1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus

Discussion in 'Virus & Other Malware Removal' started by danunited1, Dec 19, 2010.

Thread Status:
Not open for further replies.
  1. danunited1

    danunited1 Thread Starter

    Joined:
    Dec 19, 2010
    Messages:
    1
    Hi All

    I am only a very basis user and I got a warning message from AVG that mentioned a potential problem which was downloader zlob. I have done two AVG scans since then and nothing has shown but I am very worried I may still have a virus. I have tried my best to follow the instructions and my results are as follows. Hope someone is able to identify if I have any problems:-

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:50:14, on 19/12/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S54F.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    --
    End of file - 8992 bytes
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Owner at 15:53:05.85 on 19/12/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.479.89 [GMT 0:00]
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7UE5G67Q\dds[1].scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_S54F.tmp" /EF "HKCU"
    mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [Samsung Common SM] "c:\windows\samsung\comsmmgr\ssmmgr.exe" /autorun
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    ============= SERVICES / DRIVERS ===============
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-28 29584]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-16 243024]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-4 390528]
    R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-23 308136]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
    =============== Created Last 30 ================
    2010-12-19 15:48:53 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-19 15:48:51 -------- d-----w- c:\program files\Trend Micro
    2010-12-15 11:32:25 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 11:26:43 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    ==================== Find3M ====================
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    ============= FINISH: 15:54:30.21 ===============

    DDS (Ver_10-12-12.02)
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/12/2007 12:04:52
    System Uptime: 19/12/2010 15:40:12 (0 hours ago)
    Motherboard: FUJITSU SIEMENS | | D2560-A3
    Processor: AMD Sempron(tm) Processor 3600+ | Socket AM2 | 2009/133mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 75 GiB total, 61.479 GiB free.
    D: is Removable
    E: is CDROM ()
    F: is Removable
    ==== Disabled Device Manager Items =============
    ==== System Restore Points ===================
    RP558: 19/09/2010 10:18:57 - System Checkpoint
    RP559: 20/09/2010 00:52:58 - Software Distribution Service 3.0
    RP560: 23/09/2010 11:53:09 - Avg Update
    RP561: 23/09/2010 11:54:56 - Avg Update
    RP562: 24/09/2010 12:15:27 - System Checkpoint
    RP563: 26/09/2010 11:55:27 - System Checkpoint
    RP564: 27/09/2010 12:16:54 - System Checkpoint
    RP565: 28/09/2010 17:40:23 - System Checkpoint
    RP566: 30/09/2010 10:48:19 - Software Distribution Service 3.0
    RP567: 01/10/2010 12:35:14 - System Checkpoint
    RP568: 03/10/2010 12:20:11 - System Checkpoint
    RP569: 05/10/2010 19:34:07 - Avg Update
    RP570: 08/10/2010 13:15:53 - Software Distribution Service 3.0
    RP571: 09/10/2010 16:05:24 - System Checkpoint
    RP572: 11/10/2010 11:39:36 - System Checkpoint
    RP573: 12/10/2010 16:37:58 - System Checkpoint
    RP574: 14/10/2010 10:33:25 - Installed Rapport
    RP575: 14/10/2010 10:34:14 - Software Distribution Service 3.0
    RP576: 14/10/2010 23:41:50 - Software Distribution Service 3.0
    RP577: 19/10/2010 17:44:11 - System Checkpoint
    RP578: 27/10/2010 10:18:05 - Avg Update
    RP579: 31/10/2010 10:35:01 - System Checkpoint
    RP580: 01/11/2010 11:49:13 - System Checkpoint
    RP581: 04/11/2010 08:38:12 - System Checkpoint
    RP582: 07/11/2010 10:09:46 - System Checkpoint
    RP583: 10/11/2010 12:43:36 - Avg Update
    RP584: 10/11/2010 12:44:33 - Avg Update
    RP585: 10/11/2010 12:55:44 - Software Distribution Service 3.0
    RP586: 11/11/2010 11:30:38 - Installed Java(TM) 6 Update 22
    RP587: 25/11/2010 10:04:47 - Avg Update
    RP588: 25/11/2010 10:05:59 - Avg Update
    RP589: 29/11/2010 07:39:17 - System Checkpoint
    RP590: 01/12/2010 10:29:46 - System Checkpoint
    RP591: 02/12/2010 18:14:29 - System Checkpoint
    RP592: 06/12/2010 08:22:27 - System Checkpoint
    RP593: 08/12/2010 11:01:17 - System Checkpoint
    RP594: 10/12/2010 11:00:01 - System Checkpoint
    RP595: 13/12/2010 13:15:24 - System Checkpoint
    RP596: 15/12/2010 11:46:10 - Software Distribution Service 3.0
    RP597: 16/12/2010 16:06:20 - System Checkpoint
    RP598: 19/12/2010 15:48:49 - Installed HiJackThis
    ==== Installed Programs ======================
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    AVG Free 9.0
    Camera RAW Plug-In for EPSON Creativity Suite
    Critical Update for Windows Media Player 11 (KB959772)
    CX4300_5500_DX4400 manual
    EPSON Attach To Email
    EPSON Copy Utility 3
    EPSON Easy Photo Print
    EPSON File Manager
    EPSON Printer Software
    EPSON Scan
    EPSON Scan Assistant
    EPSON Web-To-Page
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MSN
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Ultra Edition
    neroxml
    NVIDIA Drivers
    PowerDVD
    Rapport
    Realtek High Definition Audio Driver
    SAGEM [email protected] 800-840
    Samsung ML-1610 Series
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Install Manager
    ==== Event Viewer Messages From Past Week ========
    15/12/2010 11:23:20, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001999023729 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    13/12/2010 12:55:56, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
    13/12/2010 12:55:56, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13/12/2010 12:55:55, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The system cannot find the file specified.
    ==== End Of File ===========================


    MER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-19 16:54:18
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD800JD-55MUA1 rev.10.01E01
    Running: vy126dqs[1].exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwdcipod.sys

    ---- System - GMER 1.0.15 ----
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xF3C5CFE4]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF3C5D996]
    SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (RapportCerberus/Trusteer Ltd.) ZwCreateThread [0xF78E7864]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xF3C5DAF6]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xF3C6136C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xF3C6139E]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xF3C61500]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF3C5DA5A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xF3C5D128]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xF3C5D31A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xF3C5D44C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF3C61476]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF3C613E0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xF3C61412]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xF3C61444]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xF3C5CF8A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xF3C5DB56]
    SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (RapportCerberus/Trusteer Ltd.) ZwSetValueKey [0xF78E782E]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xF3C5CF26]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xF3C5CE7A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xF3C5CEC2]
    Code 814E5F8A IoReportHalResourceUsage
    ---- Kernel code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6B72380, 0x2F9047, 0xE8000020]
    ? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 01777420 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] ntdll.dll!LdrLoadDll + 1 7C9163C4 5 Bytes [22, 00, 68, 71, C3]
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 71500022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71440022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 71560022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 716E0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 714A0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 71610022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71470022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71530022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 714D0022
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71030022
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 71070022
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 712C0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 71170022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 6 Bytes PUSH 71410022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 713E0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetConnectA 3D94DEAE 6 Bytes PUSH 71290022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetConnectW 3D94F862 6 Bytes PUSH 71260022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 712F0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 713B0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetOpenA 3D95D690 6 Bytes PUSH 711D0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetOpenW 3D95DB09 6 Bytes PUSH 711A0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetSetStatusCallback 3D95DCC8 6 Bytes PUSH 71110022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 71380022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 71140022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetGetCookieExA 3D964BD0 6 Bytes PUSH 71200022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetWriteFile 3D9A608E 6 Bytes PUSH 710E0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 71350022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 71320022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] WININET.dll!InternetGetCookieA 3D9BBD44 6 Bytes PUSH 71230022; RET
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1072] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414C10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1072] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1072] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1072] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 023F7420 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] ntdll.dll!LdrLoadDll + 1 7C9163C4 5 Bytes [22, 00, 68, 71, C3]
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 71510022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71450022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 71570022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 716E0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 714B0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 71620022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71480022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71540022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 714E0022
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 71650022
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 712D0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 71180022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 6 Bytes PUSH 71420022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 713F0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetConnectA 3D94DEAE 6 Bytes PUSH 712A0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetConnectW 3D94F862 6 Bytes PUSH 71270022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 71300022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 713C0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetOpenA 3D95D690 6 Bytes PUSH 711E0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetOpenW 3D95DB09 6 Bytes PUSH 711B0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetSetStatusCallback 3D95DCC8 6 Bytes PUSH 71120022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 71390022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 71150022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetGetCookieExA 3D964BD0 6 Bytes PUSH 71210022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetWriteFile 3D9A608E 6 Bytes PUSH 710F0022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 71360022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 71330022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] WININET.dll!InternetGetCookieA 3D9BBD44 6 Bytes PUSH 71240022; RET
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71040022
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2776] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 71080022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 004397C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022
    ---- User IAT/EAT - GMER 1.0.15 ----
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----

    MANY THANKS IN ADVANCE.

    dan
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi Dan! :)

    The logs appear to be okay but let's do this anyway...

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969416

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice