0

Please help, something is wrong. I've been running Malwarebytes and AVG daily but something still seems wrong. My taskbar is beige as I type this and sometimes my speakers stop working.

I don't have the malwarebytes log because I ran it before coming to this forum.

Also when I ran GMER, it gave me a warning so I only have the 2nd log. (I accidentally clicked yes to scan at first, then went back to read the daniweb instructions, noticed my mistake, went back and stopped the scan and unchecked the appropriate boxes.)

GMER Log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-20 15:30:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3160815AS rev.3.ADA
Running: qyt6eq2r.exe; Driver: C:\DOCUME~1\LEIGHA~1\LOCALS~1\Temp\fxddapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x9B948534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x9B942782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x9B9616DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x9B948CC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x9B95BEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x9B95C2A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x9B965916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x9B948DF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x9B943398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x9B962FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x9B96293C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x9B95ADF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x9B96393C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x9B963B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x9B942FAA]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9B53BF3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x9B95DDF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x9B9648D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x9B964208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x9B9480F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x9B9652A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x9B9487DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x9B94375C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x9B964E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x9B9620C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x9B95CF0A]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9B53BFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9B53C080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9B53C11C]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89BCF2E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 89BCF2E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89BCF2E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89BCF2E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89BCF2E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 89BCF2E0
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat 92D4BD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61
Disk \Device\Harddisk0\DR0 MBRoot/Sinowal@MBR code has been found <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by Leigh A at 15:40:11 on 2011-10-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.783 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SonyCyberShot\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SonyCyberShot\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PMBVolumeWatcher] c:\program files\sonycybershot\pmb\PMBVolumeWatcher.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\leigha~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Free YouTube Download - c:\documents and settings\leigh a\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\leigh a\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B13FD910-8DA2-4343-998C-B4A2C10DEB4C} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{B13FD910-8DA2-4343-998C-B4A2C10DEB4C} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\leigh a\application data\mozilla\firefox\profiles\g6sxsbck.default\
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\leigh a\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\leigh a\application data\mozilla\firefox\profiles\g6sxsbck.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-17 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-14 532224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2010-5-16 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2010-5-16 49152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-11 366152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sonycybershot\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-11 22216]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2010-5-16 246936]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
.
=============== Created Last 30 ================
.
2011-10-13 17:53:11 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-13 16:45:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-10 01:49:59 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2011-10-10 01:49:59 505816 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2011-10-10 01:49:59 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-10-10 01:49:59 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-10-10 01:49:58 1015256 ----a-w- c:\program files\mozilla firefox\js3250.dll
2011-09-29 17:12:33 -------- d-----w- c:\documents and settings\leigh a\application data\AVG2012
2011-09-29 17:11:06 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
.
==================== Find3M ====================
.
2011-10-13 16:54:48 26112 ----a-w- c:\windows\system32\userinit.exe
2011-10-06 16:27:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 19:25:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160815AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89BCF4C0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x89bd68a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x89bd6730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DF5AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000065[0x89E4DF18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DD4940]
\Driver\atapi[0x89D01F10] -> IRP_MJ_CREATE -> 0x89BCF4C0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89BCF2E0
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:40:47.34 ===============


DDS attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/9/2009 11:25:54 PM
System Uptime: 10/20/2011 2:29:56 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 101.719 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP683: 7/18/2011 11:02:40 PM - System Checkpoint
RP684: 7/20/2011 11:46:52 AM - System Checkpoint
RP685: 7/21/2011 6:15:27 PM - System Checkpoint
RP686: 7/27/2011 12:25:57 PM - System Checkpoint
RP687: 7/28/2011 6:18:29 PM - System Checkpoint
RP688: 7/29/2011 9:28:11 PM - System Checkpoint
RP689: 8/1/2011 12:26:51 PM - System Checkpoint
RP690: 8/2/2011 7:22:51 PM - System Checkpoint
RP691: 8/4/2011 10:31:44 AM - System Checkpoint
RP692: 8/5/2011 3:14:48 PM - System Checkpoint
RP693: 8/6/2011 4:03:19 PM - System Checkpoint
RP694: 8/7/2011 4:23:44 PM - System Checkpoint
RP695: 8/11/2011 10:56:26 AM - System Checkpoint
RP696: 8/12/2011 12:31:19 PM - System Checkpoint
RP697: 8/15/2011 7:49:19 PM - System Checkpoint
RP698: 8/16/2011 11:55:36 PM - System Checkpoint
RP699: 8/18/2011 11:57:37 AM - System Checkpoint
RP700: 8/19/2011 5:04:56 PM - System Checkpoint
RP701: 8/24/2011 2:03:40 AM - System Checkpoint
RP702: 8/25/2011 1:05:48 PM - System Checkpoint
RP703: 8/26/2011 3:59:04 PM - System Checkpoint
RP704: 8/29/2011 10:03:18 PM - System Checkpoint
RP705: 8/30/2011 10:15:53 PM - System Checkpoint
RP706: 9/1/2011 7:47:52 PM - System Checkpoint
RP707: 9/2/2011 10:39:59 PM - System Checkpoint
RP708: 9/4/2011 11:51:50 AM - System Checkpoint
RP709: 9/5/2011 5:26:12 PM - System Checkpoint
RP710: 9/6/2011 11:44:36 PM - System Checkpoint
RP711: 9/8/2011 6:35:22 PM - System Checkpoint
RP712: 9/10/2011 12:17:33 AM - System Checkpoint
RP713: 9/11/2011 3:55:23 PM - System Checkpoint
RP714: 9/13/2011 12:21:23 AM - System Checkpoint
RP715: 9/15/2011 11:11:24 AM - System Checkpoint
RP716: 9/16/2011 3:30:47 PM - System Checkpoint
RP717: 9/17/2011 12:36:15 AM - Installed Ad-Aware
RP718: 9/17/2011 12:37:21 AM - Installed Ad-Aware
RP719: 9/18/2011 11:46:41 AM - System Checkpoint
RP720: 9/19/2011 7:24:37 PM - System Checkpoint
RP721: 9/21/2011 11:54:47 AM - System Checkpoint
RP722: 9/22/2011 4:42:28 PM - System Checkpoint
RP723: 9/23/2011 6:53:53 PM - System Checkpoint
RP724: 9/24/2011 8:42:14 PM - System Checkpoint
RP725: 9/26/2011 12:11:02 AM - System Checkpoint
RP726: 9/29/2011 12:08:27 PM - System Checkpoint
RP727: 9/29/2011 1:09:50 PM - Installed AVG 2012
RP728: 9/29/2011 1:10:06 PM - Removed AVG 2011
RP729: 9/29/2011 1:10:32 PM - Installed AVG 2012
RP730: 9/30/2011 4:03:19 PM - System Checkpoint
RP731: 10/1/2011 5:16:49 PM - System Checkpoint
RP732: 10/6/2011 1:04:00 PM - System Checkpoint
RP733: 10/7/2011 3:39:03 PM - System Checkpoint
RP734: 10/9/2011 5:17:21 PM - System Checkpoint
RP735: 10/12/2011 12:12:19 AM - System Checkpoint
RP736: 10/14/2011 4:18:50 PM - System Checkpoint
RP737: 10/16/2011 5:25:49 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.4.6
AI RoboForm (All Users)
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
AVG 2012
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Bonjour
BufferChm
C5200
C5200_Help
CamStudio
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Copy
CustomerResearchQFolder
Debut Video Capture Software
Definition update for Microsoft Office 2010 (KB982726)
Dell Resource CD
Destination Component
DeviceDiscovery
Directory Submitter 1.0.29
DocProc
eSupportQFolder
Facebook Plug-In
Fax
focus booster
Free Studio version 5.0.2
FruityLoops v3.56 Full
GoodSync
GoToMeeting 4.5.0.457
GPBaseService
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 7
jZip
K-Lite Codec Pack 5.0.5 (Full)
Linksys Updater
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OCR Software by I.R.I.S. 10.0
Octoshape add-in for Adobe Flash Player
oDesk Team
OpenOffice.org 3.0
PanoStandAlone
PMB
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Scan
Scan to PDF
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skype Toolbars
Skype™ 4.2
SolutionCenter
Sony Sound Forge 7.0
Status
SupportSoft Assisted Service
Time Stamp
Toggl Desktop 2.5.0.0
Toolbox
TraxTime
TrayApp
Uninstall 1.0.0.1
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC 9.0 Runtime
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VNC Enterprise Edition E4.4.2
WebFldrs XP
WebReg
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
10/19/2011 6:13:45 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0994DA22 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
10/13/2011 2:35:56 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
10/13/2011 12:40:56 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
.
==== End Of File ===========================

2
Contributors
3
Replies
6
Views
6 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

============

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Thank you so much! When I tried to download combofix, AVG identified it as a threat. What should I do?


Here is TDSS:

17:01:33.0906 5036 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
17:01:34.0359 5036 ============================================================
17:01:34.0359 5036 Current date / time: 2011/10/20 17:01:34.0359
17:01:34.0359 5036 SystemInfo:
17:01:34.0359 5036
17:01:34.0359 5036 OS Version: 5.1.2600 ServicePack: 3.0
17:01:34.0359 5036 Product type: Workstation
17:01:34.0359 5036 ComputerName: DESKTOP
17:01:34.0359 5036 UserName: Leigh A
17:01:34.0359 5036 Windows directory: C:\WINDOWS
17:01:34.0359 5036 System windows directory: C:\WINDOWS
17:01:34.0359 5036 Processor architecture: Intel x86
17:01:34.0359 5036 Number of processors: 2
17:01:34.0359 5036 Page size: 0x1000
17:01:34.0359 5036 Boot type: Normal boot
17:01:34.0359 5036 ============================================================
17:01:35.0328 5036 Initialize success
17:01:57.0750 2172 ============================================================
17:01:57.0750 2172 Scan started
17:01:57.0750 2172 Mode: Manual;
17:01:57.0750 2172 ============================================================
17:01:58.0937 2172 Abiosdsk - ok
17:01:58.0968 2172 abp480n5 - ok
17:01:59.0031 2172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:01:59.0046 2172 ACPI - ok
17:01:59.0093 2172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:01:59.0171 2172 ACPIEC - ok
17:01:59.0203 2172 adpu160m - ok
17:01:59.0312 2172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:01:59.0312 2172 aec - ok
17:01:59.0375 2172 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
17:01:59.0375 2172 AFD - ok
17:01:59.0390 2172 AFGMp50 - ok
17:01:59.0437 2172 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
17:01:59.0437 2172 AFGSp50 - ok
17:01:59.0484 2172 Aha154x - ok
17:01:59.0500 2172 aic78u2 - ok
17:01:59.0515 2172 aic78xx - ok
17:01:59.0546 2172 AliIde - ok
17:01:59.0546 2172 amsint - ok
17:01:59.0578 2172 asc - ok
17:01:59.0578 2172 asc3350p - ok
17:01:59.0625 2172 asc3550 - ok
17:01:59.0687 2172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:01:59.0703 2172 AsyncMac - ok
17:01:59.0718 2172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:01:59.0718 2172 atapi - ok
17:01:59.0718 2172 Atdisk - ok
17:01:59.0765 2172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:59.0765 2172 Atmarpc - ok
17:01:59.0796 2172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:59.0796 2172 audstub - ok
17:01:59.0843 2172 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
17:01:59.0859 2172 AVGIDSDriver - ok
17:01:59.0937 2172 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
17:01:59.0953 2172 AVGIDSEH - ok
17:01:59.0984 2172 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
17:01:59.0984 2172 AVGIDSFilter - ok
17:02:00.0000 2172 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
17:02:00.0000 2172 AVGIDSShim - ok
17:02:00.0031 2172 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:02:00.0031 2172 Avgldx86 - ok
17:02:00.0046 2172 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:02:00.0046 2172 Avgmfx86 - ok
17:02:00.0109 2172 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:02:00.0125 2172 Avgrkx86 - ok
17:02:00.0171 2172 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:02:00.0171 2172 Avgtdix - ok
17:02:00.0218 2172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:02:00.0218 2172 Beep - ok
17:02:00.0281 2172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:02:00.0328 2172 cbidf2k - ok
17:02:00.0406 2172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:02:00.0406 2172 CCDECODE - ok
17:02:00.0421 2172 cd20xrnt - ok
17:02:00.0468 2172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:02:00.0515 2172 Cdaudio - ok
17:02:00.0578 2172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:02:00.0578 2172 Cdfs - ok
17:02:00.0625 2172 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:02:00.0625 2172 Cdrom - ok
17:02:00.0671 2172 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
17:02:00.0671 2172 cercsr6 - ok
17:02:00.0671 2172 Changer - ok
17:02:00.0703 2172 CmdIde - ok
17:02:00.0750 2172 Cpqarray - ok
17:02:00.0765 2172 dac2w2k - ok
17:02:00.0781 2172 dac960nt - ok
17:02:00.0796 2172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:02:00.0796 2172 Disk - ok
17:02:00.0843 2172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:02:00.0906 2172 dmboot - ok
17:02:00.0937 2172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:02:00.0937 2172 dmio - ok
17:02:01.0000 2172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:02:01.0000 2172 dmload - ok
17:02:01.0046 2172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:02:01.0046 2172 DMusic - ok
17:02:01.0078 2172 dpti2o - ok
17:02:01.0093 2172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:02:01.0093 2172 drmkaud - ok
17:02:01.0140 2172 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:02:01.0140 2172 e1express - ok
17:02:01.0187 2172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:02:01.0187 2172 Fastfat - ok
17:02:01.0218 2172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:02:01.0218 2172 Fdc - ok
17:02:01.0250 2172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:02:01.0250 2172 Fips - ok
17:02:01.0265 2172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:02:01.0312 2172 Flpydisk - ok
17:02:01.0343 2172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:02:01.0343 2172 FltMgr - ok
17:02:01.0375 2172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:02:01.0375 2172 Fs_Rec - ok
17:02:01.0437 2172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:02:01.0437 2172 Ftdisk - ok
17:02:01.0515 2172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:02:01.0546 2172 GEARAspiWDM - ok
17:02:01.0593 2172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:02:01.0593 2172 Gpc - ok
17:02:01.0640 2172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:02:01.0640 2172 HDAudBus - ok
17:02:01.0687 2172 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:02:01.0687 2172 hidusb - ok
17:02:01.0718 2172 hpn - ok
17:02:01.0828 2172 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:02:01.0843 2172 HPZid412 - ok
17:02:01.0890 2172 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:02:01.0890 2172 HPZipr12 - ok
17:02:01.0921 2172 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:02:01.0921 2172 HPZius12 - ok
17:02:01.0984 2172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:02:02.0015 2172 HTTP - ok
17:02:02.0062 2172 i2omgmt - ok
17:02:02.0062 2172 i2omp - ok
17:02:02.0093 2172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
17:02:02.0156 2172 i8042prt - ok
17:02:02.0390 2172 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:02:02.0546 2172 ialm - ok
17:02:02.0656 2172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:02:02.0656 2172 Imapi - ok
17:02:02.0687 2172 ini910u - ok
17:02:02.0921 2172 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:02:03.0078 2172 IntcAzAudAddService - ok
17:02:03.0109 2172 IntelIde - ok
17:02:03.0171 2172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:02:03.0171 2172 intelppm - ok
17:02:03.0234 2172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:02:03.0234 2172 Ip6Fw - ok
17:02:03.0312 2172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:02:03.0328 2172 IpFilterDriver - ok
17:02:03.0343 2172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:02:03.0343 2172 IpInIp - ok
17:02:03.0390 2172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:02:03.0390 2172 IpNat - ok
17:02:03.0421 2172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:02:03.0421 2172 IPSec - ok
17:02:03.0421 2172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:02:03.0437 2172 IRENUM - ok
17:02:03.0468 2172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:02:03.0468 2172 isapnp - ok
17:02:03.0484 2172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:02:03.0484 2172 Kbdclass - ok
17:02:03.0500 2172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:02:03.0500 2172 kbdhid - ok
17:02:03.0515 2172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:02:03.0531 2172 kmixer - ok
17:02:03.0593 2172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:02:03.0593 2172 KSecDD - ok
17:02:03.0734 2172 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
17:02:03.0734 2172 Lavasoft Kernexplorer - ok
17:02:03.0796 2172 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:02:03.0796 2172 Lbd - ok
17:02:03.0828 2172 lbrtfdc - ok
17:02:03.0906 2172 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
17:02:03.0906 2172 MBAMProtector - ok
17:02:03.0968 2172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:02:03.0968 2172 mnmdd - ok
17:02:04.0046 2172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:02:04.0093 2172 Modem - ok
17:02:04.0140 2172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:02:04.0140 2172 Mouclass - ok
17:02:04.0171 2172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:02:04.0171 2172 mouhid - ok
17:02:04.0203 2172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:02:04.0203 2172 MountMgr - ok
17:02:04.0218 2172 mraid35x - ok
17:02:04.0234 2172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:02:04.0234 2172 MRxDAV - ok
17:02:04.0359 2172 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:02:04.0375 2172 MRxSmb - ok
17:02:04.0421 2172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:02:04.0421 2172 Msfs - ok
17:02:04.0468 2172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:02:04.0468 2172 MSKSSRV - ok
17:02:04.0500 2172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:02:04.0500 2172 MSPCLOCK - ok
17:02:04.0562 2172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:02:04.0562 2172 MSPQM - ok
17:02:04.0640 2172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:02:04.0640 2172 mssmbios - ok
17:02:04.0703 2172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:02:04.0703 2172 MSTEE - ok
17:02:04.0750 2172 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:02:04.0765 2172 Mup - ok
17:02:04.0828 2172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:02:04.0828 2172 NABTSFEC - ok
17:02:04.0875 2172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:02:04.0875 2172 NDIS - ok
17:02:04.0906 2172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:02:04.0906 2172 NdisIP - ok
17:02:04.0968 2172 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:02:04.0968 2172 NdisTapi - ok
17:02:05.0031 2172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:02:05.0031 2172 Ndisuio - ok
17:02:05.0156 2172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:02:05.0171 2172 NdisWan - ok
17:02:05.0218 2172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:02:05.0234 2172 NDProxy - ok
17:02:05.0296 2172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:02:05.0296 2172 NetBIOS - ok
17:02:05.0328 2172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:02:05.0328 2172 NetBT - ok
17:02:05.0343 2172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:02:05.0343 2172 Npfs - ok
17:02:05.0390 2172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:02:05.0406 2172 Ntfs - ok
17:02:05.0421 2172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:02:05.0421 2172 Null - ok
17:02:05.0437 2172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:02:05.0437 2172 NwlnkFlt - ok
17:02:05.0453 2172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:02:05.0453 2172 NwlnkFwd - ok
17:02:05.0468 2172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:02:05.0531 2172 Parport - ok
17:02:05.0671 2172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:02:05.0671 2172 PartMgr - ok
17:02:05.0718 2172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:02:05.0750 2172 ParVdm - ok
17:02:05.0828 2172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:02:05.0828 2172 PCI - ok
17:02:05.0859 2172 PCIDump - ok
17:02:05.0953 2172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:02:05.0968 2172 PCIIde - ok
17:02:06.0015 2172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:02:06.0031 2172 Pcmcia - ok
17:02:06.0078 2172 PDCOMP - ok
17:02:06.0109 2172 PDFRAME - ok
17:02:06.0140 2172 PDRELI - ok
17:02:06.0171 2172 PDRFRAME - ok
17:02:06.0203 2172 perc2 - ok
17:02:06.0234 2172 perc2hib - ok
17:02:06.0359 2172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:02:06.0359 2172 PptpMiniport - ok
17:02:06.0390 2172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:02:06.0390 2172 PSched - ok
17:02:06.0531 2172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:02:06.0531 2172 Ptilink - ok
17:02:06.0562 2172 ql1080 - ok
17:02:06.0656 2172 Ql10wnt - ok
17:02:06.0687 2172 ql12160 - ok
17:02:06.0718 2172 ql1240 - ok
17:02:06.0750 2172 ql1280 - ok
17:02:06.0796 2172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:02:06.0796 2172 RasAcd - ok
17:02:06.0828 2172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:02:06.0828 2172 Rasl2tp - ok
17:02:06.0859 2172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:02:06.0859 2172 RasPppoe - ok
17:02:06.0875 2172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:02:06.0875 2172 Raspti - ok
17:02:06.0921 2172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:02:06.0937 2172 Rdbss - ok
17:02:06.0953 2172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:02:06.0953 2172 RDPCDD - ok
17:02:06.0984 2172 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:02:07.0031 2172 RDPWD - ok
17:02:07.0125 2172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:02:07.0125 2172 redbook - ok
17:02:07.0218 2172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:02:07.0218 2172 Secdrv - ok
17:02:07.0265 2172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:02:07.0296 2172 Serial - ok
17:02:07.0343 2172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:02:07.0406 2172 Sfloppy - ok
17:02:07.0421 2172 Simbad - ok
17:02:07.0468 2172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:02:07.0468 2172 SLIP - ok
17:02:07.0484 2172 Sparrow - ok
17:02:07.0531 2172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:02:07.0531 2172 splitter - ok
17:02:07.0546 2172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:02:07.0546 2172 sr - ok
17:02:07.0593 2172 srescan - ok
17:02:07.0625 2172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:02:07.0656 2172 Srv - ok
17:02:07.0687 2172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:02:07.0687 2172 streamip - ok
17:02:07.0718 2172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:02:07.0718 2172 swenum - ok
17:02:07.0734 2172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:02:07.0734 2172 swmidi - ok
17:02:07.0796 2172 sxuptp (c8a43978dadcf12b7e40a0577227dfbc) C:\WINDOWS\system32\DRIVERS\sxuptp.sys
17:02:07.0796 2172 sxuptp - ok
17:02:07.0796 2172 symc810 - ok
17:02:07.0812 2172 symc8xx - ok
17:02:07.0828 2172 sym_hi - ok
17:02:07.0828 2172 sym_u3 - ok
17:02:07.0921 2172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:02:07.0937 2172 sysaudio - ok
17:02:08.0015 2172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:02:08.0015 2172 Tcpip - ok
17:02:08.0062 2172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:02:08.0109 2172 TDPIPE - ok
17:02:08.0156 2172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:02:08.0171 2172 TDTCP - ok
17:02:08.0218 2172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:02:08.0218 2172 TermDD - ok
17:02:08.0265 2172 TosIde - ok
17:02:08.0328 2172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:02:08.0359 2172 Udfs - ok
17:02:08.0406 2172 ultra - ok
17:02:08.0515 2172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:02:08.0515 2172 Update - ok
17:02:08.0640 2172 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:02:08.0640 2172 usbaudio - ok
17:02:08.0671 2172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:02:08.0671 2172 usbccgp - ok
17:02:08.0703 2172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:02:08.0703 2172 usbehci - ok
17:02:08.0718 2172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:02:08.0718 2172 usbhub - ok
17:02:08.0750 2172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:02:08.0750 2172 usbprint - ok
17:02:08.0781 2172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:02:08.0781 2172 usbscan - ok
17:02:08.0828 2172 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:02:08.0828 2172 usbstor - ok
17:02:08.0843 2172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:02:08.0843 2172 usbuhci - ok
17:02:08.0875 2172 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:02:08.0890 2172 usbvideo - ok
17:02:08.0921 2172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:02:08.0921 2172 VgaSave - ok
17:02:08.0921 2172 ViaIde - ok
17:02:08.0968 2172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:02:08.0968 2172 VolSnap - ok
17:02:09.0031 2172 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
17:02:09.0093 2172 vsdatant - ok
17:02:09.0109 2172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:02:09.0109 2172 Wanarp - ok
17:02:09.0125 2172 WDICA - ok
17:02:09.0156 2172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:02:09.0156 2172 wdmaud - ok
17:02:09.0203 2172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:02:09.0218 2172 WSTCODEC - ok
17:02:09.0234 2172 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
17:02:09.0234 2172 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
17:02:09.0234 2172 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
17:02:09.0250 2172 Boot (0x1200) (fd2a17c66fee52acb440e72162d8c3b9) \Device\Harddisk0\DR0\Partition0
17:02:09.0250 2172 \Device\Harddisk0\DR0\Partition0 - ok
17:02:09.0250 2172 ============================================================
17:02:09.0250 2172 Scan finished
17:02:09.0250 2172 ============================================================
17:02:09.0265 5620 Detected object count: 1
17:02:09.0265 5620 Actual detected object count: 1
17:02:33.0937 5620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
17:02:33.0937 5620 \Device\Harddisk0\DR0 - ok
17:02:33.0937 5620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
17:02:43.0375 3056 Deinitialize success

---------------------------------------------------------------

0

Looks like TDSSkiller has found the rootkit. Reboot and see if you still have the problem.
If you do, try downloading combofix again and ignore AVG. If we have to run combofix you will likely have to uninstall AVG as it does not play nice with it.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.