MikePh
2011-01-02, 00:52
My internet searches are being redirected. Rightmedia has been culprit before. Spybot finds and deletes. I listed Rightmedia in my "Restricted Sites" list on IE. But Rightmedia always reappears. Now, after updating Spybot, when I try to start the scan, it freezes while 'checking registry' or similar.
I have recently replaced my video board and have had blue screen error messages about device drivers. I have the latest video board device driver (loaded from web).
I looked over your forum instructions and have run (and attempted to attach) DDS.txt, Attach.txt, GMER report and run ERUNT.
When I try to attach the files, I get the "Manage Attachments" window, I browse and select file from my desktop. It shows in the 'Upload File From Your Computer" window, but when I click 'Upload", the window changes to "IE Cannot Display the Webpage" and stops the attachment process even though the file is only 22KB?
Thanks for any help.
Mike Phillips
Haven't heard from anyone, but have some info to add.
Even when I let SpyBot run for hours, it sticks on WIN32.Agent.svc.
I ran SpyBot in safe mode, but same result.
I ran Avast and it found 5 problems:
2-Huntbar.Stoolbar, 2-MTC.MakeMeSearch.com and Right Media.
It fixed 4 out of 5, and fixed the 5th at next restart.
Computer is now working OK, but when I run SpyBot, it still hangs at WIN32.Agent.svc.
How do I fix SpyBot?
I have attached the DDS files.
Thanks for any help.
Mike
6576
6577
DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 17:07:41.79 on Sat 01/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.213 [GMT -5:00]
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\DOCUME~1\MIKEPH~1\LOCALS~1\Temp\AMPing.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mike Phillips\Local Settings\Temporary Internet Files\Content.IE5\7DL37W08\dds[1].com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555;https=;ftp=;gopher=;socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [UCU] "c:\program files\ubiquiti\UCU.exe" -nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\person~1.lnk - c:\program files\personalbrain\PersonalBrainS.exe
StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\pictur~1.lnk - c:\program files\nikon\pictureproject in touch\PictureProjectInTouch.exe
StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishPictureMover.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\eventp~2.lnk - c:\windows\installer\{747a6a10-da58-48c2-a1f0-c15514419c8a}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\eventp~1.lnk - c:\windows\installer\{5d0df1bb-d82e-4fb2-b98e-4fde42ef7ebb}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166218012078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242485233062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Filter: text/html - {b70d4bf7-62a8-4519-9d72-bcc2abd2c5f3} -
Handler: AutorunsDisabled\qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\program files\qlikview\qvprotocol\Qvp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: ckpNotify - ckpNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mikeph~1\applic~1\mozilla\firefox\profiles\i0fggcn6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\mike phillips\application data\mozilla\firefox\profiles\i0fggcn6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-1 165584]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 243024]
R2 AMPingService;AMPingService;c:\docume~1\mikeph~1\locals~1\temp\AMPing.exe [2010-7-9 28480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2005-6-19 36400]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2005-6-19 109072]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2005-6-19 671408]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2005-6-19 2234320]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 EMVSCARD;EMVSCARD;c:\windows\system32\drivers\EMVSCARD.sys [2010-11-25 20178]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-16 30192]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UB00X;Ubiquiti UB00X 802.11 b/g/n Wireless Network Adapter Service;c:\windows\system32\drivers\ubnt_athuw.sys [2010-12-4 1683632]
S3 wxpSvc;webcamXP Service;c:\program files\webcamwlite\wService.exe [2009-7-18 3476480]
S4 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2008-2-5 228480]
=============== Created Last 30 ================
2011-01-01 21:30:29 -------- d-----w- c:\program files\Search Toolbar
2011-01-01 21:29:34 -------- d-----w- c:\program files\Quick Web Player
2011-01-01 20:41:24 38848 ----a-w- c:\windows\avastSS.scr
2011-01-01 20:41:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-01-01 20:14:35 -------- d-----w- c:\program files\Microsoft
2011-01-01 20:14:33 -------- d-----w- c:\program files\MSN Toolbar
2011-01-01 20:13:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\UAB
2011-01-01 20:13:51 -------- d-----w- c:\docume~1\mikeph~1\locals~1\applic~1\PC_Drivers_Headquarters
2011-01-01 20:13:46 -------- d-----w- c:\program files\MSN Toolbar Installer
2011-01-01 20:13:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2011-01-01 20:12:28 -------- d-----w- c:\program files\Driver Whiz
2010-12-31 16:37:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-12-31 15:55:35 -------- d-----w- c:\docume~1\mikeph~1\applic~1\ParetoLogic
2010-12-31 15:55:35 -------- d-----w- c:\docume~1\mikeph~1\applic~1\DriverCure
2010-12-31 15:55:25 -------- d-----w- c:\program files\common files\ParetoLogic
2010-12-31 15:55:23 -------- d-----w- c:\program files\ParetoLogic
2010-12-31 15:55:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-12-30 22:18:15 -------- d-----w- c:\windows\NV2544544.TMP
2010-12-26 18:10:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 18:10:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 18:10:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-20 01:34:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2010-12-05 20:43:15 -------- d-----w- c:\program files\iPod
2010-12-05 20:43:03 -------- d-----w- c:\program files\iTunes
2010-12-05 20:38:04 -------- d-----w- c:\program files\Bonjour
2010-12-04 22:48:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Ubiquiti
==================== Find3M ====================
2010-12-31 21:37:59 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-31 21:37:59 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-31 21:37:56 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-25 22:41:52 135168 ----a-w- c:\windows\AMCAP.EXE
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 17:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 17:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 17:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 17:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 17:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 17:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86693EE4]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8538f820; SUB DWORD [EBP-0x4], 0x8538f12e; PUSH EDI; CALL 0xffffffffffffe10c; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x87185AB8]
3 CLASSPNP[0xF751BFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x871C7030]
[0x86769030] -> IRP_MJ_CREATE -> 0x86693EE4
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskRAID11.0.00__#4&2ee22e5c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x86693CE2
user & kernel MBR OK
sectors 781416446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 17:13:35.14 ===============
I have recently replaced my video board and have had blue screen error messages about device drivers. I have the latest video board device driver (loaded from web).
I looked over your forum instructions and have run (and attempted to attach) DDS.txt, Attach.txt, GMER report and run ERUNT.
When I try to attach the files, I get the "Manage Attachments" window, I browse and select file from my desktop. It shows in the 'Upload File From Your Computer" window, but when I click 'Upload", the window changes to "IE Cannot Display the Webpage" and stops the attachment process even though the file is only 22KB?
Thanks for any help.
Mike Phillips
Haven't heard from anyone, but have some info to add.
Even when I let SpyBot run for hours, it sticks on WIN32.Agent.svc.
I ran SpyBot in safe mode, but same result.
I ran Avast and it found 5 problems:
2-Huntbar.Stoolbar, 2-MTC.MakeMeSearch.com and Right Media.
It fixed 4 out of 5, and fixed the 5th at next restart.
Computer is now working OK, but when I run SpyBot, it still hangs at WIN32.Agent.svc.
How do I fix SpyBot?
I have attached the DDS files.
Thanks for any help.
Mike
6576
6577
DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 17:07:41.79 on Sat 01/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.213 [GMT -5:00]
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\DOCUME~1\MIKEPH~1\LOCALS~1\Temp\AMPing.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mike Phillips\Local Settings\Temporary Internet Files\Content.IE5\7DL37W08\dds[1].com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555;https=;ftp=;gopher=;socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [UCU] "c:\program files\ubiquiti\UCU.exe" -nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\person~1.lnk - c:\program files\personalbrain\PersonalBrainS.exe
StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\pictur~1.lnk - c:\program files\nikon\pictureproject in touch\PictureProjectInTouch.exe
StartupFolder: c:\docume~1\mikeph~1\startm~1\programs\startup\autoru~1\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishPictureMover.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\eventp~2.lnk - c:\windows\installer\{747a6a10-da58-48c2-a1f0-c15514419c8a}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\eventp~1.lnk - c:\windows\installer\{5d0df1bb-d82e-4fb2-b98e-4fde42ef7ebb}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166218012078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242485233062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Filter: text/html - {b70d4bf7-62a8-4519-9d72-bcc2abd2c5f3} -
Handler: AutorunsDisabled\qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\program files\qlikview\qvprotocol\Qvp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: ckpNotify - ckpNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mikeph~1\applic~1\mozilla\firefox\profiles\i0fggcn6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\mike phillips\application data\mozilla\firefox\profiles\i0fggcn6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-1 165584]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 243024]
R2 AMPingService;AMPingService;c:\docume~1\mikeph~1\locals~1\temp\AMPing.exe [2010-7-9 28480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2005-6-19 36400]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2005-6-19 109072]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2005-6-19 671408]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2005-6-19 2234320]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 EMVSCARD;EMVSCARD;c:\windows\system32\drivers\EMVSCARD.sys [2010-11-25 20178]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-16 30192]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UB00X;Ubiquiti UB00X 802.11 b/g/n Wireless Network Adapter Service;c:\windows\system32\drivers\ubnt_athuw.sys [2010-12-4 1683632]
S3 wxpSvc;webcamXP Service;c:\program files\webcamwlite\wService.exe [2009-7-18 3476480]
S4 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2008-2-5 228480]
=============== Created Last 30 ================
2011-01-01 21:30:29 -------- d-----w- c:\program files\Search Toolbar
2011-01-01 21:29:34 -------- d-----w- c:\program files\Quick Web Player
2011-01-01 20:41:24 38848 ----a-w- c:\windows\avastSS.scr
2011-01-01 20:41:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-01-01 20:14:35 -------- d-----w- c:\program files\Microsoft
2011-01-01 20:14:33 -------- d-----w- c:\program files\MSN Toolbar
2011-01-01 20:13:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\UAB
2011-01-01 20:13:51 -------- d-----w- c:\docume~1\mikeph~1\locals~1\applic~1\PC_Drivers_Headquarters
2011-01-01 20:13:46 -------- d-----w- c:\program files\MSN Toolbar Installer
2011-01-01 20:13:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2011-01-01 20:12:28 -------- d-----w- c:\program files\Driver Whiz
2010-12-31 16:37:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-12-31 15:55:35 -------- d-----w- c:\docume~1\mikeph~1\applic~1\ParetoLogic
2010-12-31 15:55:35 -------- d-----w- c:\docume~1\mikeph~1\applic~1\DriverCure
2010-12-31 15:55:25 -------- d-----w- c:\program files\common files\ParetoLogic
2010-12-31 15:55:23 -------- d-----w- c:\program files\ParetoLogic
2010-12-31 15:55:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-12-30 22:18:15 -------- d-----w- c:\windows\NV2544544.TMP
2010-12-26 18:10:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 18:10:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 18:10:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-20 01:34:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2010-12-05 20:43:15 -------- d-----w- c:\program files\iPod
2010-12-05 20:43:03 -------- d-----w- c:\program files\iTunes
2010-12-05 20:38:04 -------- d-----w- c:\program files\Bonjour
2010-12-04 22:48:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Ubiquiti
==================== Find3M ====================
2010-12-31 21:37:59 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-31 21:37:59 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-31 21:37:56 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-25 22:41:52 135168 ----a-w- c:\windows\AMCAP.EXE
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 17:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 17:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 17:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 17:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 17:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 17:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86693EE4]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8538f820; SUB DWORD [EBP-0x4], 0x8538f12e; PUSH EDI; CALL 0xffffffffffffe10c; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x87185AB8]
3 CLASSPNP[0xF751BFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x871C7030]
[0x86769030] -> IRP_MJ_CREATE -> 0x86693EE4
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskRAID11.0.00__#4&2ee22e5c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x86693CE2
user & kernel MBR OK
sectors 781416446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 17:13:35.14 ===============