Hello I been having a few problems with my laptop with a redirect and also with this redirect I had some trouble with another program I want to fix the redirect thing first. I have all the log files from the scans. Thanks in advance for the help
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6796
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
6/7/2011 6:42:07 AM
mbam-log-2011-06-07 (06-42-07).txt
Scan type: Quick scan
Objects scanned: 147432
Time elapsed: 12 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\jeremy\local settings\Temp\2143E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jeremy\local settings\Temp\tmp96B6.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jeremy\local settings\Temp\ldra5aa.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-07 09:23:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC74P
Running: 45fwy3do.exe; Driver: C:\DOCUME~1\jeremy\LOCALS~1\Temp\agndapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7916738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF79167DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7916878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7916914]
---- Kernel code sections - GMER 1.0.15 ----
? mduh.sys The system cannot find the file specified. !
INITc VolSnap.sys F75D8BD0 4 Bytes [50, A5, 53, 80]
INITc VolSnap.sys F75D8BF8 4 Bytes [A8, A1, 4F, 80]
INITc VolSnap.sys F75D8C20 4 Bytes [A6, AE, 4F, 80]
INITc VolSnap.sys F75D8C48 4 Bytes [20, FF, 4F, 80]
INITc VolSnap.sys F75D8C70 4 Bytes [6A, A8, 4F, 80]
INITc ...
? C:\DOCUME~1\jeremy\LOCALS~1\Temp\agndapod.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WININET.dll!HttpAddRequestHeadersA 771C40CA 7 Bytes JMP 00BC64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WININET.dll!HttpAddRequestHeadersW 771CEEF4 5 Bytes JMP 00BC66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C0000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- Threads - GMER 1.0.15 ----
Thread System [4:128] 86CD5E7A
Thread System [4:132] 86CD8008
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by jeremy at 9:27:19 on 2011-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.306 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [Google Update] "c:\documents and settings\jeremy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\jeremy\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9BA159E7-9127-4D5C-8D7F-5749B16B341E} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jeremy\application data\mozilla\firefox\profiles\4m7nco2g.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\jeremy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: AVG Security Toolbar em:version=7.004.022.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-7 366640]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-23 984392]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-7 39984]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
.
=============== Created Last 30 ================
.
2011-06-07 10:26:30 -------- d-----w- c:\documents and settings\jeremy\application data\Malwarebytes
2011-06-07 10:26:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 10:25:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-07 10:25:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-07 07:33:38 -------- d-----w- c:\windows\system32\appmgmt
2011-06-02 00:26:54 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-02 00:26:49 -------- d-----w- c:\documents and settings\jeremy\local settings\application data\NPE
2011-05-24 16:28:42 -------- d-----w- c:\documents and settings\jeremy\local settings\application data\AVG Security Toolbar
2011-05-23 14:21:30 -------- d--h--w- C:\$AVG
2011-05-23 12:05:14 -------- d-----w- c:\documents and settings\jeremy\application data\AVG10
2011-05-23 11:50:37 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-05-23 11:47:13 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-23 11:47:13 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-05-23 11:45:57 -------- d-----w- c:\program files\AVG
2011-05-23 11:14:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-23 11:14:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 23:42:44 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2011-05-21 23:42:20 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 9:28:14.84 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/24/2010 8:31:56 AM
System Uptime: 6/7/2011 6:44:07 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0MD666
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 797/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 40.521 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Service:
.
==== System Restore Points ===================
.
RP203: 4/6/2011 1:32:39 AM - System Checkpoint
RP204: 4/7/2011 1:34:46 AM - System Checkpoint
RP205: 4/8/2011 2:33:48 AM - System Checkpoint
RP206: 4/9/2011 3:32:44 AM - System Checkpoint
RP207: 4/10/2011 4:33:49 AM - System Checkpoint
RP208: 4/11/2011 9:31:29 PM - System Checkpoint
RP209: 4/13/2011 9:23:18 PM - System Checkpoint
RP210: 4/16/2011 7:54:04 AM - System Checkpoint
RP211: 4/17/2011 8:45:58 AM - System Checkpoint
RP212: 4/18/2011 9:20:48 AM - System Checkpoint
RP213: 4/19/2011 10:19:03 AM - System Checkpoint
RP214: 4/20/2011 7:45:21 PM - System Checkpoint
RP215: 4/21/2011 8:58:41 PM - System Checkpoint
RP216: 4/23/2011 4:43:39 PM - System Checkpoint
RP217: 4/24/2011 9:06:12 PM - System Checkpoint
RP218: 4/26/2011 2:55:46 AM - System Checkpoint
RP219: 4/27/2011 3:37:45 AM - System Checkpoint
RP220: 4/28/2011 10:24:28 AM - System Checkpoint
RP221: 4/29/2011 1:21:23 PM - System Checkpoint
RP222: 5/2/2011 3:23:55 PM - System Checkpoint
RP223: 5/3/2011 6:24:07 PM - System Checkpoint
RP224: 5/4/2011 10:52:40 PM - System Checkpoint
RP225: 5/6/2011 8:48:43 PM - System Checkpoint
RP226: 5/8/2011 10:09:24 PM - System Checkpoint
RP227: 5/9/2011 10:20:26 PM - System Checkpoint
RP228: 5/11/2011 12:39:10 AM - System Checkpoint
RP229: 5/12/2011 12:46:09 AM - System Checkpoint
RP230: 5/13/2011 1:44:17 AM - System Checkpoint
RP231: 5/14/2011 3:01:20 AM - System Checkpoint
RP232: 5/15/2011 3:29:34 AM - System Checkpoint
RP233: 5/16/2011 10:43:26 PM - System Checkpoint
RP234: 5/17/2011 11:42:29 PM - System Checkpoint
RP235: 5/19/2011 8:54:27 PM - System Checkpoint
RP236: 5/21/2011 5:33:13 PM - System Checkpoint
RP237: 5/21/2011 6:38:29 PM - Restore Operation
RP238: 5/22/2011 8:09:41 PM - System Checkpoint
RP239: 5/23/2011 7:07:10 AM - Restore Operation
RP240: 5/23/2011 7:36:47 AM - avast! Free Antivirus Setup
RP241: 5/23/2011 7:45:54 AM - Installed AVG 2011
RP242: 5/23/2011 7:46:44 AM - Installed AVG 2011
RP243: 5/24/2011 9:09:26 AM - System Checkpoint
RP244: 5/25/2011 7:42:23 PM - System Checkpoint
RP245: 5/26/2011 9:15:36 PM - System Checkpoint
RP246: 5/28/2011 7:05:06 PM - System Checkpoint
RP247: 5/30/2011 8:07:14 PM - System Checkpoint
RP248: 5/31/2011 11:43:28 AM - Removed Skype Toolbars
RP249: 6/1/2011 7:52:43 PM - Restore Operation
RP250: 6/1/2011 7:58:01 PM - Restore Operation
RP251: 6/1/2011 8:03:18 PM - Restore Operation
RP252: 6/2/2011 9:50:56 PM - System Checkpoint
RP253: 6/6/2011 11:13:40 PM - System Checkpoint
RP254: 6/7/2011 3:37:59 AM - Restore Operation
RP255: 6/7/2011 3:39:17 AM - Removed Skype™ 5.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
ATI - Software Uninstall Utility
AVG 2011
Broadcom 440x 10/100 Integrated Controller
Conexant HDA D110 MDC V.92 Modem
Dell Resource CD
Dell Wireless WLAN Card
ESPNMotion
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
FrostWire 4.21.1
GemMaster Mystic
Google Chrome
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.13)
MSN
Otto
PlayOnline Viewer & Tetra Master
SigmaTel Audio
Sonic Encoders
Synaptics Pointing Device Driver
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Media Format 11 runtime
Windows Mobile Device Updater Component
Windows XP Service Pack 3
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
6/7/2011 8:49:47 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/7/2011 8:41:30 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/7/2011 6:45:02 AM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
6/7/2011 6:45:02 AM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
6/7/2011 6:15:18 AM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/7/2011 6:15:09 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:14:31 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/7/2011 6:13:03 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/7/2011 6:12:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:12:37 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:12:26 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/6/2011 5:46:53 PM, error: Service Control Manager [7031] - The Zune Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/3/2011 5:44:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR162.SYS' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/1/2011 8:03:10 PM, error: ZuneNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupt. Verify that DRM-protected files play correctly in the Zune software, then restart the ZuneNetworkSvc service.
.
==== End Of File ===========================
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6796
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
6/7/2011 6:42:07 AM
mbam-log-2011-06-07 (06-42-07).txt
Scan type: Quick scan
Objects scanned: 147432
Time elapsed: 12 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\jeremy\local settings\Temp\2143E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jeremy\local settings\Temp\tmp96B6.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jeremy\local settings\Temp\ldra5aa.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-07 09:23:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC74P
Running: 45fwy3do.exe; Driver: C:\DOCUME~1\jeremy\LOCALS~1\Temp\agndapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7916738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF79167DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7916878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7916914]
---- Kernel code sections - GMER 1.0.15 ----
? mduh.sys The system cannot find the file specified. !
INITc VolSnap.sys F75D8BD0 4 Bytes [50, A5, 53, 80]
INITc VolSnap.sys F75D8BF8 4 Bytes [A8, A1, 4F, 80]
INITc VolSnap.sys F75D8C20 4 Bytes [A6, AE, 4F, 80]
INITc VolSnap.sys F75D8C48 4 Bytes [20, FF, 4F, 80]
INITc VolSnap.sys F75D8C70 4 Bytes [6A, A8, 4F, 80]
INITc ...
? C:\DOCUME~1\jeremy\LOCALS~1\Temp\agndapod.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WININET.dll!HttpAddRequestHeadersA 771C40CA 7 Bytes JMP 00BC64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WININET.dll!HttpAddRequestHeadersW 771CEEF4 5 Bytes JMP 00BC66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C0000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- Threads - GMER 1.0.15 ----
Thread System [4:128] 86CD5E7A
Thread System [4:132] 86CD8008
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by jeremy at 9:27:19 on 2011-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.306 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [Google Update] "c:\documents and settings\jeremy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\jeremy\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9BA159E7-9127-4D5C-8D7F-5749B16B341E} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jeremy\application data\mozilla\firefox\profiles\4m7nco2g.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\jeremy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: AVG Security Toolbar em:version=7.004.022.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-7 366640]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-23 984392]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-7 39984]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
.
=============== Created Last 30 ================
.
2011-06-07 10:26:30 -------- d-----w- c:\documents and settings\jeremy\application data\Malwarebytes
2011-06-07 10:26:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 10:25:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-07 10:25:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-07 07:33:38 -------- d-----w- c:\windows\system32\appmgmt
2011-06-02 00:26:54 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-02 00:26:49 -------- d-----w- c:\documents and settings\jeremy\local settings\application data\NPE
2011-05-24 16:28:42 -------- d-----w- c:\documents and settings\jeremy\local settings\application data\AVG Security Toolbar
2011-05-23 14:21:30 -------- d--h--w- C:\$AVG
2011-05-23 12:05:14 -------- d-----w- c:\documents and settings\jeremy\application data\AVG10
2011-05-23 11:50:37 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-05-23 11:47:13 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-23 11:47:13 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-05-23 11:45:57 -------- d-----w- c:\program files\AVG
2011-05-23 11:14:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-23 11:14:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 23:42:44 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2011-05-21 23:42:20 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 9:28:14.84 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/24/2010 8:31:56 AM
System Uptime: 6/7/2011 6:44:07 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0MD666
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 797/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 40.521 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Service:
.
==== System Restore Points ===================
.
RP203: 4/6/2011 1:32:39 AM - System Checkpoint
RP204: 4/7/2011 1:34:46 AM - System Checkpoint
RP205: 4/8/2011 2:33:48 AM - System Checkpoint
RP206: 4/9/2011 3:32:44 AM - System Checkpoint
RP207: 4/10/2011 4:33:49 AM - System Checkpoint
RP208: 4/11/2011 9:31:29 PM - System Checkpoint
RP209: 4/13/2011 9:23:18 PM - System Checkpoint
RP210: 4/16/2011 7:54:04 AM - System Checkpoint
RP211: 4/17/2011 8:45:58 AM - System Checkpoint
RP212: 4/18/2011 9:20:48 AM - System Checkpoint
RP213: 4/19/2011 10:19:03 AM - System Checkpoint
RP214: 4/20/2011 7:45:21 PM - System Checkpoint
RP215: 4/21/2011 8:58:41 PM - System Checkpoint
RP216: 4/23/2011 4:43:39 PM - System Checkpoint
RP217: 4/24/2011 9:06:12 PM - System Checkpoint
RP218: 4/26/2011 2:55:46 AM - System Checkpoint
RP219: 4/27/2011 3:37:45 AM - System Checkpoint
RP220: 4/28/2011 10:24:28 AM - System Checkpoint
RP221: 4/29/2011 1:21:23 PM - System Checkpoint
RP222: 5/2/2011 3:23:55 PM - System Checkpoint
RP223: 5/3/2011 6:24:07 PM - System Checkpoint
RP224: 5/4/2011 10:52:40 PM - System Checkpoint
RP225: 5/6/2011 8:48:43 PM - System Checkpoint
RP226: 5/8/2011 10:09:24 PM - System Checkpoint
RP227: 5/9/2011 10:20:26 PM - System Checkpoint
RP228: 5/11/2011 12:39:10 AM - System Checkpoint
RP229: 5/12/2011 12:46:09 AM - System Checkpoint
RP230: 5/13/2011 1:44:17 AM - System Checkpoint
RP231: 5/14/2011 3:01:20 AM - System Checkpoint
RP232: 5/15/2011 3:29:34 AM - System Checkpoint
RP233: 5/16/2011 10:43:26 PM - System Checkpoint
RP234: 5/17/2011 11:42:29 PM - System Checkpoint
RP235: 5/19/2011 8:54:27 PM - System Checkpoint
RP236: 5/21/2011 5:33:13 PM - System Checkpoint
RP237: 5/21/2011 6:38:29 PM - Restore Operation
RP238: 5/22/2011 8:09:41 PM - System Checkpoint
RP239: 5/23/2011 7:07:10 AM - Restore Operation
RP240: 5/23/2011 7:36:47 AM - avast! Free Antivirus Setup
RP241: 5/23/2011 7:45:54 AM - Installed AVG 2011
RP242: 5/23/2011 7:46:44 AM - Installed AVG 2011
RP243: 5/24/2011 9:09:26 AM - System Checkpoint
RP244: 5/25/2011 7:42:23 PM - System Checkpoint
RP245: 5/26/2011 9:15:36 PM - System Checkpoint
RP246: 5/28/2011 7:05:06 PM - System Checkpoint
RP247: 5/30/2011 8:07:14 PM - System Checkpoint
RP248: 5/31/2011 11:43:28 AM - Removed Skype Toolbars
RP249: 6/1/2011 7:52:43 PM - Restore Operation
RP250: 6/1/2011 7:58:01 PM - Restore Operation
RP251: 6/1/2011 8:03:18 PM - Restore Operation
RP252: 6/2/2011 9:50:56 PM - System Checkpoint
RP253: 6/6/2011 11:13:40 PM - System Checkpoint
RP254: 6/7/2011 3:37:59 AM - Restore Operation
RP255: 6/7/2011 3:39:17 AM - Removed Skype™ 5.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
ATI - Software Uninstall Utility
AVG 2011
Broadcom 440x 10/100 Integrated Controller
Conexant HDA D110 MDC V.92 Modem
Dell Resource CD
Dell Wireless WLAN Card
ESPNMotion
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
FrostWire 4.21.1
GemMaster Mystic
Google Chrome
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.13)
MSN
Otto
PlayOnline Viewer & Tetra Master
SigmaTel Audio
Sonic Encoders
Synaptics Pointing Device Driver
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Media Format 11 runtime
Windows Mobile Device Updater Component
Windows XP Service Pack 3
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
6/7/2011 8:49:47 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/7/2011 8:41:30 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/7/2011 6:45:02 AM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
6/7/2011 6:45:02 AM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
6/7/2011 6:15:18 AM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/7/2011 6:15:09 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:14:31 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/7/2011 6:13:03 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/7/2011 6:12:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:12:37 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:12:26 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/6/2011 5:46:53 PM, error: Service Control Manager [7031] - The Zune Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/3/2011 5:44:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR162.SYS' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/1/2011 8:03:10 PM, error: ZuneNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupt. Verify that DRM-protected files play correctly in the Zune software, then restart the ZuneNetworkSvc service.
.
==== End Of File ===========================