PDA

View Full Version : Potential Malware



ChronoTrigger
2011-04-12, 22:37
I have been trying to run AVG and HijackThis but they all time out and freeze the computer. I can provide the AVG Rootkit errors, and the DDS report. Last time i posted i didnt get any help :( . I was wondering if someone could please take a look. I am no expert in this stuff.

Here is the rootkit.

Scan "Anti-Rootkit scan" completed.
Rootkits;"43";"0";"43"

Scan started:;"Tuesday, April 12, 2011, 1:55:51 AM"
Scan finished:;"Tuesday, April 12, 2011, 2:20:29 AM (24 minute(s) 37 second(s))"
Total object scanned:;"417016"
User who launched the scan:;"SYSTEM"

Rootkits
;"File";"Infection";"Result"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL -> wpsdrvnt.sys +0x16D0";"Object is hidden"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_CLOSE -> wpsdrvnt.sys +0x1580";"Object is hidden"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_CREATE -> wpsdrvnt.sys +0x1360";"Object is hidden"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_DEVICE_CONTROL -> wpsdrvnt.sys +0x16A0";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook tcpip.sys IPTransmit+0x10FC -> Teefer.sys +0x8200";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook tcpip.sys IPTransmit+0x2A52 -> Teefer.sys +0x8200";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook tcpip.sys IPRegisterProtocol+0x930 -> Teefer.sys +0x8200";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"tcpip.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"tcpip.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"tcpip.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook wanarp.sys +0x53FD -> Teefer.sys +0x8350";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"

And the DDS Report...........
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 3:13:16.21 on Tue 04/12/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2318 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds (1).com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = https://forms.netsuite.com/app/site/...e044ae6b5f3101
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [SpeedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SmartSoft PDF Printer (demo) Agent] "c:\program files\smart pdf converter pro\sspdfagentd.exe"
mRun: [SmartSoft PDF Printer (demo) virtual printer agent] "c:\program files\smart pdf converter pro\sspdfagentd.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\regist~1.lnk - c:\program files\eset\noderator\Register NOD32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{176130bc-99a1-41fe-a78b-56045e33ad70}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-11-25 203616]
R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2007-6-22 95592]
R2 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2008-11-25 14688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-10-15 243856]
S2 gupdate1c9647bf2396ed8;Google Update Service (gupdate1c9647bf2396ed8);c:\program files\google\update\GoogleUpdate.exe [2008-12-22 133104]
S2 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);c:\program files\microsoft sql server\mssql.2\olap\bin\msmdsrv.exe [2008-11-25 14951264]
S2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2008-11-24 346976]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-11 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2011-04-12 07:47:25 -------- d-----w- c:\program files\iPod
2011-04-12 07:47:23 -------- d-----w- c:\program files\iTunes
2011-04-12 07:39:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-12 07:39:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-12 07:38:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-04-12 07:38:15 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple
2011-04-12 07:37:52 -------- d-----w- c:\program files\Bonjour
2011-04-12 07:37:00 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple Computer
2011-04-12 07:28:05 55888 ----a-w- c:\windows\system32\drivers\Teefer.sys
2011-04-12 07:28:05 11914 ----a-w- c:\windows\system32\drivers\wg3n.sys
2011-04-12 07:28:04 18515 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2011-04-12 07:28:02 77824 ----a-w- c:\windows\system32\SSSensor.dll
2011-04-12 07:27:59 -------- d-----w- c:\program files\Sygate
2011-04-12 07:27:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard
.
==================== Find3M ====================
.
.
============= FINISH: 3:14:06.82 ===============

tashi
2011-04-12, 23:02
Hello ChronoTrigger,

Last time i posted i didnt get any help :( .
Your previous topic was started earlier today. :) http://forums.spybot.info/showthread.php?t=62229

Please revisit the forum sticky: "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Among the other information;

"Please do not start more than one topic for the same computer during the same period. It will either be removed, closed or merged with your original thread."

Two posts were merged in your first topic.

"Posting additional comments or logs before a volunteer responds can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response. For that reason we may merge such posts but please do not count on it."

This second topic has been closed. ;)