Results 1 to 3 of 3

Thread: Spybot freezes before scan starts

  1. 2011-01-02, 00:52 #1
    MikePh
    MikePh is offline
    Junior Member
    Join Date
    Jan 2011
    Posts
    1

    Default Spybot freezes before scan starts

    My internet searches are being redirected. Rightmedia has been culprit before. Spybot finds and deletes. I listed Rightmedia in my "Restricted Sites" list on IE. But Rightmedia always reappears. Now, after updating Spybot, when I try to start the scan, it freezes while 'checking registry' or similar.
    I have recently replaced my video board and have had blue screen error messages about device drivers. I have the latest video board device driver (loaded from web).
    I looked over your forum instructions and have run (and attempted to attach) DDS.txt, Attach.txt, GMER report and run ERUNT.
    When I try to attach the files, I get the "Manage Attachments" window, I browse and select file from my desktop. It shows in the 'Upload File From Your Computer" window, but when I click 'Upload", the window changes to "IE Cannot Display the Webpage" and stops the attachment process even though the file is only 22KB?
    Thanks for any help.
    Mike Phillips

    Haven't heard from anyone, but have some info to add.
    Even when I let SpyBot run for hours, it sticks on WIN32.Agent.svc.
    I ran SpyBot in safe mode, but same result.
    I ran Avast and it found 5 problems:
    2-Huntbar.Stoolbar, 2-MTC.MakeMeSearch.com and Right Media.
    It fixed 4 out of 5, and fixed the 5th at next restart.
    Computer is now working OK, but when I run SpyBot, it still hangs at WIN32.Agent.svc.
    How do I fix SpyBot?
    I have attached the DDS files.
    Thanks for any help.
    Mike

    Attachment 6576

    Attachment 6577


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Owner at 17:07:41.79 on Sat 01/01/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.213 [GMT -5:00]

    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\iDumpPro\NMSAccessU.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
    C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\FinePixViewerS\QuickDCF2.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\DOCUME~1\MIKEPH~1\LOCALS~1\Temp\AMPing.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Mike Phillips\Local Settings\Temporary Internet Files\Content.IE5\7DL37W08\dds[1].com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.aol.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = http=127.0.0.1:5555;https=;ftp=;gopher=;socks=
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
    mRun: [UCU] "c:\program files\ubiquiti\UCU.exe" -nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
    StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\person~1.lnk - c:\program files\personalbrain\PersonalBrainS.exe
    StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\pictur~1.lnk - c:\program files\nikon\pictureproject in touch\PictureProjectInTouch.exe
    StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishPictureMover.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\eventp~2.lnk - c:\windows\installer\{747a6a10-da58-48c2-a1f0-c15514419c8a}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\eventp~1.lnk - c:\windows\installer\{5d0df1bb-d82e-4fb2-b98e-4fde42ef7ebb}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166218012078
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242485233062
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Filter: text/html - {b70d4bf7-62a8-4519-9d72-bcc2abd2c5f3} -
    Handler: AutorunsDisabled\qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\program files\qlikview\qvprotocol\Qvp.dll
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: ckpNotify - ckpNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mikeph~1\applic~1\mozilla\firefox\profiles\i0fggcn6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - component: c:\documents and settings\mike phillips\application data\mozilla\firefox\profiles\i0fggcn6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-1 165584]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 29584]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 243024]
    R2 AMPingService;AMPingService;c:\docume~1\mikeph~1\locals~1\temp\AMPing.exe [2010-7-9 28480]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-1 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
    R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2005-6-19 36400]
    R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2005-6-19 109072]
    R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2005-6-19 671408]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]
    R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2005-6-19 2234320]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
    S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
    S3 EMVSCARD;EMVSCARD;c:\windows\system32\drivers\EMVSCARD.sys [2010-11-25 20178]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-16 30192]
    S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 UB00X;Ubiquiti UB00X 802.11 b/g/n Wireless Network Adapter Service;c:\windows\system32\drivers\ubnt_athuw.sys [2010-12-4 1683632]
    S3 wxpSvc;webcamXP Service;c:\program files\webcamwlite\wService.exe [2009-7-18 3476480]
    S4 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2008-2-5 228480]

    =============== Created Last 30 ================

    2011-01-01 21:30:29 -------- d-----w- c:\program files\Search Toolbar
    2011-01-01 21:29:34 -------- d-----w- c:\program files\Quick Web Player
    2011-01-01 20:41:24 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-01 20:41:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2011-01-01 20:14:35 -------- d-----w- c:\program files\Microsoft
    2011-01-01 20:14:33 -------- d-----w- c:\program files\MSN Toolbar
    2011-01-01 20:13:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\UAB
    2011-01-01 20:13:51 -------- d-----w- c:\docume~1\mikeph~1\locals~1\applic~1\PC_Drivers_Headquarters
    2011-01-01 20:13:46 -------- d-----w- c:\program files\MSN Toolbar Installer
    2011-01-01 20:13:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
    2011-01-01 20:12:28 -------- d-----w- c:\program files\Driver Whiz
    2010-12-31 16:37:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
    2010-12-31 15:55:35 -------- d-----w- c:\docume~1\mikeph~1\applic~1\ParetoLogic
    2010-12-31 15:55:35 -------- d-----w- c:\docume~1\mikeph~1\applic~1\DriverCure
    2010-12-31 15:55:25 -------- d-----w- c:\program files\common files\ParetoLogic
    2010-12-31 15:55:23 -------- d-----w- c:\program files\ParetoLogic
    2010-12-31 15:55:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
    2010-12-30 22:18:15 -------- d-----w- c:\windows\NV2544544.TMP
    2010-12-26 18:10:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-26 18:10:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-26 18:10:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-20 01:34:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
    2010-12-05 20:43:15 -------- d-----w- c:\program files\iPod
    2010-12-05 20:43:03 -------- d-----w- c:\program files\iTunes
    2010-12-05 20:38:04 -------- d-----w- c:\program files\Bonjour
    2010-12-04 22:48:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Ubiquiti

    ==================== Find3M ====================

    2010-12-31 21:37:59 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-12-31 21:37:59 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-12-31 21:37:56 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-10-25 22:41:52 135168 ----a-w- c:\windows\AMCAP.EXE
    2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
    2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
    2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
    2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
    2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
    2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-10-16 17:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-10-16 17:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2010-10-16 17:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
    2010-10-16 17:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-10-16 17:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-10-16 17:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86693EE4]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8538f820; SUB DWORD [EBP-0x4], 0x8538f12e; PUSH EDI; CALL 0xffffffffffffe10c; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x87185AB8]
    3 CLASSPNP[0xF751BFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x871C7030]
    [0x86769030] -> IRP_MJ_CREATE -> 0x86693EE4
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskRAID11.0.00__#4&2ee22e5c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\iaStor DriverStartIo -> 0x86693CE2
    user & kernel MBR OK
    sectors 781416446 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 17:13:35.14 ===============
    Last edited by tashi; 2011-01-05 at 03:43. Reason: Merged two posts, copy pasted log into topic :-)
  2. 2011-01-05, 15:10 #2
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2011-01-11, 10:16 #3
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules