When AVG fails, this is where I come. HJT Log included

[Tyler05]

Scan2







GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-20 22:05:18
Windows 5.1.2600 Service Pack 3
Running: 2c1irz40.exe; Driver: C:\DOCUME~1\Tyler\LOCALS~1\Temp\kwtdqpow.sys


---- Modules - GMER 1.0.15 ----

Module spje.sys BA6A7000-BA7A7000 (1048576 bytes)
Module jraid.sys (JMicron JMB36X RAID Driver/JMicron Technology Corp.) BA8F8000-BA905000 (53248 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) BA928000-BA931000 (36864 bytes)
Module avgrkx86.sys (AVG Anti-Rootkit Driver/AVG Technologies CZ, s.r.o.) BADAE000-BADB0000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.13 /NVIDIA Corporation) B94A8000-B9A82000 (6135808 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9448000-B9470000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) BAB08000-BAB12000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) B9410000-B9425000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) BAC48000-BAC4D000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\hamachi.sys (Hamachi Virtual Network Interface Driver/LogMeIn, Inc.) BAC58000-BAC5D000 (20480 bytes)
Module \SystemRoot\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) B6BEE000-B707F000 (4788224 bytes)
Module \SystemRoot\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) B6AD5000-B6AEE000 (102400 bytes)
Module \SystemRoot\System32\Drivers\avgmfx86.sys (AVG Resident Shield Minifilter Driver/AVG Technologies CZ, s.r.o.) BAB48000-BAB4E000 (24576 bytes)
Module \SystemRoot\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) B68DC000-B692A000 (319488 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 178.13 /NVIDIA Corporation) BF9D5000-BFF9C000 (6057984 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) B6251000-B625B000 (40960 bytes)
Module \??\C:\DOCUME~1\Tyler\LOCALS~1\Temp\kwtdqpow.sys (GMER) B48A2000-B48B7000 (86016 bytes)
Module \Program_Files\Alcohol_Soft\Alcohol_52\alcoholx.dl l (Alcohol virtual device control library/Alcohol Soft Development Team) 10000000-100A6000 (679936 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\ALCFDRTM.EXE (ALCFDRTM/Realtek Semiconductor Corp.) 244
Library C:\WINDOWS\ALCFDRTM.EXE (ALCFDRTM/Realtek Semiconductor Corp.) 0x00400000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 508
Library C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (GrooveShellExtensions Module/Microsoft Corporation) 0x661C0000
Library C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (GrooveSystemServices Module/Microsoft Corporation) 0x65E30000
Library C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL (GrooveMisc Module/Microsoft Corporation) 0x66B40000
Library C:\Program Files\AVG\AVG8\avgse.dll (AVG Shell Extension/AVG Technologies CZ, s.r.o.) 0x6C330000
Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library C:\Program Files\FileZilla FTP Client\fzshellext.dll 0x67080000
Library C:\WINDOWS\system32\msdmo.dll 0x736B0000
Library C:\WINDOWS\system32\qedit.dll 0x60CA0000
Library C:\WINDOWS\system32\quartz.dll 0x74810000
Library C:\WINDOWS\system32\devenum.dll 0x75F40000
Library C:\Program Files\SpywareGuard\spywareguard.dll 0x22200000
Library C:\WINDOWS\system32\nvcpl.dll (NVIDIA Display Properties Extension/NVIDIA Corporation) 0x04610000
Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.13 /NVIDIA Corporation) 0x023A0000
Library C:\WINDOWS\system32\nvshell.dll 0x02CB0000

Process C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 584
Library C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 0x00400000

Process C:\Program Files\DNA\btdna.exe (DNA/BitTorrent, Inc.) 680
Library C:\Program Files\DNA\btdna.exe (DNA/BitTorrent, Inc.) 0x00400000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000

Process C:\WINDOWS\system32\RUNDLL32.EXE (Run a DLL as an App/Microsoft Corporation) 736
Library C:\WINDOWS\system32\NvMcTray.dll (NVIDIA Media Center Library/NVIDIA Corporation) 0x10000000
Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.13 /NVIDIA Corporation) 0x00A00000

Process C:\WINDOWS\RTHDCPL.EXE (Realtek HD Audio Control Panel/Realtek Semiconductor Corp.) 756
Library C:\WINDOWS\RTHDCPL.EXE (Realtek HD Audio Control Panel/Realtek Semiconductor Corp.) 0x00400000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 808
Library C:\WINDOWS\system32\avgrsstx.dll (AVG Resident Shield Starter/AVG Technologies CZ, s.r.o.) 0x6C1B0000

Process C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe (HP) 936
Library C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe (HP) 0x00400000
Library C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR321 0.dll (Driver UI dll/HP) 0x10000000

Process C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (GrooveMonitor Utility/Microsoft Corporation) 1024
Library C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (GrooveShellExtensions Module/Microsoft Corporation) 0x661C0000
Library C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (GrooveSystemServices Module/Microsoft Corporation) 0x65E30000

Process C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.13/NVIDIA Corporation) 1084
Library C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.13/NVIDIA Corporation) 0x00400000
Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.13 /NVIDIA Corporation) 0x00960000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1116
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000

Process C:\WINDOWS\system32\PnkBstrB.exe 1248
Library C:\WINDOWS\system32\PnkBstrB.exe 0x00400000

Process C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 1268
Library C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000
Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x60490000
Library C:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x60210000
Library C:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x60000000
Library C:\Program Files\Mozilla Firefox\js3250.dll (Netscape 32-bit JavaScript Module/Netscape Communications Corporation) 0x60100000
Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x600B0000
Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x60420000
Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x60340000
Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x603E0000
Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x600F0000
Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x600E0000
Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x60400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x60E00000
Library C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x601B0000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
Library C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x601C0000
Library C:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x602F0000
Library C:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x60320000
Library C:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x60440000
Library C:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x602A0000
Library C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll (Safe Search for Firefox/AVG Technologies CZ, s.r.o.) 0x6C660000
Library C:\Program Files\AVG\AVG8\avgxpl.dll (LinkScanner SDK/AVG Technologies CZ, s.r.o.) 0x6DB90000
Library C:\Program Files\AVG\AVG8\avgapix.dll (AVG API Module/AVG Technologies CZ, s.r.o.) 0x6A630000
Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000
Library C:\Program Files\AVG\AVG8\avglvex.dll (AVG Prevalence Reporting Library/AVG Technologies CZ, s.r.o.) 0x10000000

Process C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper Module/Apple Inc.) 1352
Library C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper Module/Apple Inc.) 0x00400000
Library C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTune sHelperLocalized.DLL (iTunesHelper Resource Library/Apple Inc.) 0x10000000
Library C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.D LL (iTunesHelper Resource Library/Apple Inc.) 0x003D0000
Library C:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000
Library C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x01CA0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1468
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000

Process C:\WINDOWS\system32\PnkBstrA.exe 1520
Library C:\WINDOWS\system32\PnkBstrA.exe 0x00400000

[Tyler05]

Process C:\Program Files\Google\Gmail Notifier\gnotify.exe (Gmail Notifier/Google Inc.) 1536
Library C:\Program Files\Google\Gmail Notifier\gnotify.exe (Gmail Notifier/Google Inc.) 0x00400000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000

Process C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 1772
Library C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000

Process C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 1860
Library C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\PROGRA~1\AVG\AVG8\avgwd.dll (AVG Watchdog Module/AVG Technologies CZ, s.r.o.) 0x6D740000
Library C:\PROGRA~1\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\PROGRA~1\AVG\AVG8\avgsched.dll (AVG Scheduler Module/AVG Technologies CZ, s.r.o.) 0x6C250000
Library C:\PROGRA~1\AVG\AVG8\avgwdwsc.dll (AVG Windows Security Center Module/AVG Technologies CZ, s.r.o.) 0x6D930000
Library C:\PROGRA~1\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1872
Library C:\WINDOWS\system32\hpzlnt10.dll (HP) 0x10000000
Library C:\WINDOWS\system32\msonpmon.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00990000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpi pelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr .dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00E70000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000

Process C:\Documents and Settings\Tyler\Desktop\2c1irz40.exe 2000
Library C:\Documents and Settings\Tyler\Desktop\2c1irz40.exe 0x00400000

Process C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) 2616
Library C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) 0x00400000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000

Process C:\PROGRA~1\AVG\AVG8\avgam.exe (AVG Alert Manager/AVG Technologies CZ, s.r.o.) 2640
Library C:\PROGRA~1\AVG\AVG8\avgam.exe (AVG Alert Manager/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000
Library C:\Program Files\AVG\AVG8\avgameh.dll (AVG Alert Manager Library/AVG Technologies CZ, s.r.o.) 0x6A520000
Library C:\Program Files\AVG\AVG8\avgamnot.dll (AVG Event Notification Library/AVG Technologies CZ, s.r.o.) 0x6A5B0000

Process C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Resident Shield Service/AVG Technologies CZ, s.r.o.) 2652
Library C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Resident Shield Service/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\PROGRA~1\AVG\AVG8\avgcorex.dll (AVG Scanning Core Module/AVG Technologies CZ, s.r.o.) 0x6AB10000
Library C:\PROGRA~1\AVG\AVG8\avgcrlpx.dll (AVG Core RLP Module/AVG Technologies CZ, s.r.o.) 0x6B1F0000

Process C:\PROGRA~1\AVG\AVG8\avgnsx.exe (AVG Network scanner Service/AVG Technologies CZ, s.r.o.) 2664
Library C:\PROGRA~1\AVG\AVG8\avgnsx.exe (AVG Network scanner Service/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\PROGRA~1\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\PROGRA~1\AVG\AVG8\avgxpl.dll (LinkScanner SDK/AVG Technologies CZ, s.r.o.) 0x6DB90000
Library C:\Program Files\AVG\AVG8\avglvex.dll (AVG Prevalence Reporting Library/AVG Technologies CZ, s.r.o.) 0x10000000
Library C:\PROGRA~1\AVG\AVG8\avgcorex.dll (AVG Scanning Core Module/AVG Technologies CZ, s.r.o.) 0x6AB10000
Library C:\PROGRA~1\AVG\AVG8\avgcrlpx.dll (AVG Core RLP Module/AVG Technologies CZ, s.r.o.) 0x6B1F0000

Process C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) 3008
Library C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\PROGRA~1\AVG\AVG8\libsasl.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DD70000
Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG8\avgapix.dll (AVG API Module/AVG Technologies CZ, s.r.o.) 0x6A630000
Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000
Library C:\Program Files\AVG\AVG8\avgscanx.dll (AVG Scanning Module/AVG Technologies CZ, s.r.o.) 0x6C1C0000
Library C:\Program Files\AVG\AVG8\avgsrmx.dll (AVG Scan Result Manager Module/AVG Technologies CZ, s.r.o.) 0x6C550000
Library C:\Program Files\AVG\AVG8\avgvvx.dll (AVG Virus Vault Module/AVG Technologies CZ, s.r.o.) 0x6D670000
Library C:\Program Files\AVG\AVG8\avgmvflx.dll (AVG Move File Library/AVG Technologies CZ, s.r.o.) 0x6BD30000
Library C:\Program Files\AVG\AVG8\avgcclix.dll (AVG Scanning Core Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6A870000
Library C:\PROGRA~1\AVG\AVG8\saslcrammd5.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DDB0000
Library C:\PROGRA~1\AVG\AVG8\sasldigestmd5.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DDC0000
Library C:\PROGRA~1\AVG\AVG8\sasllogin.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DDA0000
Library C:\PROGRA~1\AVG\AVG8\saslplain.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DD90000

Process C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 3284
Library C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\Program Files\AVG\AVG8\avgcorex.dll (AVG Scanning Core Module/AVG Technologies CZ, s.r.o.) 0x6AB10000
Library C:\Program Files\AVG\AVG8\avgcrlpx.dll (AVG Core RLP Module/AVG Technologies CZ, s.r.o.) 0x6B1F0000

Process C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) 3616
Library C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) 0x00400000
Library C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPod ServiceLocalized.DLL (iPodService Resource Library/Apple Inc.) 0x10000000
Library C:\Program Files\iPod\bin\iPodService.Resources\iPodService.D LL (iPodService Resource Library/Apple Inc.) 0x008A0000

---- Services - GMER 1.0.15 ----

Service E:\ALLOW-IO.sys [MANUAL] ALLOW-IO
Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service AVG
Service C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) [AUTO] avg8emc
Service C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) [AUTO] avg8wd
Service C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgLdx86
Service C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Resident Shield Minifilter Driver/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgMfx86
Service C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Anti-Rootkit Driver/AVG Technologies CZ, s.r.o.) [BOOT] AvgRkx86
Service C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgTdiX
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\456out.com\catchme.sys [MANUAL] catchme
Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Macrovision Europe Ltd.) [MANUAL] FLEXnet Licensing Service
Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [AUTO] gupdate1ca011ad3d152ee

[Tyler05]

Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [AUTO] gusvc
Service C:\WINDOWS\system32\DRIVERS\hamachi.sys (Hamachi Virtual Network Interface Driver/LogMeIn, Inc.) [MANUAL] hamachi
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron JMB36X RAID Driver/JMicron Technology Corp.) [BOOT] JRAID
Service MSDTC Bridge 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.13 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.13/NVIDIA Corporation) [AUTO] NVSvc
Service Outlook
Service C:\WINDOWS\system32\PnkBstrA.exe [AUTO] PnkBstrA
Service C:\WINDOWS\system32\PnkBstrB.exe [AUTO] PnkBstrB
Service C:\WINDOWS\system32\drivers\PnkBstrK.sys [MANUAL] PnkBstrK
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service SMSvcHost 3.0.0.0
Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd
Service C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) [AUTO] StarWindServiceAE
Service Windows Workflow Foundation 3.0.0.0

---- EOF - GMER 1.0.15 ----









Also, to answer your question from a few posts before, no, I have no idea how I got an E: drive or what that allowance is for...

[Jintan]

That one rootkit ComboFix removed lately has had others with it. Do you have or can borrow an XP CD? With that we can access the Recovery Console and check for unseen rootkits remaining, and disable them.

[Tyler05]

I have a "Microsoft Windows XP Home Edition" "Recovery CD" from my old Alienware machine, will that work?

[Jintan]

It can't be a manufacturer recovery CD - needs to an actual install CD. But you can also use the option you allowed ComboFix to install there.

Code:

listsvc
dir c:\windows\system32\drivers

Open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text (inside the Code box) into the open text box, then save this to your C:\Windows folder as "servcheck.bat"

It should then be C:\Windows\servcheck.bat (important)

----------------

Then restart the computer, and at the operating system options screen select the following hilighted option:

Microsoft Windows Recovery Console
Microsoft Windows XP Professional

After the installation software inspects the system and loads all necessary device drivers you will see the "Welcome To Setup" screen, with the following menu:

Quote:

This portion of the Setup program prepares Microsoft Windows XP to run on your computer:

To setup Windows XP now, press ENTER.

To repair a Windows XP installation using Recovery Console, press R.

To quit Setup without installing Windows XP, press F3.

Press "R" to start the Recovery Console setup. After you start the Windows Recovery Console, you receive the following message:

Quote:

Microsoft Windows(R) Recovery Console

The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.

1: C:\WINDOWS

Which Windows Installation would you like to log on to
(To cancel, press ENTER)?

After you enter the number for the appropriate Windows installation (usually #1), Windows will then prompt you to enter the Administrator account password if one was created (if one was not created then just press Enter).

At the prompt type the following, pressing Enter after each:

batch servcheck.bat c:\windows\servicelook.txt

exit

When you hit Enter after typing exit your computer will reboot. Do Not press any key until the system has completely rebooted, then after the reboot be sure to remove your XP CD from the CD-ROM drive.

Then locate and post back here the contents of c:\windows\servicelook.txt please.

[Jintan]

The "Welcome To Setup" part of the steps posted may not show using this Recovery Console access method. Since I have not done that recently to check things, let me know afterwards if these steps were accurate enough please.

[Tyler05]

Hi Jintan,
Awesome job on the steps, except for, like you mentioned, the "Welcome to Setup" part.

When I reboot, I get asked (after selecting the recovery console) "Which drive do you want to run from? And there is only one option,
1: C:\WINDOWS

After I press 1 and hit enter, the next line is
C:\WINDOWS

I don't know what command to do next to start the process

[Jintan]

That is "the prompt".

Quote:

At the prompt type the following

[Tyler05]

Got it!!


Abiosdsk Disabled

abp480n5 Disabled

ACPI Boot
Microsoft ACPI Driver
ACPIEC Disabled

adpu160m Disabled

aec Manual
Microsoft Kernel Acoustic Echo Canceller
AFD System
AFD
Aha154x Disabled

aic78u2 Disabled

aic78xx Disabled

Alerter Disabled
Alerter
ALG Manual
Application Layer Gateway Service
AliIde Disabled

ALLOW-IO Manual
ALLOW-IO
amsint Disabled

Apple Mobile Device Auto
Apple Mobile Device
AppMgmt Manual
Application Management
Arp1394 Manual
1394 ARP Client Protocol
asc Disabled

asc3350p Disabled

asc3550 Disabled

aspnet_state Manual
ASP.NET State Service
AsyncMac Manual
RAS Asynchronous Media Driver
atapi Boot
Standard IDE/ESDI Hard Disk Controller
Atdisk Disabled

Atmarpc Manual
ATM ARP Client Protocol
AudioSrv Auto
Windows Audio
audstub Manual
Audio Stub Driver
avg8emc Auto
AVG8 E-mail Scanner
avg8wd Auto
AVG8 WatchDog
AvgLdx86 System
AVG AVI Loader Driver x86
AvgMfx86 System
AVG On-access Scanner Minifilter Driver x86
AvgRkx86 Boot
avgrkx86.sys
AvgTdiX System
AVG8 Network Redirector
Beep System

BITS Manual
Background Intelligent Transfer Service
Bonjour Service Auto
Bonjour Service
Browser Auto
Computer Browser
catchme Manual

cbidf2k Disabled

cd20xrnt Disabled

Cdaudio System

Cdfs Disabled

Cdrom System
CD-ROM Driver
Changer System

CiSvc Manual
Indexing Service
ClipSrv Manual
ClipBook
clr_optimization_v2.0.50727_32 Manual
.NET Runtime Optimization Service v2.0.50727_X86
CmdIde Disabled

COMSysApp Manual
COM+ System Application
Cpqarray Disabled

CryptSvc Auto
CryptSvc
dac2w2k Disabled

dac960nt Disabled

DcomLaunch Auto
DCOM Server Process Launcher
Dhcp Auto
DHCP Client
Disk Boot
Disk Driver
dmadmin Manual
Logical Disk Manager Administrative Service
dmboot Disabled

dmio Boot
Logical Disk Manager Driver
dmload Boot

dmserver Auto
Logical Disk Manager
DMusic Manual
Microsoft Kernel DLS Syntheiszer
Dnscache Auto
DNS Client
Dot3svc Manual
Wired AutoConfig
dpti2o Disabled

drmkaud Manual
Microsoft Kernel DRM Audio Descrambler
EapHost Manual
Extensible Authentication Protocol Service
ERSvc Auto
Error Reporting Service
Eventlog Auto
Event Log
EventSystem Manual
COM+ Event System
Fastfat Disabled

FastUserSwitchingCompatibility Manual
Fast User Switching Compatibility
Fdc Manual
Floppy Disk Controller Driver
Fips System

FLEXnet Licensing Service Manual
FLEXnet Licensing Service
Flpydisk Manual
Floppy Disk Driver
FltMgr Boot
FltMgr
FontCache3.0.0.0 Manual
Windows Presentation Foundation Font Cache 3.0.0.0
Fs_Rec System

Ftdisk Boot
Volume Manager Driver
GEARAspiWDM Manual
GEAR ASPI Filter Driver
Gpc Manual
Generic Packet Classifier
gupdate1ca011ad3d152ee Auto
Google Update Service (gupdate1ca011ad3d152ee)
gusvc Auto
Google Software Updater
hamachi Manual
Hamachi Network Interface
HDAudBus Manual
Microsoft UAA Bus Driver for High Definition Audio
helpsvc Auto
Help and Support
HidServ Auto
HID Input Service
HidUsb Manual
Microsoft HID Class Driver
hkmsvc Manual
Health Key and Certificate Management Service
hpn Disabled

HTTP Manual
HTTP
HTTPFilter Manual
HTTP SSL
i2omgmt System

i2omp Disabled

i8042prt System
i8042 Keyboard and PS/2 Mouse Port Driver
idsvc Manual
Windows CardSpace
Imapi System
CD-Burning Filter Driver
ImapiService Manual
IMAPI CD-Burning COM Service
ini910u Disabled

IntcAzAudAddService Manual
Service for Realtek HD Audio (WDM)
IntelIde Disabled

intelppm System
Intel Processor Driver
Ip6Fw Manual
IPv6 Windows Firewall Driver
IpFilterDriver Manual
IP Traffic Filter Driver
IpInIp Manual
IP in IP Tunnel Driver
IpNat Manual
IP Network Address Translator
iPod Service Manual
iPod Service
IPSec System
IPSEC driver
IRENUM Manual
IR Enumerator Service
isapnp Boot
PnP ISA/EISA Bus Driver
JRAID Boot

Kbdclass System
Keyboard Class Driver
kbdhid System
Keyboard HID Driver
kmixer Manual
Microsoft Kernel Wave Audio Mixer
KSecDD Boot

lanmanserver Auto
Server
lanmanworkstation Auto
Workstation
lbrtfdc System

LmHosts Auto
TCP/IP NetBIOS Helper
Messenger Disabled
Messenger
Microsoft Office Groove Audit Service Manual
Microsoft Office Groove Audit Service
mnmdd System

mnmsrvc Manual
NetMeeting Remote Desktop Sharing
Modem Manual

Mouclass System
Mouse Class Driver
mouhid Manual
Mouse HID Driver
MountMgr Boot
Mount Point Manager
mraid35x Disabled

MRxDAV Manual
WebDav Client Redirector
MRxSmb System
MRXSMB
MSDTC Manual
Distributed Transaction Coordinator
Msfs System

MSIServer Manual
Windows Installer
MSKSSRV Manual
Microsoft Streaming Service Proxy
MSPCLOCK Manual
Microsoft Streaming Clock Proxy
MSPQM Manual
Microsoft Streaming Quality Manager Proxy
mssmbios Manual
Microsoft System Management BIOS Driver
Mup Boot
Mup
napagent Manual
Network Access Protection Agent
NDIS Boot
NDIS System Driver
NdisTapi Manual
Remote Access NDIS TAPI Driver
Ndisuio Manual
NDIS Usermode I/O Protocol
NdisWan Manual
Remote Access NDIS WAN Driver
NDProxy Manual
NDIS Proxy
NetBIOS System
NetBIOS Interface
NetBT System
NetBios over Tcpip
NetDDE Disabled
Network DDE
NetDDEdsdm Disabled
Network DDE DSDM
Netlogon Manual
Net Logon
Netman Manual
Network Connections
NetTcpPortSharing Disabled
Net.Tcp Port Sharing Service
NIC1394 Manual
1394 Net Driver
Nla Manual
Network Location Awareness (NLA)
Npfs System

Ntfs Disabled

NtLmSsp Manual
NT LM Security Support Provider
NtmsSvc Manual
Removable Storage
Null System

nv Manual

NVSvc Auto
NVIDIA Display Driver Service
NwlnkFlt Manual
IPX Traffic Filter Driver
NwlnkFwd Manual
IPX Traffic Forwarder Driver
odserv Manual
Microsoft Office Diagnostics Service
ohci1394 Boot
Texas Instruments OHCI Compliant IEEE 1394 Host Controller
ose Manual
Office Source Engine
Parport Manual

PartMgr Boot
Partition Manager
ParVdm Auto

PCI Boot
PCI Bus Driver
PCIDump System

PCIIde Boot

Pcmcia Disabled

PDCOMP Manual

PDFRAME Manual

PDRELI Manual

PDRFRAME Manual

perc2 Disabled

perc2hib Disabled

PlugPlay Auto
Plug and Play
PnkBstrA Auto
PnkBstrA
PnkBstrB Auto
PnkBstrB
PnkBstrK Manual
PnkBstrK
PolicyAgent Auto
IPSEC Services
PptpMiniport Manual
WAN Miniport (PPTP)
ProtectedStorage Auto
Protected Storage
PSched Manual
QoS Packet Scheduler
Ptilink Manual
Direct Parallel Link Driver
PxHelp20 Boot
PxHelp20
ql1080 Disabled

Ql10wnt Disabled

ql12160 Disabled

ql1240 Disabled

ql1280 Disabled

RasAcd System
Remote Access Auto Connection Driver
RasAuto Manual
Remote Access Auto Connection Manager
Rasl2tp Manual
WAN Miniport (L2TP)
RasMan Manual
Remote Access Connection Manager
RasPppoe Manual
Remote Access PPPOE Driver
Raspti Manual
Direct Parallel
Rdbss System
Rdbss
RDPCDD System

rdpdr Manual
Terminal Server Device Redirector Driver
RDPWD Manual

RDSessMgr Manual
Remote Desktop Help Session Manager
redbook System
Digital CD Audio Playback Filter Driver
RemoteAccess Disabled
Routing and Remote Access
RemoteRegistry Auto
Remote Registry
RpcLocator Manual
Remote Procedure Call (RPC) Locator
RpcSs Auto
Remote Procedure Call (RPC)
RSVP Manual
QoS RSVP
RTL8023xp Manual
Realtek 10/100/1000 PCI NIC Family NDIS XP Driver
SamSs Auto
Security Accounts Manager
SCardSvr Manual
Smart Card
Schedule Auto
Task Scheduler
Secdrv Auto
Secdrv
seclogon Auto
Secondary Logon
SENS Auto
System Event Notification
Serial Auto

Sfloppy System

SharedAccess Auto
Windows Firewall/Internet Connection Sharing (ICS)
ShellHWDetection Auto
Shell Hardware Detection
Simbad Disabled

Sparrow Disabled

splitter Manual
Microsoft Kernel Audio Splitter
Spooler Auto
Print Spooler
sptd Boot

sr Boot
System Restore Filter Driver
srservice Auto
System Restore Service
Srv Manual
Srv
SSDPSRV Manual
SSDP Discovery Service
StarWindServiceAE Auto
StarWind AE Service
stisvc Auto
Windows Image Acquisition (WIA)
swenum Manual
Software Bus Driver
swmidi Manual
Microsoft Kernel GS Wavetable Synthesizer
SwPrv Manual
MS Software Shadow Copy Provider
symc810 Disabled

symc8xx Disabled

sym_hi Disabled

sym_u3 Disabled

sysaudio Manual
Microsoft Kernel System Audio Device
SysmonLog Manual
Performance Logs and Alerts
TapiSrv Manual
Telephony
Tcpip System
TCP/IP Protocol Driver
TDPIPE Manual

TDTCP Manual

TermDD System
Terminal Device Driver
TermService Manual
Terminal Services
Themes Auto
Themes
TlntSvr Disabled
Telnet
TosIde Disabled

TrkWks Auto
Distributed Link Tracking Client
Udfs Disabled

ultra Disabled

Update Manual
Microcode Update Driver
upnphost Manual
Universal Plug and Play Device Host
UPS Manual
Uninterruptible Power Supply
usbccgp Manual
Microsoft USB Generic Parent Driver
usbehci Manual
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
usbhub Manual
USB2 Enabled Hub
usbprint Manual
Microsoft USB PRINTER Class
usbscan Manual
USB Scanner Driver
USBSTOR Manual
USB Mass Storage Driver
usbuhci Manual
Microsoft USB Universal Host Controller Miniport Driver
VgaSave System
VGA Display Controller.
ViaIde Disabled

VolSnap Boot

VSS Manual
Volume Shadow Copy
W32Time Auto
Windows Time
Wanarp Manual
Remote Access IP ARP Driver
WDICA Manual

wdmaud Manual
Microsoft WINMM WDM Audio Compatibility Driver
WebClient Auto
WebClient
winmgmt Auto
Windows Management Instrumentation
Winsock Manual

WmdmPmSN Manual
Portable Media Serial Number Service
Wmi Manual
Windows Management Instrumentation Driver Extensions
WmiApSrv Manual
WMI Performance Adapter
WS2IFSL System

wscsvc Auto
Security Center
wuauserv Auto
Automatic Updates
WZCSVC Auto
Wireless Zero Configuration
xmlprov Manual
Network Provisioning Service

[Jintan]

Good you got that done. Nothing bad or outright showing here as malware though. Let's make some changes based on log info, and things like the keyboard working then in the Recovery Console. If any one of the following steps corrects things, stop, and just post back here an update without doing any other steps.


Go to Start - Run, type services.msc (and OK).

On the list locate and double-click on the following item.

Windows Management Instrumentation

Change the Startup type to Automatic.

Apply/OK and exit.

------------


Go to Start > Run and type

cmd

and OK. At the prompt type (or copy\paste) the below commands and hit "Enter" after each line

sc config ALLOW-IO start= disabled
sc stop u2a4xa4g1
sc delete u2a4xa4g1

Type Exit to close.

Reboot, and check for improvement.

[Jintan]

I went back and edited out some steps in my last post. I just realized I am working with at least 4 threads that included this Recovery Console services list, and posted some steps intended for a different thread.


Do the steps from my last post as they show now, and then just report back how that went, as well as an update on what things still might need correcting there please.

[Tyler05]

Hey,
Excellent, excellent, excellent. The problem I noticed (the momentarily lagging) hasn't resumed since we did all this, which is great. Also, some links which were not working on my browsers are now working again - also great.
The momentary lagging thing only happened probably once out of every 20 or 30 start ups, so I will keep my eyes peeled for any further problems, but I think we're looking good.

Thanks for all your patience & help, man!!

[Jintan]

Good things are back on track, and always glad to be helpful here. Let's still get in the scan run, to make sure of things. Follow the steps posted here earlier please.

[Tyler05]

Hi Jintan -
Do you mean the Malware Bites program? I am still getting errors when right-clicking "Save Target As" the first link, and once I get to Major Geeks site, none of the mirrors work!