Member Avatar for Bizarre

Hello need help and I saw this forum and was hoping someone could. I keep getting reidirected to different websites so I google that and found a thread on this site that helped but I am a novice and don't know exactly how to fix my problem. Another problem I have is sometimes get a window saying Server Busy then there is an option to switch to or retry. when I click switch to the start menu opens then when I close the start menu the server busy message sometimes goes away and sometimes it stays.What gives?

The thread I read someone mention to go to majorgeeks and download Malwarebytes so I did and after scanning this is what I got...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5642

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/30/2011 10:06:18 PM
mbam-log-2011-01-30 (22-06-12).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 260559
Time elapsed: 3 hour(s), 45 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 13
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\wineay32.dll (Trojan.Nebuler) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineay32 (Trojan.Nebuler) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Simple (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
c:\documents and settings\Owner\application data\adssite advanced toolbar (Adware.AdRotator) -> No action taken.
c:\program files\myglobalsearch (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\Settings (Adware.MyWebSearch) -> No action taken.

Files Infected:
c:\WINDOWS\system32\wineay32.dll (Trojan.Nebuler) -> No action taken.
c:\documents and settings\Owner\application data\adssite advanced toolbar\advertbuttons.xml (Adware.AdRotator) -> No action taken.
c:\documents and settings\Owner\application data\adssite advanced toolbar\selected.xml (Adware.AdRotator) -> No action taken.
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\Cache\0036DF0E (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\Cache\006D850C.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\Cache\006D87AC.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\Cache\006D88D5.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\Cache\019BD707 (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\History\search (Adware.MyWebSearch) -> No action taken.
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\1.bin\mywaypluginproxy.class (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\Cache\00036FC2 (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\Cache\000426CE (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\Cache\000A2AE7 (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\History\search (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWebSearch) -> No action taken.

  • 2 Contributors
  • 23 Replies
  • 568 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by Bizarre

Recommended Answers

All 23 Replies

Member Avatar for gerbil

Hi, bizarre, as a first step, if you still have that MBAM scan result page active, ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected. They are all bad entries.
MBAM will pop a fresh log for you. If MBAM has been closed, redo the quick scan and Remove Selected.
Then....
Download gmer.zip from http://www.majorgeeks.com/GMER_d5198.html ...or the exe from http://www.gmer.net/download.php
-dclick on gmer.zip and unzip the file to its own folder or to your desktop.
==Download DDS by sUBs and save it to your Desktop. http://download.bleepingcomputer.com/sUBs/dds.scr
Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

-disconnect from the Internet and close all running programs.
-dclick Gmer.exe to start it; wait for the intial scan to complete [a few seconds]. Press the Copy button, open Notepad and paste into it.
-place checkmarks ONLY at IAT/EAT, Devices, Modules, Processes, Threads; click the Scan button and wait for the scan to finish (do not use your computer during the scan).
-again press the Copy button, paste into that Notepad.
Paste both the DDS.txt and the DDS Attach.txt into your post for assistance, along with the GMER logs and that MBAM log.
Most likely a moderator will then move your thread over to Virus and Spyware Forum.

Edited by gerbil because: n/a
Member Avatar for Bizarre

Alright I took a while because my computer is running slow but I did it.
Here is the MBAM log after I REMOVE SELECTED.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5642

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/30/2011 10:39:56 PM
mbam-log-2011-01-30 (22-39-56).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 260559
Time elapsed: 3 hour(s), 45 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 13
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\wineay32.dll (Trojan.Nebuler) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineay32 (Trojan.Nebuler) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Simple (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Owner\application data\adssite advanced toolbar (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\wineay32.dll (Trojan.Nebuler) -> Delete on reboot.
c:\documents and settings\Owner\application data\adssite advanced toolbar\advertbuttons.xml (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\adssite advanced toolbar\selected.xml (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\0036DF0E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\006D850C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\006D87AC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\006D88D5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\019BD707 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\mywaypluginproxy.class (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00036FC2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\000426CE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\000A2AE7 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Member Avatar for Bizarre

Here is the DDS
DDS (Ver_10-12-12.02) - NTFSx86
Run by Stiles at 0:58:33.04 on Mon 01/31/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.120 [GMT -5:00]

AV: Norton AntiVirus *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Wireless Optical Mouse\MOffice.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless Optical Mouse\MOUSE32A.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Stiles\Desktop\dds.scr

Member Avatar for Bizarre

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://rightonadz.biz/bc/123kah.php
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [FLMOFFICE4DMOUSE] c:\program files\wireless optical mouse\MOffice.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%

Member Avatar for Bizarre

I am having trouble posting the logs I think maybe because it is so long...

Member Avatar for Bizarre

I added the attachment because I was unable to post it directly for some...

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-3-16 668912]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-5-16 109616]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080616.003\NAVENG.SYS [2008-6-16 89936]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080616.003\NAVEX15.SYS [2008-6-16 856336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-12 135664]
S3 SMC2208;SMC Compact USB to Ethernet converter;c:\windows\system32\drivers\SMC2208.SYS [2007-6-14 26525]
S3 XE103Sp50;XE103Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\xe103sp50.sys --> c:\windows\system32\drivers\XE103Sp50.sys [?]

=============== Created Last 30 ================

2011-01-30 23:14:22	--------	d-----w-	c:\docume~1\stiles\applic~1\Malwarebytes
2011-01-30 23:13:43	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 23:13:37	--------	d-----w-	c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-30 23:13:31	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-30 23:13:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-30 22:31:18	--------	d-----w-	c:\docume~1\stiles\applic~1\AVG10

==================== Find3M  ====================


=================== ROOTKIT  ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-75FJA1 rev.14.03G14 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82B96555]<< 
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82b9c7b0]; MOV EAX, [0x82b9c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82BCEAB8]
3 CLASSPNP[0xF8C2605B] -> nt!IofCallDriver[0x804E37D5] -> [0x82B8CF18]
\Driver\atapi[0x82BAAF38] -> IRP_MJ_CREATE -> 0x82B96555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD400BB-75FJA1______________________14.03G14#4457572d414d414a363231323235203420202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82B9639B
user & kernel MBR OK 
Warning: possible TDL3 rootkit infection !

============= FINISH:  1:03:04.90 ===============
Member Avatar for Bizarre

Here is the Attach text..

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/14/2007 12:58:42 PM
System Uptime: 1/31/2011 12:39:10 AM (1 hours ago)

Motherboard: Dell Computer Corp. |  | 0C2425
Processor:                 Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 3.844 GiB free.
D: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP805: 12/19/2010 1:08:43 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP806: 12/19/2010 1:09:07 PM - Installed AVG 2011
RP807: 12/19/2010 1:10:33 PM - Installed AVG 2011
RP808: 1/30/2011 7:25:44 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
Any Video Converter 2.7.6
AOL Instant Messenger
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AV
AVG 2011
AVG PC Tuneup 2011
ccCommon
Compatibility Pack for the 2007 Office system
Corel Painter X
Digital Photo Navigator 1.0
DivX Codec
DivX Web Player
Drive Manager
forteManager
FrostWire 4.18.1
Game Maker 7.0
Google Toolbar for Internet Explorer
Google Update Helper
HD-DV decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Worm Protection
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic ISO Maker v5.4 (build 0256)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
MSXML 6 Service Pack 2 (KB973686)
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
PDF Settings
QuickTime
RPG Maker VX
RPG Maker VX RTP
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
SoundMAX
SPBBC 32bit
Symantec
Symantec Real Time Storage Protection Component
SymNet
Tablet
TI Connect 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
VC80CRTRedist - 8.0.50727.762
Verizon FiOS Activation
Verizon Help and Support Tool
Verizon Servicepoint 3.5.10
VideoLAN VLC media player 0.8.6i
Videora iPod Converter 2.19
Vz In Home Agent
VZAccess Manager for RIM
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
Wireless Optical Mouse
Wisdom-soft ScreenHunter 5.0 Free
Wisdom-soft Toolbar
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

1/30/2011 5:29:01 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
1/30/2011 5:29:01 PM, error: Service Control Manager [7000]  - The HTTP SSL service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/30/2011 5:05:01 PM, error: Service Control Manager [7000]  - The Portrait Displays Display Tune Service service failed to start due to the following error:  The system cannot find the file specified.
1/30/2011 2:14:41 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  This operation returned because the timeout period expired.
1/30/2011 2:13:59 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.
1/30/2011 2:13:59 PM, error: Service Control Manager [7000]  - The Symantec Core LC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/30/2011 2:13:24 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service Symantec Core LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}
1/30/2011 2:11:43 PM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
1/30/2011 2:11:43 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service to connect.
1/30/2011 2:11:43 PM, error: Service Control Manager [7000]  - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/30/2011 2:11:42 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate Scheduler service to connect.
1/30/2011 2:11:42 PM, error: Service Control Manager [7000]  - The Automatic LiveUpdate Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/30/2011 10:51:23 PM, error: Service Control Manager [7000]  - The AVG WatchDog service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/30/2011 10:51:22 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.

==== End Of File ===========================
Member Avatar for Bizarre

The two scans the intial Gmer and the one after just checking IAT/EAT, Devices, Modules, Processes, and Threads.
Again I apprecaite you help me I have no idea what I am doing.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-31 01:06:28
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD400BB-75FJA1 rev.14.03G14
Running: gmer.exe; Driver: C:\DOCUME~1\Stiles\LOCALS~1\Temp\pgaiyfod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                                          sector 32: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                                          sector 62: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                                          sector 63: rootkit-like behavior; 

---- Devices - GMER 1.0.15 ----

Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0                                                                                                                            82B9639B
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1                                                                                                                            82B9639B
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e                                                                                                                   82B9639B
Device                                                                                                                                                                                         Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                                       SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                                       avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                      avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                                      avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                                    SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD400BB-75FJA1______________________14.03G14#4457572d414d414a363231323235203420202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-31 01:12:31
Windows 5.1.2600 Service Pack 2 
Running: gmer.exe; Driver: C:\DOCUME~1\Stiles\LOCALS~1\Temp\pgaiyfod.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Internet Explorer\iexplore.exe[4908] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                                                            [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                                                                         Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                                       SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                                       avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                      avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0                                                                                                                            82B9639B
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1                                                                                                                            82B9639B
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e                                                                                                                   82B9639B

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                                      avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                                    SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device                                                                                                                                                                                         mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device          \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD400BB-75FJA1______________________14.03G14#4457572d414d414a363231323235203420202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- EOF - GMER 1.0.15 ----
Member Avatar for gerbil

Cool, bizarre, and thanks.
==Download tdsskiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
Start TDSSKiller via this command, NOT the icon:
"%userprofile%\desktop\tdsskiller.exe" -l C:\tdssrpt.txt <==paste this into Start, Run...
- click Scan. If TDSSKiller finds a rootkit and prompts a Cure then press Continue [a reboot may be required]; press Continue also on Skip prompt. Do not delete or quarantine any files.
Post the log from C:\.

You must choose between AVG and Symantec. Running two active AV services is less than a bad idea. You are paying for Symantec, and recently they have been getting much better reviews with their new software, I'd keep that one and uninstall AVG. That may not be easy, you might require the uninstall tool from their site. I suggest you use it anyway.
You can remove any of those toolbars from Add/Remove Pgms [Google, Wisdom].
JAVA Update:
Download JavaRa: http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download ; Unzip, and dclick JavaRa.exe. In the box that pops press Search for Update [select Using jucheck.exe]; when updating completes then press Remove Older Versions.
Update, and rerun MBAM, post that log.

Member Avatar for Bizarre

I think this is the log after I click continue and I reboot i am done right I just post this log?

2011/01/31 13:52:33.0140	TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53

2011/01/31 13:52:33.0140	================================================================================

2011/01/31 13:52:33.0140	SystemInfo:

2011/01/31 13:52:33.0140	

2011/01/31 13:52:33.0140	OS Version: 5.1.2600 ServicePack: 2.0

2011/01/31 13:52:33.0140	Product type: Workstation

2011/01/31 13:52:33.0140	ComputerName: WINDOWS-36B83CA

2011/01/31 13:52:33.0140	UserName: Stiles

2011/01/31 13:52:33.0140	Windows directory: C:\WINDOWS

2011/01/31 13:52:33.0140	System windows directory: C:\WINDOWS

2011/01/31 13:52:33.0140	Processor architecture: Intel x86

2011/01/31 13:52:33.0140	Number of processors: 1

2011/01/31 13:52:33.0140	Page size: 0x1000

2011/01/31 13:52:33.0140	Boot type: Normal boot

2011/01/31 13:52:33.0140	================================================================================

2011/01/31 13:52:37.0156	Initialize success

2011/01/31 13:52:59.0671	================================================================================

2011/01/31 13:52:59.0671	Scan started

2011/01/31 13:52:59.0671	Mode: Manual; 

2011/01/31 13:52:59.0671	================================================================================

2011/01/31 13:53:01.0187	ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/31 13:53:01.0390	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/31 13:53:01.0718	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/01/31 13:53:01.0921	AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/01/31 13:53:03.0031	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/31 13:53:03.0187	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/31 13:53:03.0500	ati2mtag        (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/31 13:53:03.0718	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/31 13:53:04.0000	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/31 13:53:04.0171	AVGIDSDriver    (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/01/31 13:53:04.0359	AVGIDSEH        (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/01/31 13:53:04.0515	AVGIDSFilter    (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/01/31 13:53:04.0703	AVGIDSShim      (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/01/31 13:53:04.0953	Avgldx86        (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/01/31 13:53:05.0218	Avgmfx86        (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/01/31 13:53:05.0359	Avgrkx86        (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/01/31 13:53:05.0578	Avgtdix         (354e0fec3bfdfa9c369e0f67ac362f9f) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/01/31 13:53:05.0859	bcm4sbxp        (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/01/31 13:53:06.0031	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/31 13:53:06.0250	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/31 13:53:06.0562	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/31 13:53:06.0750	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/31 13:53:06.0921	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/31 13:53:07.0703	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/31 13:53:07.0953	dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/31 13:53:08.0234	dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/31 13:53:08.0421	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/31 13:53:08.0640	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/31 13:53:08.0906	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/31 13:53:09.0156	eeCtrl          (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/01/31 13:53:09.0421	EraserUtilRebootDrv (e7d1a496c71cd56bdd97f32c9141a03b) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/01/31 13:53:09.0656	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/31 13:53:09.0906	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WI
Member Avatar for Bizarre

Ok I just updated Java and removed older versions. I am going to remove AVG and do MBAM scan

Member Avatar for Bizarre

I have a question about removing AVG it says uninstall AVG 2011 then there is a selection Remove user settings and include objects in virus vault. do I check both?
Also I have AVG PC Tuneup 2011 do I have to uninstall that too??

Member Avatar for gerbil

"there is a selection Remove user settings and include objects in virus vault. do I check both?" Yes, you should.
TDSSKiller required a restart at some stage to remove a found rootkit. No other action is required by you for that. You may have already restarted.
AVG PC Tuneup 2011 - you may leave that on your sys, it is unrelated to the AV service.

Member Avatar for Bizarre

www.malwarebytes.org

Database version: 5642

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/31/2011 5:57:58 PM
mbam-log-2011-01-31 (17-57-58).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 254583
Time elapsed: 3 hour(s), 11 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Member Avatar for Bizarre

Ok awesome thanks again

Member Avatar for gerbil

Much better. You might run these, the first is a general, configurable cleaner; next choose one of the online scanners.
Firstly, get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to Open and Run from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
Run CCleaner in any other Accounts.
Lastly, run one of these:
==Pandasoftware ActiveScan using IE or Firefox from http://www.pandasecurity.com/activescan/index/
==Bitdefender Online Scan using IE only: http://www.bitdefender.com/scanner/online/free.html
- post the results, please.

Edited by gerbil because: n/a
Member Avatar for Bizarre

BitDefender Online Scanner - Real Time Virus Report

Generated at: Tue, Feb 01, 2011 - 20:27:22


--------------------------------------------------------------------------------

Scan Info

Scanned Files
504425

Infected Files
8


Virus Detected

Adware.Generic.145282
1

Gen:Variant.Kazy.5557
1

Java.Trojan.Downloader.OpenConnection.AI
4

Trojan.Generic.IS.562680
2


--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Member Avatar for Bizarre

I did the ccleaner scan before I did the bitdefender scan how do I post that log?

Member Avatar for gerbil

Hi, to post that BiDefender log...click the Detected Problems tab > select "Click here to export" the scan report.
Change the Save as type to Text (Tab Delimited) (*.txt), enter a filename and save. ATTACH the log via Advanced Post button.

Member Avatar for Bizarre

Hi, to post that BiDefender log...click the Detected Problems tab > select "Click here to export" the scan report.
Change the Save as type to Text (Tab Delimited) (*.txt), enter a filename and save. ATTACH the log via Advanced Post button.

I go to save it and it only lets me save as (*.html) what gives?

Member Avatar for Bizarre

Ok I think I got it.

BitDefender Online Scanner
  
  
 
Scan report generated at: Wed, Feb 02, 2011 - 17:55:51
 
 
  
  
 
Scan path: C:\;D:\;F:\;
  
  
 
 
  
  
 
Statistics
 
Time
 03:15:21
 
Files
 492241
 
Folders
 12477
 
Boot Sectors
 0
 
Archives
 3962
 
Packed Files
 40648
 
  
  
 
Results
 
Identified Viruses 
 2
 
Infected Files 
 6
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 6
 
  
  
 
Engines Info
 
Virus Definitions
 6706748
 
Engine build
 AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)
 
Scan plugins
 18
 
Archive plugins
 44
 
Unpack plugins
 10
 
E-mail plugins
 6
 
System plugins
 4
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-001917.file=>Dix.class
 Infected with: Trojan.Generic.IS.562680
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-001917.file=>Dix.class
 Deleted
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-001917.file
 Updated
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc
 Update failed
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-001918.file=>Dix.class
 Infected with: Trojan.Generic.IS.562680
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-001918.file=>Dix.class
 Deleted
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-001918.file
 Updated
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc
 Update failed
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/a$1.class
 Infected with: Java.Trojan.Downloader.OpenConnection.AI
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/a$1.class
 Deleted
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file
 Updated
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/a.class
 Infected with: Java.Trojan.Downloader.OpenConnection.AI
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/a.class
 Disinfection failed
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/a.class
 Deleted
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file
 Updated
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/b.class
 Infected with: Java.Trojan.Downloader.OpenConnection.AI
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/b.class
 Disinfection failed
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/b.class
 Deleted
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file
 Updated
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/KAVS.class
 Infected with: Java.Trojan.Downloader.OpenConnection.AI
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file=>bpac/KAVS.class
 Deleted
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc=>110130151049421-010271.file
 Updated
 
C:\Documents and Settings\Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110130151049421.rsc
 Update failed
Member Avatar for gerbil

That is possibly a bit heavy handed of BiDefender. The files it detected as malware etc were all files of AVG's PC Tuneup, as you can see. You will have to reinstall that pgm. IT is legit, I hope....
It looks like that wraps it up, your sys seems good to go. Cheers.

Member Avatar for Bizarre

Ok great I uninstalled avg pc tune up. Again thank you for all your help I really appreciate it.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.