0

I am currently having a very similar problem. I followed the directions in the sticky. Here are my log files from GMER and DDS I will follow up with Malwarebytes log when it finishes.

My connection to my network has been acting up since this started as well it wont acquire a network address.

-------------------------------

GMER ONE


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-22 19:36:18
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e WDC_WD2000JS-22MHB0 rev.02.01C03
Running: gmer rook kit scanner.exe; Driver: E:\DOCUME~1\Nathan\LOCALS~1\Temp\kxriyaow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

-----------------------------

GMER TWO


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-22 21:11:59
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e WDC_WD2000JS-22MHB0 rev.02.01C03
Running: gmer rook kit scanner.exe; Driver: E:\DOCUME~1\Nathan\LOCALS~1\Temp\kxriyaow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) AFFCC000-AFFE5000 (102400 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:700] AFECEDF5
Thread System [4:3000] ADF511F0
Thread System [4:3064] ADF511F0
---- Processes - GMER 1.0.15 ----

Library E:\WINDOWS\system32\avgrsstx.dll (*** hidden *** ) @ E:\WINDOWS\system32\winlogon.exe [812] 0x6C1B0000
Library E:\Program (*** hidden *** ) @ E:\WINDOWS\Explorer.EXE [2236] 0x6C330000

---- Files - GMER 1.0.15 ----

File E:\WINDOWS\$NtUninstallKB59985$\1506587549 0 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\@ 2048 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\bckfg.tmp 840 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\cfg.ini 191 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\Desktop.ini 4608 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\kwrd.dll 223744 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\L 0 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\L\jrsepaim 216400 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\lsflt7.ver 5175 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U 0 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\00000001.@ 2048 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\00000002.@ 224768 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\00000004.@ 1024 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\80000000.@ 1024 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\80000004.@ 12800 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\80000032.@ 97792 bytes
File E:\WINDOWS\$NtUninstallKB59985$\2289860673 0 bytes

---- EOF - GMER 1.0.15 ----


--------------------------------

Attach from from DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/5/2011 12:28:38 PM
System Uptime: 11/22/2011 6:04:59 PM (3 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-890FXA-UD5
Processor: AMD Phenom(tm) II X6 1055T Processor | Socket M2 | 2812/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 89.565 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 695.137 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&247158A&0&0038
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe GBE Family Controller #2
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&247158A&0&0038
Service: RTLE8023xp
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_00000000&REV_42\3&61AAA01&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_00000000&REV_42\3&61AAA01&0&A0
Service:
.
==== System Restore Points ===================
.
RP178: 8/24/2011 9:31:05 AM - System Checkpoint
RP179: 8/25/2011 10:16:11 AM - System Checkpoint
RP180: 8/26/2011 10:46:52 AM - System Checkpoint
RP181: 8/26/2011 6:00:25 PM - Installed Compatibility Pack for the 2007 Office system
RP182: 8/28/2011 12:02:57 PM - System Checkpoint
RP183: 8/29/2011 3:56:29 PM - Installed Age of Empires III
RP184: 8/29/2011 4:12:15 PM - Installed Age of Empires III - The WarChiefs
RP185: 8/29/2011 4:17:21 PM - Installed Age of Empires III - The Asian Dynasties
RP186: 8/30/2011 4:39:03 PM - System Checkpoint
RP187: 8/31/2011 4:46:25 PM - System Checkpoint
RP188: 9/2/2011 6:31:39 AM - System Checkpoint
RP189: 9/3/2011 10:19:40 AM - System Checkpoint
RP190: 9/4/2011 11:05:41 AM - System Checkpoint
RP191: 9/6/2011 4:23:50 AM - System Checkpoint
RP192: 9/7/2011 7:00:27 AM - System Checkpoint
RP193: 9/8/2011 5:51:35 PM - System Checkpoint
RP194: 9/10/2011 6:47:56 AM - System Checkpoint
RP195: 9/11/2011 5:14:00 PM - System Checkpoint
RP196: 9/13/2011 9:00:05 AM - Avg Update
RP197: 9/13/2011 9:01:00 AM - Avg Update
RP198: 9/15/2011 6:41:04 AM - System Checkpoint
RP199: 9/17/2011 8:46:30 AM - System Checkpoint
RP200: 9/19/2011 3:32:32 AM - System Checkpoint
RP201: 9/20/2011 4:58:01 AM - System Checkpoint
RP202: 9/21/2011 7:38:53 AM - System Checkpoint
RP203: 9/22/2011 9:14:31 AM - System Checkpoint
RP204: 9/23/2011 4:23:47 PM - System Checkpoint
RP205: 9/23/2011 4:33:52 PM - Installed DirectX
RP206: 9/23/2011 4:35:45 PM - Installed Windows XP KB938759.
RP207: 9/23/2011 6:26:21 PM - Installed DirectX
RP208: 9/23/2011 6:35:00 PM - Installed Windows KB954550-v5.
RP209: 9/23/2011 6:35:05 PM - Printer Driver Microsoft XPS Document Writer Installed
RP210: 9/24/2011 6:52:26 PM - System Checkpoint
RP211: 9/25/2011 1:46:32 AM - Printer Driver Microsoft XPS Document Writer Installed
RP212: 9/26/2011 4:43:37 AM - System Checkpoint
RP213: 9/27/2011 7:14:52 AM - System Checkpoint
RP214: 9/28/2011 8:36:12 AM - System Checkpoint
RP215: 9/29/2011 8:55:07 AM - System Checkpoint
RP216: 9/30/2011 9:07:30 AM - System Checkpoint
RP217: 10/2/2011 8:53:10 AM - System Checkpoint
RP218: 10/3/2011 2:11:28 PM - System Checkpoint
RP219: 10/5/2011 3:37:55 AM - System Checkpoint
RP220: 10/6/2011 3:49:39 AM - System Checkpoint
RP221: 10/7/2011 7:47:11 AM - System Checkpoint
RP222: 10/8/2011 8:56:10 AM - System Checkpoint
RP223: 10/9/2011 9:37:39 AM - System Checkpoint
RP224: 10/10/2011 5:47:21 PM - System Checkpoint
RP225: 10/11/2011 7:06:32 PM - Avg Update
RP226: 10/13/2011 1:09:37 AM - System Checkpoint
RP227: 10/14/2011 1:38:58 AM - System Checkpoint
RP228: 10/15/2011 4:33:47 AM - System Checkpoint
RP229: 10/16/2011 5:31:11 AM - System Checkpoint
RP230: 10/17/2011 2:40:15 PM - System Checkpoint
RP231: 10/19/2011 5:27:57 AM - System Checkpoint
RP232: 10/20/2011 7:02:57 PM - System Checkpoint
RP233: 10/22/2011 2:11:40 AM - System Checkpoint
RP234: 10/23/2011 2:36:38 AM - System Checkpoint
RP235: 10/24/2011 9:47:37 AM - Avg Update
RP236: 10/25/2011 2:34:28 PM - System Checkpoint
RP237: 10/26/2011 5:50:13 PM - System Checkpoint
RP238: 10/28/2011 3:40:27 PM - System Checkpoint
RP239: 10/30/2011 3:05:40 AM - System Checkpoint
RP240: 10/31/2011 3:46:59 AM - System Checkpoint
RP241: 11/1/2011 6:48:00 PM - System Checkpoint
RP242: 11/3/2011 6:49:41 AM - System Checkpoint
RP243: 11/4/2011 4:34:23 PM - System Checkpoint
RP244: 11/6/2011 4:57:48 AM - System Checkpoint
RP245: 11/7/2011 6:21:45 AM - System Checkpoint
RP246: 11/8/2011 5:55:53 PM - System Checkpoint
RP247: 11/9/2011 6:07:58 PM - System Checkpoint
RP248: 11/11/2011 3:36:11 AM - System Checkpoint
RP249: 11/12/2011 5:35:07 AM - System Checkpoint
RP250: 11/13/2011 11:19:51 AM - System Checkpoint
RP251: 11/14/2011 9:02:33 AM - Avg Update
RP252: 11/15/2011 1:34:02 PM - System Checkpoint
RP253: 11/16/2011 7:27:25 PM - System Checkpoint
RP254: 11/17/2011 11:51:40 PM - System Checkpoint
RP255: 11/19/2011 12:40:03 AM - System Checkpoint
RP256: 11/20/2011 1:40:02 AM - System Checkpoint
RP257: 11/21/2011 7:19:36 AM - System Checkpoint
RP258: 11/22/2011 6:00:04 PM - Restore Operation
RP259: 11/22/2011 7:39:27 PM - Removed AVG Free 9.0
RP260: 11/22/2011 7:40:30 PM - Installed AVG Free 9.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0.1
Adobe Reader 7.0
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Age of Empires Online
AMD Processor Driver
America's Army 3
Browser Configuration Utility
CodeZulu Bind Maker
Compatibility Pack for the 2007 Office system
Counter-Strike
DivX Codec
DivX Player
Easy Tune 6 B10.0516.1
EasySaver B9.1214.1
Enable S3 for USB Device
Fraps (remove only)
Full Tilt Poker
Gigabyte Raid Configurer
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB954550-v5)
Java Auto Updater
Java(TM) 6 Update 24
Logitech GamePanel Software 3.03.133
Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.24)
MSXML 6.0 Parser (KB933579)
NEC Electronics USB 3.0 Host Controller Driver
Nero 7 Essentials
Notepad++
NVIDIA Control Panel 280.26
NVIDIA Graphics Driver 280.26
NVIDIA Install Application
NVIDIA nView 135.94
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
ON_OFF Charge B10.0427.1
R.U.S.E. Demo
Razer Habu Config
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RIFT
Rift Digital Collector's Edition CODE (remove only)
SimCity 4
Smart Dual Lan
SpeedFan (remove only)
Star Trek Online
Star Wars: The Old Republic
StarCraft II
Steam(TM)
TeamSpeak 3 Client
TeamViewer 5
Ventrilo Client
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
Windows Driver Package - Razer (HidUsb) HIDClass (01/10/2007 1.00)
Windows Imaging Component
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
WinZip
World of Tanks v.0.6.6
World of Warcraft
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/22/2011 5:44:25 PM, error: Service Control Manager [7016] - The SDLService service has reported an invalid current state 0.
11/22/2011 5:34:18 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
11/22/2011 5:30:25 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
11/22/2011 5:28:28 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/18/2011 2:36:33 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 2:36:31 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 2:36:07 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 2:36:03 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 2:35:58 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 2:35:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
11/18/2011 2:35:27 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2011 1:55:15 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000047, parameter2 804fcf34, parameter3 b84db78c, parameter4 00000000.
11/18/2011 1:53:27 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2011 1:50:26 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/16/2011 7:33:58 AM, error: Dhcp [1002] - The IP address lease 10.0.0.11 for the Network Card with network address 1C6F659F642B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


-------------------------------------

DDS file
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Run by Nathan at 21:19:53 on 2011-11-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2482 [GMT -5:00]
.
.
============== Running Processes ===============
.
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Realtek\Smart Dual Lan\SDLService.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Razer\Habu\razerhid.exe
E:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Razer\Habu\razertra.exe
E:\Program Files\Razer\Habu\razerofa.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\SpeedFan\speedfan.exe
E:\Documents and Settings\Nathan\Desktop\gmer rook kit scanner.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - e:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - e:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - e:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [BCU] "e:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [JMB36X IDE Setup] e:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] e:\windows\system32\xRaidSetup.exe boot
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [Habu] e:\program files\razer\habu\razerhid.exe
mRun: [Launch LgDeviceAgent] "e:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LGDCore] "e:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [SunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] e:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANQA0ADIAMwAyADcANQA0ADgALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsANQAyADEAOQAzAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEQARAA5ADAARgArADEALQBGADkAMABNADEAMgBBAFQAKwAzAC0ARgA5ADAATQAxADIAQQArADEALQBGADkAMABNADEAMgBBAEIAKwAxAC0AVQA5ADUAKwAxAC0ARgA5ADAATQAxADIAQQBUAEIATgArADEALQBGAFUASQArADIA"&"prod=90"&"ver=9.0.894
mRunOnce: [Malwarebytes' Anti-Malware] e:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - e:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - e:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office\OSA9.EXE
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - e:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - e:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{427540AD-4FD2-416F-B8DF-D986ECDB5B6B} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\nathan\application data\mozilla\firefox\profiles\r8wtvski.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: e:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;e:\windows\system32\drivers\AppleCharger.sys [2011-2-5 19496]
R2 ES lite Service;ES lite Service for program management.;e:\program files\gigabyte\easysaver\essvr.exe [2011-2-5 68136]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;e:\windows\system32\drivers\RtNdPt5x.sys [2011-2-5 22016]
R2 SDLService;SDLService;e:\program files\realtek\smart dual lan\SDLService.exe [2011-2-5 77824]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;e:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]
R3 rtkio;rtkio;e:\program files\realtek\smart dual lan\rtkio.sys [2011-2-5 5760]
R4 AvgTdiX;AVG Free Network Redirector;e:\windows\system32\drivers\avgtdix.sys --> e:\windows\system32\drivers\avgtdix.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2011-6-11 136176]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2011-2-5 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BCUService;Browser Configuration Utility Service;e:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-15 223464]
S3 etdrv;etdrv;e:\windows\etdrv.sys [2011-2-5 17488]
S3 GPU-Z;GPU-Z;\??\e:\docume~1\nathan\locals~1\temp\gpu-z.sys --> e:\docume~1\nathan\locals~1\temp\GPU-Z.sys [?]
S3 gupdatem;Google Update Service (gupdatem);e:\program files\google\update\GoogleUpdate.exe [2011-6-11 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-23 02:17:13 41272 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-11-23 02:15:27 22216 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-11-22 23:04:14 -------- d-----w- e:\windows\system32\wbem\repository\FS
2011-11-22 23:04:14 -------- d-----w- e:\windows\system32\wbem\Repository
2011-11-22 23:02:17 -------- d-----w- e:\program files\World_of_Tanks_PTR
2011-11-22 22:44:24 -------- d-----w- e:\documents and settings\nathan\application data\DriverCure
2011-11-22 22:44:23 -------- d-----w- e:\documents and settings\nathan\application data\ParetoLogic
2011-11-22 22:44:12 -------- d-----w- e:\program files\common files\ParetoLogic
2011-11-22 22:44:11 -------- d-----w- e:\program files\ParetoLogic
2011-11-22 22:44:11 -------- d-----w- e:\documents and settings\all users\application data\ParetoLogic
2011-11-22 22:33:14 -------- d-----w- e:\documents and settings\nathan\application data\8475F(2)
2011-11-22 22:14:27 -------- d-----w- e:\program files\LP
2011-11-18 19:29:21 -------- d-----w- e:\documents and settings\nathan\application data\Malwarebytes
2011-11-18 19:28:56 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2011-11-18 19:28:53 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-11-13 01:49:24 -------- d-----w- e:\documents and settings\nathan\local settings\application data\SWTOR
2011-11-09 21:13:50 -------- d-----w- e:\program files\common files\BioWare
.
==================== Find3M ====================
.
2011-11-22 23:05:33 17488 ----a-w- e:\windows\gdrv.sys
.
============= FINISH: 21:20:01.05 ===============

3
Contributors
5
Replies
6
Views
5 Years
Discussion Span
Last Post by gerbil
0

Follow up post with malwarebytes info. Also after it finished and rebooted it seems to have fixed it ping.exe is not poping up anymore and my network is giving me a address like it should.

If there are any problems with the logs i posted that wasnt removed by malwarebytes. If you can please let me know.

Thanks in advance.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8221

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/22/2011 10:11:11 PM
mbam-log-2011-11-22 (22-11-11).txt

Scan type: Full scan (E:\|)
Objects scanned: 291848
Time elapsed: 29 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\documents and settings\Nathan\local settings\Temp\1B4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
e:\documents and settings\Nathan\local settings\Temp\dwme.exe (Malware.Packer) -> Quarantined and deleted successfully.
e:\documents and settings\Nathan\my documents\Anime\Games\stressrelief.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
e:\documents and settings\Nathan\my documents\Anime\Games\F-117A\ASOUND.LOG (Extension.Mismatch) -> Quarantined and deleted successfully.
e:\documents and settings\Nathan\my documents\Anime\Games\F-117A\ISOUND.LOG (Extension.Mismatch) -> Quarantined and deleted successfully.
e:\documents and settings\Nathan\my documents\Anime\Games\F-117A\RSOUND.LOG (Extension.Mismatch) -> Quarantined and deleted successfully.
e:\program files\LP\42B8\6.tmp (Malware.Packer) -> Quarantined and deleted successfully.
e:\program files\LP\42B8\E62.tmp (Malware.Packer) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP254\A0029056.exe (Trojan.Agent.CoXGen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP257\A0029248.exe (Malware.Packer) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP257\A0029253.exe (Malware.Packer) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP257\A0029266.exe (Malware.Packer) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP258\A0029412.exe (Malware.Packer) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP258\A0029423.exe (Malware.Packer) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP258\A0029434.exe (Malware.Packer) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP258\A0029435.exe (Malware.Packer) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP258\A0029440.exe (Malware.Packer) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP258\A0029530.exe (Trojan.Agent.CoXGen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP258\A0030667.sys (Trojan.Phobiq) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP258\A0030668.sys (Trojan.Agent) -> Quarantined and deleted successfully.
e:\system volume information\_restore{6e1d51a6-a7bb-4b72-8095-96bbc72d1e62}\RP258\A0030690.sys (Trojan.Phobiq) -> Quarantined and deleted successfully.
e:\WINDOWS\Temp\0.8436295203501766.exe (Trojan.Agent) -> Quarantined and deleted successfully.

0

You are not running an anti-virus program or a firewall, these are absolute musts, especially in today's world.
There are excellent Free ones available I would advise you choose one of these and install.
Avira 2012 is the one I use and am quite pleased with it. It is available for download here:
http://download.cnet.com/Avira-Free-Antivirus/3000-2239_4-10322935.html?part=dl-&subj=dl&tag=button
Click the GREEN Download Now Button to get the executable install package, save it wherever you can easily find it, I chose My Desktop.

Before you begin the install CLOSE all unnecessary programs, browsers, email, etc.
To begin, double click the executable file to start installation.
Before installation the installer will scan your system for other security programs installed. Avira Free AntiVirus 2012 may warn you of POSSIBLE incompatible security software on your system like Emsisoft AntiMalware, some 3rd party Firewalls, especially Zone Alarm. It is just a warning of POSSIBLE conflicts and you do not need to uninstall these software programs. Just install Avira Free AV and everything is OK. I was warned about SpyBot and SpywareBlaster, I IGNORED the warning, I still have the programs and they ARE working fine. The warning is of POSSIBLE conflicts, not absolutes. I say again, you DO NOT have to uninstall the programs you may receive a warning about.
You will need to WATCH the full install as ALL of it REQUIRES User interaction. It will not proceed unless you continue to follow it and read the screens and then click the required buttons to go forward.

One of the first screens you will see is Choose Installation Type choose CUSTOM INSTALL then click Next.
The next screens you will see is titled Web Protection with Avira Search Free Tool Bar for your browser.This is NOT required and do not take it. DO NOT put check marks in the boxes there, just click the NEXT button and proceed with the
install.The rest of the screens you see will be pretty self explanatory. Just take the default options and proceed to the end.

You also should at least enable the Windows Firewall also.

You also need to clean out System Restore and reduce the size. To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on. Next move the slider you will see there to no more than 5% which is more than enough space for System Restore.

0

Thanks for the advice jholland1964. However before I ran my scans I uninstalled my anti-virus it was AVG and I dont think it was doing a very good job. After my scans I installed Avast anti-virus.

As for the firewall I run the windows one currently and I have one running on my modem. I am currently looking for a software one as backup if you could recommend one.

An as for the my current system restore points I set it at 8% back when I built this system earlier this year. I have a 1TB HD so 8% might be to much ill adjust it.

0

You made a wise choice Avast, it's very good. You're right, AVG just isn't top of the line.
Your system restore had restore points going back 4 months which is way too long.
System Restore actually operates only on a very few system files and settings. System Restore backs up your registry. System Restore does not backup your data. If you delete or damage a file, System Restore will not recover it. System Restore is meant to restore from very RECENT changes like just day or two, not weeks or months. If you install a new driver for instance and that driver doesn't work correctly then System Restore may be able to restore the computer back to just before the time that driver was installed and revert back to older settings...not weeks back just a short time back. This is why you need to reduce the size.
PC Tools Firewall is a pretty good one. It is free. Just be sure to turn off the Windows Firewall when using it.
http://www.pctools.com/firewall/

I recommend that you also add SpywareBlaster. It truly is a must have tool, also Free. I wouldn't run a computer without it. It prevents the installation of ActiveX-based spyware and other potentially unwanted programs.
also blocks spying / tracking via cookies.Restrict the actions of potentially unwanted or dangerous web sites.Download, install, update and enable all protection and close the program, that's it. It doesn't run in the background. Just manually check for updates every couple weeks and when there is an update just remember to enable all protection.

http://www.majorgeeks.com/SpywareBlaster_d2859.html

You also could add the MVPS host file for additional protection.. All info and instructions can be found here:

http://winhelp2002.mvps.org/hosts2.htm

0

Ummm...
What is all this?:

Library E:\Program (*** hidden *** ) @ E:\WINDOWS\Explorer.EXE [2236] 0x6C330000

---- Files - GMER 1.0.15 ----

File E:\WINDOWS\$NtUninstallKB59985$\1506587549 0 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\@ 2048 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\bckfg.tmp 840 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\cfg.ini 191 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\Desktop.ini 4608 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\kwrd.dll 223744 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\L 0 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\L\jrsepaim 216400 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\lsflt7.ver 5175 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U 0 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\00000001.@ 2048 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\00000002.@ 224768 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\00000004.@ 1024 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\80000000.@ 1024 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\80000004.@ 12800 bytes
File E:\WINDOWS\$NtUninstallKB59985$\1506587549\U\80000032.@ 97792 bytes
File E:\WINDOWS\$NtUninstallKB59985$\2289860673 0 bytes

---- EOF - GMER 1.0.15 ----

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.