Inactive Redirect virus and IE running with out me opening it

Status
Not open for further replies.
B

Bigace11

Hello I been having a few problems with my laptop with a redirect and also with this redirect I had some trouble with another program I want to fix the redirect thing first. I have all the log files from the scans. Thanks in advance for the help



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6796

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/7/2011 6:42:07 AM
mbam-log-2011-06-07 (06-42-07).txt

Scan type: Quick scan
Objects scanned: 147432
Time elapsed: 12 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\jeremy\local settings\Temp\2143E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jeremy\local settings\Temp\tmp96B6.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jeremy\local settings\Temp\ldra5aa.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-07 09:23:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC74P
Running: 45fwy3do.exe; Driver: C:\DOCUME~1\jeremy\LOCALS~1\Temp\agndapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7916738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF79167DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7916878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7916914]

---- Kernel code sections - GMER 1.0.15 ----

? mduh.sys The system cannot find the file specified. !
INITc VolSnap.sys F75D8BD0 4 Bytes [50, A5, 53, 80]
INITc VolSnap.sys F75D8BF8 4 Bytes [A8, A1, 4F, 80]
INITc VolSnap.sys F75D8C20 4 Bytes [A6, AE, 4F, 80]
INITc VolSnap.sys F75D8C48 4 Bytes [20, FF, 4F, 80]
INITc VolSnap.sys F75D8C70 4 Bytes [6A, A8, 4F, 80]
INITc ...
? C:\DOCUME~1\jeremy\LOCALS~1\Temp\agndapod.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WININET.dll!HttpAddRequestHeadersA 771C40CA 7 Bytes JMP 00BC64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WININET.dll!HttpAddRequestHeadersW 771CEEF4 5 Bytes JMP 00BC66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[568] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C0000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BE000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B9000A
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread System [4:128] 86CD5E7A
Thread System [4:132] 86CD8008



DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by jeremy at 9:27:19 on 2011-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.306 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jeremy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [Google Update] "c:\documents and settings\jeremy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\jeremy\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9BA159E7-9127-4D5C-8D7F-5749B16B341E} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jeremy\application data\mozilla\firefox\profiles\4m7nco2g.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\jeremy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: AVG Security Toolbar em:version=7.004.022.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-7 366640]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-23 984392]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-7 39984]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
.
=============== Created Last 30 ================
.
2011-06-07 10:26:30 -------- d-----w- c:\documents and settings\jeremy\application data\Malwarebytes
2011-06-07 10:26:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 10:25:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-07 10:25:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-07 07:33:38 -------- d-----w- c:\windows\system32\appmgmt
2011-06-02 00:26:54 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-02 00:26:49 -------- d-----w- c:\documents and settings\jeremy\local settings\application data\NPE
2011-05-24 16:28:42 -------- d-----w- c:\documents and settings\jeremy\local settings\application data\AVG Security Toolbar
2011-05-23 14:21:30 -------- d--h--w- C:\$AVG
2011-05-23 12:05:14 -------- d-----w- c:\documents and settings\jeremy\application data\AVG10
2011-05-23 11:50:37 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-05-23 11:47:13 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-23 11:47:13 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-05-23 11:45:57 -------- d-----w- c:\program files\AVG
2011-05-23 11:14:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-23 11:14:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 23:42:44 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2011-05-21 23:42:20 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 9:28:14.84 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/24/2010 8:31:56 AM
System Uptime: 6/7/2011 6:44:07 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0MD666
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 797/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 40.521 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Service:
.
==== System Restore Points ===================
.
RP203: 4/6/2011 1:32:39 AM - System Checkpoint
RP204: 4/7/2011 1:34:46 AM - System Checkpoint
RP205: 4/8/2011 2:33:48 AM - System Checkpoint
RP206: 4/9/2011 3:32:44 AM - System Checkpoint
RP207: 4/10/2011 4:33:49 AM - System Checkpoint
RP208: 4/11/2011 9:31:29 PM - System Checkpoint
RP209: 4/13/2011 9:23:18 PM - System Checkpoint
RP210: 4/16/2011 7:54:04 AM - System Checkpoint
RP211: 4/17/2011 8:45:58 AM - System Checkpoint
RP212: 4/18/2011 9:20:48 AM - System Checkpoint
RP213: 4/19/2011 10:19:03 AM - System Checkpoint
RP214: 4/20/2011 7:45:21 PM - System Checkpoint
RP215: 4/21/2011 8:58:41 PM - System Checkpoint
RP216: 4/23/2011 4:43:39 PM - System Checkpoint
RP217: 4/24/2011 9:06:12 PM - System Checkpoint
RP218: 4/26/2011 2:55:46 AM - System Checkpoint
RP219: 4/27/2011 3:37:45 AM - System Checkpoint
RP220: 4/28/2011 10:24:28 AM - System Checkpoint
RP221: 4/29/2011 1:21:23 PM - System Checkpoint
RP222: 5/2/2011 3:23:55 PM - System Checkpoint
RP223: 5/3/2011 6:24:07 PM - System Checkpoint
RP224: 5/4/2011 10:52:40 PM - System Checkpoint
RP225: 5/6/2011 8:48:43 PM - System Checkpoint
RP226: 5/8/2011 10:09:24 PM - System Checkpoint
RP227: 5/9/2011 10:20:26 PM - System Checkpoint
RP228: 5/11/2011 12:39:10 AM - System Checkpoint
RP229: 5/12/2011 12:46:09 AM - System Checkpoint
RP230: 5/13/2011 1:44:17 AM - System Checkpoint
RP231: 5/14/2011 3:01:20 AM - System Checkpoint
RP232: 5/15/2011 3:29:34 AM - System Checkpoint
RP233: 5/16/2011 10:43:26 PM - System Checkpoint
RP234: 5/17/2011 11:42:29 PM - System Checkpoint
RP235: 5/19/2011 8:54:27 PM - System Checkpoint
RP236: 5/21/2011 5:33:13 PM - System Checkpoint
RP237: 5/21/2011 6:38:29 PM - Restore Operation
RP238: 5/22/2011 8:09:41 PM - System Checkpoint
RP239: 5/23/2011 7:07:10 AM - Restore Operation
RP240: 5/23/2011 7:36:47 AM - avast! Free Antivirus Setup
RP241: 5/23/2011 7:45:54 AM - Installed AVG 2011
RP242: 5/23/2011 7:46:44 AM - Installed AVG 2011
RP243: 5/24/2011 9:09:26 AM - System Checkpoint
RP244: 5/25/2011 7:42:23 PM - System Checkpoint
RP245: 5/26/2011 9:15:36 PM - System Checkpoint
RP246: 5/28/2011 7:05:06 PM - System Checkpoint
RP247: 5/30/2011 8:07:14 PM - System Checkpoint
RP248: 5/31/2011 11:43:28 AM - Removed Skype Toolbars
RP249: 6/1/2011 7:52:43 PM - Restore Operation
RP250: 6/1/2011 7:58:01 PM - Restore Operation
RP251: 6/1/2011 8:03:18 PM - Restore Operation
RP252: 6/2/2011 9:50:56 PM - System Checkpoint
RP253: 6/6/2011 11:13:40 PM - System Checkpoint
RP254: 6/7/2011 3:37:59 AM - Restore Operation
RP255: 6/7/2011 3:39:17 AM - Removed Skype™ 5.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
ATI - Software Uninstall Utility
AVG 2011
Broadcom 440x 10/100 Integrated Controller
Conexant HDA D110 MDC V.92 Modem
Dell Resource CD
Dell Wireless WLAN Card
ESPNMotion
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
FrostWire 4.21.1
GemMaster Mystic
Google Chrome
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.13)
MSN
Otto
PlayOnline Viewer & Tetra Master
SigmaTel Audio
Sonic Encoders
Synaptics Pointing Device Driver
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Media Format 11 runtime
Windows Mobile Device Updater Component
Windows XP Service Pack 3
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
6/7/2011 8:49:47 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/7/2011 8:41:30 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/7/2011 6:45:02 AM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
6/7/2011 6:45:02 AM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
6/7/2011 6:15:18 AM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/7/2011 6:15:09 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:14:31 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/7/2011 6:13:03 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/7/2011 6:12:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:12:37 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:12:26 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/6/2011 5:46:53 PM, error: Service Control Manager [7031] - The Zune Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/3/2011 5:44:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR162.SYS' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/1/2011 8:03:10 PM, error: ZuneNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupt. Verify that DRM-protected files play correctly in the Zune software, then restart the ZuneNetworkSvc service.
.
==== End Of File ===========================
 
Welcome to TechSpot! I will help with the malware.

You mentioned having a problem with particular program. Please let me know what that is so I can determine if it's related to malware.
=============================================
I'd like you to run Combofix. Unfortunately, it won't run with AVG and there is no way to fully disable it. So please use the following:
Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=========================================
Please leave all logs in your next reply.

Note: You are using Frost wire which is a file sharing program. Please either uninstall it or disable it. Do not use while we are cleaning.
 
ESET won't let me run it. It says proxy server configure. Here is the log from CF



ComboFix 11-06-06.07 - jeremy 06/07/2011 16:48:05.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.715 [GMT -4:00]
Running from: c:\documents and settings\jeremy\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 19:07 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-07 19:07 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-07 19:07 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-07 19:07 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-07 19:07 . 2011-06-07 19:07 -------- d-----w- c:\program files\Avira
2011-06-07 19:07 . 2011-06-07 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-07 17:00 . 2011-06-07 17:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 10:26 . 2011-06-07 10:26 -------- d-----w- c:\documents and settings\jeremy\Application Data\Malwarebytes
2011-06-07 10:26 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 10:25 . 2011-06-07 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-07 10:25 . 2011-06-07 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-02 00:26 . 2011-06-07 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-06-02 00:26 . 2011-06-02 00:35 -------- d-----w- c:\documents and settings\jeremy\Local Settings\Application Data\NPE
2011-05-24 16:28 . 2011-05-24 16:28 -------- d-----w- c:\documents and settings\jeremy\Local Settings\Application Data\AVG Security Toolbar
2011-05-23 14:21 . 2011-05-23 14:21 -------- d-----w- C:\$AVG
2011-05-23 11:47 . 2011-06-07 18:42 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-23 11:14 . 2011-05-23 11:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 23:42 . 2011-05-21 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-07_19.33.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-07 19:48 . 2011-06-07 19:48 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2004-08-10 11:00 . 2011-06-07 19:53 83848 c:\windows\system32\perfc009.dat
- 2004-08-10 11:00 . 2011-06-07 18:56 83848 c:\windows\system32\perfc009.dat
+ 2004-08-10 11:00 . 2008-04-14 07:11 52352 c:\windows\system32\dllcache\volsnap.sys
+ 2004-08-10 11:00 . 2011-06-07 19:53 472204 c:\windows\system32\perfh009.dat
- 2004-08-10 11:00 . 2011-06-07 18:56 472204 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-02 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-02 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-02 94208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\documents and settings\jeremy\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-8-17 114688]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
openURL.vbs [2011-6-7 131]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/7/2011 3:08 PM 136360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 6:26 AM 366640]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 4:19 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1450960922-1801674531-1003Core.job
- c:\documents and settings\jeremy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 03:49]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1450960922-1801674531-1003UA.job
- c:\documents and settings\jeremy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 03:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\jeremy\Application Data\Mozilla\Firefox\Profiles\4m7nco2g.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 16:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-07 17:00:08
ComboFix-quarantined-files.txt 2011-06-07 21:00
ComboFix2.txt 2011-06-07 19:36
.
Pre-Run: 44,961,898,496 bytes free
Post-Run: 44,948,332,544 bytes free
.
- - End Of File - - 9F8D9A0729AB7B35BCF57200306BA8A5
 
One should no tget so impatient in one day! I am still helping people who started threads days ago!

To disable the proxy:
Internet Explorer
1. Under "Tools" in the browser tool bar select "Internet Options".
2. In the "Internet Options" window that pops up, click the "Connections" tab at the top.
3. Click "LAN Settings" near the bottom of the "Connections" section.
4. If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
5. Click "OK" to close the "Local Area Network (LAN) Settings" window.
6. Click "OK" to close the "Internet Options" window.
7. You have completed removing the proxy settings for Internet Explorer.
Firefox
1. Under "Tools" in the browser tool bar select "Options".
2. In the "Options" window that pops up, click the "Advanced" tab at the top.
3. Click the "Network" subtab, and then click the "Settings" button in the "Connections" area.
4. If "No proxy" isn't selected, click it to mark "No proxy" as your preference

Please reboot and try the Eset scan again.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
829
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni

Latest posts

Back