1181: 3/14/2011 6:23:20 PM - System Checkpoint
RP1182: 3/15/2011 6:29:23 PM - Software Distribution Service 3.0
RP1183: 3/16/2011 7:33:05 PM - Software Distribution Service 3.0
RP1184: 3/17/2011 8:50:46 PM - Software Distribution Service 3.0
RP1185: 3/18/2011 9:05:41 PM - System Checkpoint
RP1186: 3/19/2011 10:04:07 AM - Software Distribution Service 3.0
RP1187: 3/20/2011 10:15:49 AM - System Checkpoint
RP1188: 3/20/2011 11:14:34 AM - Software Distribution Service 3.0
RP1189: 3/21/2011 5:09:09 PM - Software Distribution Service 3.0
RP1190: 3/22/2011 5:22:45 PM - Software Distribution Service 3.0
RP1191: 3/23/2011 6:34:42 PM - Software Distribution Service 3.0
RP1192: 3/24/2011 6:32:16 PM - Software Distribution Service 3.0
RP1193: 3/24/2011 6:41:46 PM - Software Distribution Service 3.0
RP1194: 3/25/2011 9:16:26 PM - Software Distribution Service 3.0
RP1195: 3/27/2011 8:13:39 AM - Software Distribution Service 3.0
RP1196: 3/28/2011 5:36:30 PM - Software Distribution Service 3.0
RP1197: 3/29/2011 6:53:38 PM - Software Distribution Service 3.0
RP1198: 3/30/2011 7:34:08 PM - Software Distribution Service 3.0
RP1199: 4/2/2011 8:56:09 AM - System Checkpoint
RP1200: 4/2/2011 9:12:08 AM - Software Distribution Service 3.0
RP1201: 4/3/2011 10:58:12 AM - Software Distribution Service 3.0
RP1202: 4/4/2011 6:57:23 PM - Software Distribution Service 3.0
RP1203: 4/5/2011 8:12:46 PM - Software Distribution Service 3.0
RP1204: 4/6/2011 9:17:31 PM - Software Distribution Service 3.0
RP1205: 4/9/2011 8:11:35 PM - Software Distribution Service 3.0
RP1206: 4/11/2011 6:24:36 PM - Software Distribution Service 3.0
RP1207: 4/12/2011 6:53:17 PM - System Checkpoint
RP1208: 4/13/2011 5:57:39 PM - Software Distribution Service 3.0
RP1209: 4/14/2011 8:23:56 PM - Software Distribution Service 3.0
RP1210: 4/15/2011 6:23:21 PM - Software Distribution Service 3.0
RP1211: 4/16/2011 6:34:51 PM - System Checkpoint
RP1212: 4/17/2011 1:44:13 PM - Software Distribution Service 3.0
RP1213: 4/18/2011 6:43:22 PM - Software Distribution Service 3.0
RP1214: 4/20/2011 6:43:45 PM - Software Distribution Service 3.0
RP1215: 4/21/2011 6:08:40 PM - Software Distribution Service 3.0
RP1216: 4/22/2011 7:41:24 PM - Software Distribution Service 3.0
RP1217: 4/23/2011 10:25:56 PM - Software Distribution Service 3.0
RP1218: 4/24/2011 8:00:22 PM - Software Distribution Service 3.0
RP1219: 4/25/2011 7:10:15 PM - Software Distribution Service 3.0
RP1220: 4/26/2011 7:21:21 PM - System Checkpoint
RP1221: 4/26/2011 8:00:18 PM - Software Distribution Service 3.0
RP1222: 4/27/2011 7:59:19 PM - Software Distribution Service 3.0
RP1223: 4/28/2011 8:02:58 PM - Software Distribution Service 3.0
RP1224: 4/29/2011 8:09:32 PM - System Checkpoint
RP1225: 4/30/2011 10:14:45 AM - Software Distribution Service 3.0
RP1226: 5/1/2011 11:02:04 AM - System Checkpoint
RP1227: 5/1/2011 7:02:19 PM - Software Distribution Service 3.0
RP1228: 5/3/2011 7:13:51 PM - Software Distribution Service 3.0
RP1229: 5/5/2011 8:11:33 PM - Software Distribution Service 3.0
RP1230: 5/8/2011 12:37:00 PM - Installed Java(TM) 6 Update 24
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
ALPS Touch Pad Driver
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bicycle Casino
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell System Restore
DellSupport
Digital Line Detect
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
HP Deskjet 6800
HP Diagnostic Assistant
HP PrecisionScan
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 6
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft ActiveSync 4.0
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works 6-9 Converter
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
mWlsSafe
mXML
My Way Search Assistant
mZConfig
Overland
PowerDVD 5.5
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982802)
TurboTax ItsDeductible 2006
TurboTax Premier Investments 2006
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB971029)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/8/2011 3:52:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
5/8/2011 3:52:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/8/2011 2:28:00 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:28:00 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:55 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/8/2011 2:27:54 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:54 PM, error: Service Control Manager [7034] - The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:54 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:54 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:53 PM, error: Service Control Manager [7034] - The WLANKEEPER service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:53 PM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:53 PM, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 2:27:53 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
5/8/2011 2:27:53 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/8/2011 12:21:09 PM, error: Service Control Manager [7034] - The Google Update Service service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 11:18:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1115.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
5/7/2011 8:29:10 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1115.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
5/7/2011 8:16:12 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================