Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezing/Slowing


  • This topic is locked This topic is locked
21 replies to this topic

#1 thegrainsong

thegrainsong

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 03 July 2009 - 08:36 PM

Hi, my computer suddenly one day became dramatically slower with than usual and started to randomly freeze, upon which I am forced to restart. The main problem, however, is the freezing. I am unsure as to whether this is malware or virus related, but it would appear to me to be so as these symptoms began occurring after I was infected with Antivirus Agent Pro, which I think I got rid of successfully.
Thank you in advance, I appreciate any help that I can receive.




DDS (Ver_09-06-26.01) - NTFSx86
Run by Isaac at 20:22:11.35 on 2009-07-03
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.502.35 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090703-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
svchost
C:\Windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Isaac\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://gmail.com/
uSearch Page =
uSearch Bar =
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: TBSB00982 Class: {da3d342f-ff20-4e31-9e82-22334155730c} - c:\program files\anttoolbar\ant.com toolbar\ant.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - c:\program files\anttoolbar\ant.com toolbar\ant.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [Aim6]
uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe
uRun: [Google Update] "c:\documents and settings\isaac\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [xpprotect] c:\documents and settings\isaac\xp deluxe protector\xpdeluxe.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [!1_pgaccount] "c:\program files\processguard\pgaccount.exe"
mRun: [AgataSoft ShutDown Pro] c:\program files\agatasoft\agatasoft shutdown pro\AgataSoft_ShutDown_Pro.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} - hxxp://www.mathchamp.org/oz/ozviewer/ZTransferX.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6584C510-924B-486A-A1A0-E380DE08C2DB} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRLcywu

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\isaac\applic~1\mozilla\firefox\profiles\m1n30yoc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
FF - plugin: c:\documents and settings\isaac\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-2 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-2 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-17 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-2 352920]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2007-2-12 109440]
S2 procguard;procguard;\??\c:\windows\system32\drivers\procguard.sys --> c:\windows\system32\drivers\procguard.sys [?]
S3 ba1;ba1;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\bagay\ba.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\bagay\ba.sys [?]
S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
S3 cheetah1;cheetah1;\??\c:\docume~1\isaac\locals~1\temp\rar$ex00.468\cheetahengine\cheetah.sys --> c:\docume~1\isaac\locals~1\temp\rar$ex00.468\cheetahengine\cheetah.sys [?]
S3 DADriv1;DADriv1;\??\c:\documents and settings\isaac\desktop\daengine\daengine\dak32.sys --> c:\documents and settings\isaac\desktop\daengine\daengine\DAK32.sys [?]
S3 DCSPGSRV;DiamondCS ProcessGuard Service v3.410;"c:\program files\processguard\dcsuserprot.exe" --> c:\program files\processguard\dcsuserprot.exe [?]
S3 DISK_DRIVE32;DISK_DRIVE32;\??\c:\program files\ultimate hack pack 3.4 beta 3\cheatengine\disk_1024.sys --> c:\program files\ultimate hack pack 3.4 beta 3\cheatengine\disk_1024.sys [?]
S3 Dua1;Dua1;\??\c:\documents and settings\isaac\desktop\maple story hacking\dualengine2\dualengi.sys --> c:\documents and settings\isaac\desktop\maple story hacking\dualengine2\DualEngi.sys [?]
S3 geebers12;geebers12;\??\c:\documents and settings\isaac\desktop\xterminator engine 2[1][1].0\xterminator.sys --> c:\documents and settings\isaac\desktop\xterminator engine 2[1][1].0\Xterminator.sys [?]
S3 iCheat1;iCheat1;\??\c:\documents and settings\isaac\desktop\nvid999.sys --> c:\documents and settings\isaac\desktop\nvid999.sys [?]
S3 kaspersky1;kaspersky1;\??\c:\documents and settings\isaac\desktop\maple story hacking\kaspersky\kaspersky\kaspersky.sys --> c:\documents and settings\isaac\desktop\maple story hacking\kaspersky\kaspersky\kaspersky.sys [?]
S3 KIKIDRIVER;KIKIDRIVER;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\kiki's uce\kiki.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\kiki's uce\kiki.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-31 38160]
S3 memxers12;memxers12;\??\c:\documents and settings\isaac\desktop\vicious engine 5.1\vicious engine 5.1\nvid999.sys --> c:\documents and settings\isaac\desktop\vicious engine 5.1\vicious engine 5.1\nvid999.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PageFau1t;PageFau1t;\??\c:\documents and settings\isaac\desktop\saruengang104\pagefau1t.sys --> c:\documents and settings\isaac\desktop\saruengang104\PageFau1t.sys [?]
S3 PCHWDRVDEVICE0;PCHWDRVDEVICE0;\??\c:\program files\플레이매크로\플레이메이플\pchwdrv.sys --> c:\program files\플레이매크로\플레이메이플\PCHWDRV.sys [?]
S3 phoenix1;phoenix1;\??\c:\docume~1\isaac\locals~1\temp\rar$ex01.266\phoenix engine\phoenix.sys --> c:\docume~1\isaac\locals~1\temp\rar$ex01.266\phoenix engine\phoenix.sys [?]
S3 Revolution1;Revolution1;\??\c:\documents and settings\isaac\desktop\revolution 5.3 by shak3\shak3.sys --> c:\documents and settings\isaac\desktop\revolution 5.3 by shak3\SHAK3.sys [?]
S3 sejt1;sejt1;\??\c:\documents and settings\isaac\desktop\maple story hacking\akuma\sejt.sys --> c:\documents and settings\isaac\desktop\maple story hacking\akuma\sejt.sys [?]
S3 spuce1;spuce1;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\spuce 2.0\spuce.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\spuce 2.0\spuce.sys [?]
S3 toBzM;toBzM;\??\c:\tobzm.sys --> c:\toBzM.sys [?]
S3 uzeil1;uzeil1;\??\c:\documents and settings\isaac\desktop\maple story hacking\mini engine\mini engine\mini engine\uzeil.sys --> c:\documents and settings\isaac\desktop\maple story hacking\mini engine\mini engine\mini engine\uzeil.sys [?]
S3 XDva019;XDva019;\??\c:\windows\system32\xdva019.sys --> c:\windows\system32\XDva019.sys [?]
S3 xp1;xp1;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\xpengine [zenos' new one]\xp.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\xpengine [zenos' new one]\xp.sys [?]
S3 zenx1;zenx1;\??\c:\docume~1\isaac\locals~1\temp\rar$ex00.047\zenxengine_latest\zenx.sys --> c:\docume~1\isaac\locals~1\temp\rar$ex00.047\zenxengine_latest\zenx.sys [?]
S3 ΦΩ곌ㄴΝ1;ΦΩ곌ㄴΝ1;\??\c:\documents and settings\isaac\desktop\ve5_1032\ve5 1032\nvid999.sys --> c:\documents and settings\isaac\desktop\ve5_1032\ve5 1032\nvid999.sys [?]

=============== Created Last 30 ================

2009-07-03 20:22 29,696 a------- c:\windows\system32\dllcache\OLD385.tmp
2009-07-03 20:22 8,320 a------- c:\windows\system32\dllcache\dlttape.sys
2009-07-03 20:22 26,698 a------- c:\windows\system32\dllcache\OLD37F.tmp
2009-07-03 20:22 952,007 a------- c:\windows\system32\dllcache\OLD37B.tmp
2009-07-03 20:22 29,768 a------- c:\windows\system32\dllcache\OLD377.tmp
2009-07-03 20:22 37,962 a------- c:\windows\system32\dllcache\OLD373.tmp
2009-07-03 20:22 6,216 a------- c:\windows\system32\dllcache\OLD36F.tmp
2009-07-03 20:22 236,060 a------- c:\windows\system32\dllcache\OLD36B.tmp
2009-07-03 20:22 38,985 a------- c:\windows\system32\dllcache\OLD367.tmp
2009-07-03 20:22 31,305 a------- c:\windows\system32\dllcache\OLD363.tmp
2009-07-03 20:20 3,584 a------- c:\windows\system32\dllcache\OLD2BF.tmp
2009-07-03 20:19 37,916 a------- c:\windows\system32\dllcache\OLD22A.tmp
2009-07-03 20:18 36,096 a------- c:\windows\system32\dllcache\OLDFA.tmp
2009-07-03 20:17 66,048 a------- c:\windows\system32\dllcache\OLD25.tmp
2009-07-03 20:17 2,189,056 a------- c:\windows\system32\dllcache\OLD21.tmp
2009-07-02 21:08 <DIR> --d----- c:\program files\ESET
2009-07-02 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-02 20:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-02 19:52 <DIR> --d----- c:\program files\CCleaner
2009-07-02 17:06 <DIR> --d----- c:\program files\Antivirus Agent Pro
2009-07-01 15:56 <DIR> --d----- c:\program files\42Ninjas
2009-07-01 15:56 26,624 a------- c:\windows\system32\winarps32.exe
2009-07-01 15:31 <DIR> --d----- c:\docume~1\isaac\applic~1\VOWSoft
2009-07-01 15:31 <DIR> --d----- c:\program files\PicaLoader
2009-06-30 12:06 137,000 a------- c:\windows\system32\MSMAPI32.OCX
2009-06-30 12:06 116,224 a------- c:\windows\system32\pdfcmnnt.dll
2009-06-30 12:06 23,552 a------- c:\windows\system32\MSMPIDE.DLL
2009-06-30 12:06 <DIR> --d----- c:\program files\PDFCreator
2009-06-28 00:16 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-26 08:22 117,430 a------- c:\windows\hpqins00.dat
2009-06-19 01:08 <DIR> --d----- c:\program files\Sony
2009-06-06 16:11 <DIR> --d----- c:\windows\system32\scripting
2009-06-06 16:11 <DIR> --d----- c:\windows\l2schemas
2009-06-06 16:11 <DIR> --d----- c:\windows\system32\en
2009-06-06 16:11 <DIR> --d----- c:\windows\system32\bits
2009-06-06 16:09 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-06 16:00 <DIR> --d----- c:\windows\EHome

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-06 16:14 77,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-05 20:27 38,942 ac------ c:\windows\scunin.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-13 15:16 77,741 ac------ c:\windows\War3Unin.dat
2008-01-15 21:30 6,320,872 ac------ c:\program files\npsibelius.dll
2006-05-03 05:06 163,328 ac-shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 -c-shr-- c:\windows\system32\msfDX.dll
2008-09-30 13:20 12,288 ac-sh--- c:\windows\system32\yagehusi.dll

============= FINISH: 20:23:38.28 ===============

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:28 PM

Posted 10 July 2009 - 06:22 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 thegrainsong

thegrainsong
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 10 July 2009 - 03:16 PM

Hi,
I'll try to explain as fully as possible what my computer is doing. I think it all started when my computer somehow got Antivirus Agent Pro. I tried to get rid of it which I think I did successfully but I may have messed up something with my computer when I started to delete registry keys that Malwarebytes Anti-Malware told me were bad. Since then I've downloaded CCleaner, Avast Antivirus and I originally had and still have Malwarebytes and Hijackthis. After running CCleaner, Avast, and Malwarebytes several times, my computer is performing at a dramatically slower rate than usual and will always freeze anywhere within 5 minutes to 2 hours after starting up. I noticed that Mozilla Firefox specifically is taking up much more memory than it usually does, anywhere from 100,000-170,000K when it usually takes up 50,000K although I'm not sure if this is relevant at all.

Here is the DDS log. I also saved the Attach.txt that came with the DDS scan but since it was not asked for I will not post it.
I thank you in advance.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Isaac at 16:09:33.98 on 2009-07-10
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.502.71 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090706-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Isaac\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://gmail.com/
uSearch Page =
uSearch Bar =
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DA3D342F-FF20-4E31-9E82-22334155730C} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [Aim6]
uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe
uRun: [Google Update] "c:\documents and settings\isaac\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [!1_pgaccount] "c:\program files\processguard\pgaccount.exe"
mRun: [AgataSoft ShutDown Pro] c:\program files\agatasoft\agatasoft shutdown pro\AgataSoft_ShutDown_Pro.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} - hxxp://www.mathchamp.org/oz/ozviewer/ZTransferX.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6584C510-924B-486A-A1A0-E380DE08C2DB} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRLcywu

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\isaac\applic~1\mozilla\firefox\profiles\m1n30yoc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
FF - plugin: c:\documents and settings\isaac\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-2 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-2 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-17 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-2 254040]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2007-2-12 109440]
S2 procguard;procguard;\??\c:\windows\system32\drivers\procguard.sys --> c:\windows\system32\drivers\procguard.sys [?]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-2 352920]
S3 ba1;ba1;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\bagay\ba.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\bagay\ba.sys [?]
S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
S3 cheetah1;cheetah1;\??\c:\docume~1\isaac\locals~1\temp\rar$ex00.468\cheetahengine\cheetah.sys --> c:\docume~1\isaac\locals~1\temp\rar$ex00.468\cheetahengine\cheetah.sys [?]
S3 DADriv1;DADriv1;\??\c:\documents and settings\isaac\desktop\daengine\daengine\dak32.sys --> c:\documents and settings\isaac\desktop\daengine\daengine\DAK32.sys [?]
S3 DCSPGSRV;DiamondCS ProcessGuard Service v3.410;"c:\program files\processguard\dcsuserprot.exe" --> c:\program files\processguard\dcsuserprot.exe [?]
S3 DISK_DRIVE32;DISK_DRIVE32;\??\c:\program files\ultimate hack pack 3.4 beta 3\cheatengine\disk_1024.sys --> c:\program files\ultimate hack pack 3.4 beta 3\cheatengine\disk_1024.sys [?]
S3 Dua1;Dua1;\??\c:\documents and settings\isaac\desktop\maple story hacking\dualengine2\dualengi.sys --> c:\documents and settings\isaac\desktop\maple story hacking\dualengine2\DualEngi.sys [?]
S3 geebers12;geebers12;\??\c:\documents and settings\isaac\desktop\xterminator engine 2[1][1].0\xterminator.sys --> c:\documents and settings\isaac\desktop\xterminator engine 2[1][1].0\Xterminator.sys [?]
S3 iCheat1;iCheat1;\??\c:\documents and settings\isaac\desktop\nvid999.sys --> c:\documents and settings\isaac\desktop\nvid999.sys [?]
S3 kaspersky1;kaspersky1;\??\c:\documents and settings\isaac\desktop\maple story hacking\kaspersky\kaspersky\kaspersky.sys --> c:\documents and settings\isaac\desktop\maple story hacking\kaspersky\kaspersky\kaspersky.sys [?]
S3 KIKIDRIVER;KIKIDRIVER;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\kiki's uce\kiki.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\kiki's uce\kiki.sys [?]
S3 memxers12;memxers12;\??\c:\documents and settings\isaac\desktop\vicious engine 5.1\vicious engine 5.1\nvid999.sys --> c:\documents and settings\isaac\desktop\vicious engine 5.1\vicious engine 5.1\nvid999.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCHWDRVDEVICE0;PCHWDRVDEVICE0;\??\c:\program files\플레이매크로\플레이메이플\pchwdrv.sys --> c:\program files\플레이매크로\플레이메이플\PCHWDRV.sys [?]
S3 phoenix1;phoenix1;\??\c:\docume~1\isaac\locals~1\temp\rar$ex01.266\phoenix engine\phoenix.sys --> c:\docume~1\isaac\locals~1\temp\rar$ex01.266\phoenix engine\phoenix.sys [?]
S3 Revolution1;Revolution1;\??\c:\documents and settings\isaac\desktop\revolution 5.3 by shak3\shak3.sys --> c:\documents and settings\isaac\desktop\revolution 5.3 by shak3\SHAK3.sys [?]
S3 sejt1;sejt1;\??\c:\documents and settings\isaac\desktop\maple story hacking\akuma\sejt.sys --> c:\documents and settings\isaac\desktop\maple story hacking\akuma\sejt.sys [?]
S3 spuce1;spuce1;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\spuce 2.0\spuce.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\spuce 2.0\spuce.sys [?]
S3 toBzM;toBzM;\??\c:\tobzm.sys --> c:\toBzM.sys [?]
S3 uzeil1;uzeil1;\??\c:\documents and settings\isaac\desktop\maple story hacking\mini engine\mini engine\mini engine\uzeil.sys --> c:\documents and settings\isaac\desktop\maple story hacking\mini engine\mini engine\mini engine\uzeil.sys [?]
S3 XDva019;XDva019;\??\c:\windows\system32\xdva019.sys --> c:\windows\system32\XDva019.sys [?]
S3 xp1;xp1;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\xpengine [zenos' new one]\xp.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\xpengine [zenos' new one]\xp.sys [?]
S3 zenx1;zenx1;\??\c:\docume~1\isaac\locals~1\temp\rar$ex00.047\zenxengine_latest\zenx.sys --> c:\docume~1\isaac\locals~1\temp\rar$ex00.047\zenxengine_latest\zenx.sys [?]
S3 ΦΩ곌ㄴΝ1;ΦΩ곌ㄴΝ1;\??\c:\documents and settings\isaac\desktop\ve5_1032\ve5 1032\nvid999.sys --> c:\documents and settings\isaac\desktop\ve5_1032\ve5 1032\nvid999.sys [?]

=============== Created Last 30 ================

2009-07-05 02:32 <DIR> --d----- C:\VundoFix Backups
2009-07-03 20:44 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-03 20:44 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-03 20:44 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-03 20:44 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-03 20:44 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-03 20:44 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-07-03 20:44 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-07-03 20:44 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-03 20:44 19,200 a------- c:\windows\system32\dllcache\wstcodec.sys
2009-07-03 20:44 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-07-03 20:44 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-07-03 20:42 48,256 a------- c:\windows\system32\dllcache\w32.dll
2009-07-03 20:41 94,720 a------- c:\windows\system32\dllcache\umaxud32.dll
2009-07-03 20:40 315,520 a------- c:\windows\system32\dllcache\trid3d.dll
2009-07-03 20:39 94,293 a------- c:\windows\system32\dllcache\sxports.dll
2009-07-03 20:38 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-07-03 20:37 30,208 a------- c:\windows\system32\dllcache\sm87w.dll
2009-07-03 20:36 6,784 a------- c:\windows\system32\dllcache\serscan.sys
2009-07-03 20:35 29,696 a------- c:\windows\system32\dllcache\rw450ext.dll
2009-07-03 20:35 27,648 a------- c:\windows\system32\dllcache\rw430ext.dll
2009-07-03 20:35 79,104 a------- c:\windows\system32\dllcache\rocket.sys
2009-07-03 20:34 6,016 a------- c:\windows\system32\dllcache\qic157.sys
2009-07-03 20:34 159,232 a------- c:\windows\system32\dllcache\ptpusd.dll
2009-07-03 20:34 33,280 a------- c:\windows\system32\dllcache\psisrndr.ax
2009-07-03 20:34 363,520 a------- c:\windows\system32\dllcache\psisdecd.dll
2009-07-03 20:34 17,664 a------- c:\windows\system32\dllcache\ppa3.sys
2009-07-03 20:34 8,832 a------- c:\windows\system32\dllcache\powerfil.sys
2009-07-03 20:33 259,328 a------- c:\windows\system32\dllcache\perm3dd.dll
2009-07-03 20:33 28,032 a------- c:\windows\system32\dllcache\perm3.sys
2009-07-03 20:33 211,584 a------- c:\windows\system32\dllcache\perm2dll.dll
2009-07-03 20:33 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-07-03 20:32 61,696 a------- c:\windows\system32\dllcache\ohci1394.sys
2009-07-03 20:32 28,672 a------- c:\windows\system32\dllcache\nscirda.sys
2009-07-03 20:31 10,880 a------- c:\windows\system32\dllcache\ndisip.sys
2009-07-03 20:31 85,248 a------- c:\windows\system32\dllcache\nabtsfec.sys
2009-07-03 20:30 49,024 a------- c:\windows\system32\dllcache\mstape.sys
2009-07-03 20:30 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2009-07-03 20:30 22,016 a------- c:\windows\system32\dllcache\msircomm.sys
2009-07-03 20:30 56,832 a------- c:\windows\system32\dllcache\msdvbnp.ax
2009-07-03 20:30 51,200 a------- c:\windows\system32\dllcache\msdv.sys
2009-07-03 20:30 15,232 a------- c:\windows\system32\dllcache\mpe.sys
2009-07-03 20:29 26,112 a------- c:\windows\system32\dllcache\memstpci.sys
2009-07-03 20:29 7,040 a------- c:\windows\system32\dllcache\ltotape.sys
2009-07-03 20:28 34,688 a------- c:\windows\system32\dllcache\lbrtfdc.sys
2009-07-03 20:28 43,008 a------- c:\windows\system32\dllcache\ksxbar.ax
2009-07-03 20:28 91,136 a------- c:\windows\system32\dllcache\kswdmcap.ax
2009-07-03 20:28 61,952 a------- c:\windows\system32\dllcache\kstvtune.ax
2009-07-03 20:28 253,952 a------- c:\windows\system32\dllcache\kdsusd.dll
2009-07-03 20:28 48,640 a------- c:\windows\system32\dllcache\kdsui.dll
2009-07-03 20:28 28,160 a------- c:\windows\system32\dllcache\irmon.dll
2009-07-03 20:28 151,552 a------- c:\windows\system32\dllcache\irftp.exe
2009-07-03 20:28 88,192 a------- c:\windows\system32\dllcache\irda.sys
2009-07-03 20:28 16,384 a------- c:\windows\system32\dllcache\ipsink.ax
2009-07-03 20:27 702,845 a------- c:\windows\system32\dllcache\i81xdnt5.dll
2009-07-03 20:25 20,352 a------- c:\windows\system32\dllcache\hidbatt.sys
2009-07-03 20:25 28,288 a------- c:\windows\system32\dllcache\grserial.sys
2009-07-03 20:25 59,136 a------- c:\windows\system32\dllcache\gckernel.sys
2009-07-03 20:25 10,624 a------- c:\windows\system32\dllcache\gameenum.sys
2009-07-03 20:22 20,992 a------- c:\windows\system32\dllcache\dshowext.ax
2009-07-03 20:22 206,976 a------- c:\windows\system32\dllcache\dot4.sys
2009-07-03 20:22 8,320 a------- c:\windows\system32\dllcache\dlttape.sys
2009-07-03 20:20 249,856 a------- c:\windows\system32\dllcache\ctmasetp.dll
2009-07-03 20:20 10,240 a------- c:\windows\system32\dllcache\compbatt.sys
2009-07-03 20:20 13,952 a------- c:\windows\system32\dllcache\cmbatt.sys
2009-07-03 20:20 8,192 a------- c:\windows\system32\dllcache\changer.sys
2009-07-03 20:20 17,024 a------- c:\windows\system32\dllcache\ccdecode.sys
2009-07-03 20:19 121,856 a------- c:\windows\system32\dllcache\camext30.dll
2009-07-03 20:19 18,432 a------- c:\windows\system32\dllcache\bdaplgin.ax
2009-07-03 20:19 11,776 a------- c:\windows\system32\dllcache\bdasup.sys
2009-07-03 20:19 14,208 a------- c:\windows\system32\dllcache\battc.sys
2009-07-03 20:19 13,696 a------- c:\windows\system32\dllcache\avcstrm.sys
2009-07-03 20:18 38,912 a------- c:\windows\system32\dllcache\avc.sys
2009-07-03 20:18 48,128 a------- c:\windows\system32\dllcache\61883.sys
2009-07-03 20:18 12,288 a------- c:\windows\system32\dllcache\4mmdat.sys
2009-07-03 20:18 53,376 a------- c:\windows\system32\dllcache\1394bus.sys
2009-07-02 21:08 <DIR> --d----- c:\program files\ESET
2009-07-02 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-02 20:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-02 19:52 <DIR> --d----- c:\program files\CCleaner
2009-07-01 15:56 <DIR> --d----- c:\program files\42Ninjas
2009-07-01 15:31 <DIR> --d----- c:\docume~1\isaac\applic~1\VOWSoft
2009-07-01 15:31 <DIR> --d----- c:\program files\PicaLoader
2009-06-30 12:06 137,000 a------- c:\windows\system32\MSMAPI32.OCX
2009-06-30 12:06 116,224 a------- c:\windows\system32\pdfcmnnt.dll
2009-06-30 12:06 23,552 a------- c:\windows\system32\MSMPIDE.DLL
2009-06-30 12:06 <DIR> --d----- c:\program files\PDFCreator
2009-06-28 00:16 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-26 08:22 117,430 a------- c:\windows\hpqins00.dat
2009-06-19 01:08 <DIR> --d----- c:\program files\Sony

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-06 16:14 77,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-05 20:27 38,942 ac------ c:\windows\scunin.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 a------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-13 15:16 77,741 ac------ c:\windows\War3Unin.dat
2008-01-15 21:30 6,320,872 ac------ c:\program files\npsibelius.dll
2006-05-03 05:06 163,328 ac-shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 -c-shr-- c:\windows\system32\msfDX.dll
2008-09-30 13:20 12,288 ac-sh--- c:\windows\system32\yagehusi.dll

============= FINISH: 16:11:57.85 ===============

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 11 July 2009 - 08:27 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

I see evidence of hacks being downloaded. Know that these are more often than not embedded with malware.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#5 thegrainsong

thegrainsong
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 12 July 2009 - 12:19 PM

Hi,
None of the links for ComboFix seem to be working. The first link redirects to a 404 Not Found site and the other two links directs me to the same spanish anti-spyware site. As of my last post, I have not made any changes to this computer.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 12 July 2009 - 12:24 PM

Hello.

We'll work without ComboFix then. Replace that step with running OTScanIt.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop.
  • Double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.

With Regards,
The Panda

#7 thegrainsong

thegrainsong
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 12 July 2009 - 02:40 PM

Hi
Attached are both the OTS log and the GMER log. Strangely after running GMER, the log wouldn't save from the Save button in the program so I had to copy and create my own notepad file. I don't think it should make much of a difference but just wanted to let you know.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 12 July 2009 - 03:48 PM

Hello.

I don't see any active malware.

Please make sure your protection is disabled before continuing.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes only if you are using Windows XP. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.

Run Fix with OTScanIt
We will run OTScanIt with directives. If you have lost your copy of OTScanIt, download it here.
  • Double click the OTS.exe. [color=green]If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    YN -> {DA3D342F-FF20-4E31-9E82-22334155730C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    YN -> "{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "!1_pgaccount" -> C:\Program Files\ProcessGuard\pgaccount.exe ["C:\Program Files\ProcessGuard\pgaccount.exe"]
    YN -> "AgataSoft ShutDown Pro" -> C:\Program Files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe [C:\Program Files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe]
    YN -> "IMJPMIG8.1" -> C:\Windows\imjpmig.exe ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32]
    YN -> "MSPY2002" -> [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC]
    YN -> "PHIME2002ASync" -> [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC]
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    YN ->  digeste.dll -> 
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
    *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
    YN -> C:\Windows\system32\rqRLcywu -> 
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    YN -> "C:\Documents and Settings\Isaac\Desktop\left 4 dead\left 4 dead\hl2.exe" -> C:\Documents and Settings\Isaac\Desktop\left 4 dead\left 4 dead\hl2.exe [C:\Documents and Settings\Isaac\Desktop\left 4 dead\left 4 dead\hl2.exe:*:Enabled:hl2]
    YN -> "C:\Documents and Settings\Isaac\Desktop\NarutoLF2 2.0\Naruto.exe" -> C:\Documents and Settings\Isaac\Desktop\NarutoLF2 2.0\Naruto.exe [C:\Documents and Settings\Isaac\Desktop\NarutoLF2 2.0\Naruto.exe:*:Enabled:Naruto]
    YN -> "C:\Documents and Settings\Isaac\Desktop\vbalink180b0\VisualBoyAdvance.exe" -> C:\Documents and Settings\Isaac\Desktop\vbalink180b0\VisualBoyAdvance.exe [C:\Documents and Settings\Isaac\Desktop\vbalink180b0\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator]
    YN -> "C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme" -> C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme [C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound]
    YN -> "C:\ijji\ENGLISH\u_gbound.exe" -> C:\ijji\ENGLISH\u_gbound.exe [C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>]
    YN -> "C:\ijji\ENGLISH\u_gunz.exe" -> C:\ijji\ENGLISH\u_gunz.exe [C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>]
    YN -> "C:\Nexon\KartRider\NMService.exe" -> C:\Nexon\KartRider\NMService.exe [C:\Nexon\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core]
    YN -> "C:\Nexon\MapleStory\NewPatcher.exe" -> C:\Nexon\MapleStory\NewPatcher.exe [C:\Nexon\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC 응용 프로그램]
    YN -> "C:\Program Files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe" -> C:\Program Files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe [C:\Program Files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe:*:Enabled:Auto ShutDown Utility]
    YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
    YN -> "C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe]
    YN -> "C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe]
    YN -> "C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus]
    YN -> "C:\Program Files\Common Files\AOL\1153958314\ee\aim6.exe" -> C:\Program Files\Common Files\AOL\1153958314\ee\aim6.exe [C:\Program Files\Common Files\AOL\1153958314\ee\aim6.exe:*:Enabled:AIM]
    YN -> "C:\Program Files\Common Files\AOL\1153958314\ee\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1153958314\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1153958314\ee\aolsoftware.exe:*:Enabled:AOL Services]
    YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
    YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
    YN -> "C:\Program Files\DAUM\PotPlayer\daumvsvr.exe" -> C:\Program Files\DAUM\PotPlayer\daumvsvr.exe [C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:DaumCP VoD Server]
    YN -> "C:\Program Files\DAUM\PotPlayer\PotPlayer.exe" -> C:\Program Files\DAUM\PotPlayer\PotPlayer.exe [C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:다음 팟플레이어]
    YN -> "C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe" -> C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe [C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabled:다음 팟플레이어]
    YN -> "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire]
    YN -> "C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe" -> C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe [C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe:*:Enabled:lf2]
    YN -> "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)]
    YN -> "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1]
    YN -> "C:\Program Files\Nexon\Common\NGLC_Nexon.exe" -> C:\Program Files\Nexon\Common\NGLC_Nexon.exe [C:\Program Files\Nexon\Common\NGLC_Nexon.exe:*:Enabled:Nexon Game Launcher]
    YN -> "C:\Program Files\Nexon\Common\NMService.exe" -> C:\Program Files\Nexon\Common\NMService.exe [C:\Program Files\Nexon\Common\NMService.exe:*:Enabled:Nexon Messenger Core]
    YN -> "C:\Program Files\Nexon\MapleStory\MapleStory.exe" -> C:\Program Files\Nexon\MapleStory\MapleStory.exe [C:\Program Files\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory]
    YN -> "C:\Program Files\NEXON\MapleStory\NewPatcher.exe" -> C:\Program Files\NEXON\MapleStory\NewPatcher.exe [C:\Program Files\NEXON\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC 응용 프로그램]
    YN -> "C:\Program Files\NEXON\MapleStory\Patcher.exe" -> C:\Program Files\NEXON\MapleStory\Patcher.exe [C:\Program Files\NEXON\MapleStory\Patcher.exe:*:Enabled:Patcher MFC 응용 프로그램]
    YN -> "C:\Program Files\ooVoo\ooVoo.exe" -> C:\Program Files\ooVoo\ooVoo.exe [C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo]
    YN -> "C:\Program Files\Steam\steamapps\fatman90\counter-strike\hl.exe" -> C:\Program Files\Steam\steamapps\fatman90\counter-strike\hl.exe [C:\Program Files\Steam\steamapps\fatman90\counter-strike\hl.exe:*:Enabled:Half-Life Launcher]
    YN -> "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" -> C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client]
    YN -> "C:\Program Files\Wizet\MapleStory\Patcher.exe" -> C:\Program Files\Wizet\MapleStory\Patcher.exe [C:\Program Files\Wizet\MapleStory\Patcher.exe:*:Enabled:Patcher MFC 응용 프로그램]
    YN -> "C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader]
    YN -> "C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader]
    YN -> "C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader]
    YN -> "C:\StubInstaller.exe" -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer]
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
    YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{663f32ed-6705-11dc-a3ed-00167682f4bb}\Shell\open\command -> 
    [Files/Folders - Created Within 30 Days]
    NY -> yagehusi.dll -> C:\Windows\System32\yagehusi.dll
    NY -> crywmvtoavi.ini -> C:\Windows\crywmvtoavi.ini
    [Empty Temp Folders]
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Take a new OTS scan log after.

Please give me an update on the symptoms, if any change.

With Regards,
The Panda

#9 thegrainsong

thegrainsong
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 12 July 2009 - 07:43 PM

Hi
There isn't much change as my computer still keeps freezing. It seems to perform at its usual speed now instead of the slow speed.
OTScanit made me reboot my computer and the log that came with it is attached.
I also performed another OTS scan and I have the log, but it won't allow me to upload it as it exceeds the max attachment space. I'll just post the contents here.

OTS.txt

Attached Files


Edited by PropagandaPanda, 12 July 2009 - 08:54 PM.


#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 12 July 2009 - 08:58 PM

Hello.

I have attached it for you. You can delete previous attachments here.

Looks like some services are failing.

Refering to this guide, run the System File checker.

Take a new DDS log after. Include the Attach.txt.

With Regards,
The Panda

#11 thegrainsong

thegrainsong
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 12 July 2009 - 11:07 PM

Hi
I've run SFC before and I didn't have my CD so I was able to redirect it to the i386 folder successfully.
Posted is the DDS log and attached is the Attach.txt



DDS (Ver_09-06-26.01) - NTFSx86
Run by Isaac at 0:03:28.25 on 2009-07-13
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.502.71 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090712-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Isaac\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://gmail.com/
uSearch Page =
uSearch Bar =
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [Aim6]
uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe
uRun: [Google Update] "c:\documents and settings\isaac\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\isaac\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} - hxxp://www.mathchamp.org/oz/ozviewer/ZTransferX.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6584C510-924B-486A-A1A0-E380DE08C2DB} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\isaac\applic~1\mozilla\firefox\profiles\m1n30yoc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
FF - plugin: c:\documents and settings\isaac\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-2 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-2 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-17 24652]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2007-2-12 109440]
S2 procguard;procguard;\??\c:\windows\system32\drivers\procguard.sys --> c:\windows\system32\drivers\procguard.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-2 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-2 352920]
S3 ba1;ba1;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\bagay\ba.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\bagay\ba.sys [?]
S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
S3 cheetah1;cheetah1;\??\c:\docume~1\isaac\locals~1\temp\rar$ex00.468\cheetahengine\cheetah.sys --> c:\docume~1\isaac\locals~1\temp\rar$ex00.468\cheetahengine\cheetah.sys [?]
S3 DADriv1;DADriv1;\??\c:\documents and settings\isaac\desktop\daengine\daengine\dak32.sys --> c:\documents and settings\isaac\desktop\daengine\daengine\DAK32.sys [?]
S3 DCSPGSRV;DiamondCS ProcessGuard Service v3.410;"c:\program files\processguard\dcsuserprot.exe" --> c:\program files\processguard\dcsuserprot.exe [?]
S3 DISK_DRIVE32;DISK_DRIVE32;\??\c:\program files\ultimate hack pack 3.4 beta 3\cheatengine\disk_1024.sys --> c:\program files\ultimate hack pack 3.4 beta 3\cheatengine\disk_1024.sys [?]
S3 Dua1;Dua1;\??\c:\documents and settings\isaac\desktop\maple story hacking\dualengine2\dualengi.sys --> c:\documents and settings\isaac\desktop\maple story hacking\dualengine2\DualEngi.sys [?]
S3 geebers12;geebers12;\??\c:\documents and settings\isaac\desktop\xterminator engine 2[1][1].0\xterminator.sys --> c:\documents and settings\isaac\desktop\xterminator engine 2[1][1].0\Xterminator.sys [?]
S3 iCheat1;iCheat1;\??\c:\documents and settings\isaac\desktop\nvid999.sys --> c:\documents and settings\isaac\desktop\nvid999.sys [?]
S3 kaspersky1;kaspersky1;\??\c:\documents and settings\isaac\desktop\maple story hacking\kaspersky\kaspersky\kaspersky.sys --> c:\documents and settings\isaac\desktop\maple story hacking\kaspersky\kaspersky\kaspersky.sys [?]
S3 KIKIDRIVER;KIKIDRIVER;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\kiki's uce\kiki.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\kiki's uce\kiki.sys [?]
S3 memxers12;memxers12;\??\c:\documents and settings\isaac\desktop\vicious engine 5.1\vicious engine 5.1\nvid999.sys --> c:\documents and settings\isaac\desktop\vicious engine 5.1\vicious engine 5.1\nvid999.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCHWDRVDEVICE0;PCHWDRVDEVICE0;\??\c:\program files\플레이매크로\플레이메이플\pchwdrv.sys --> c:\program files\플레이매크로\플레이메이플\PCHWDRV.sys [?]
S3 phoenix1;phoenix1;\??\c:\docume~1\isaac\locals~1\temp\rar$ex01.266\phoenix engine\phoenix.sys --> c:\docume~1\isaac\locals~1\temp\rar$ex01.266\phoenix engine\phoenix.sys [?]
S3 Revolution1;Revolution1;\??\c:\documents and settings\isaac\desktop\revolution 5.3 by shak3\shak3.sys --> c:\documents and settings\isaac\desktop\revolution 5.3 by shak3\SHAK3.sys [?]
S3 sejt1;sejt1;\??\c:\documents and settings\isaac\desktop\maple story hacking\akuma\sejt.sys --> c:\documents and settings\isaac\desktop\maple story hacking\akuma\sejt.sys [?]
S3 spuce1;spuce1;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\spuce 2.0\spuce.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\spuce 2.0\spuce.sys [?]
S3 toBzM;toBzM;\??\c:\tobzm.sys --> c:\toBzM.sys [?]
S3 uzeil1;uzeil1;\??\c:\documents and settings\isaac\desktop\maple story hacking\mini engine\mini engine\mini engine\uzeil.sys --> c:\documents and settings\isaac\desktop\maple story hacking\mini engine\mini engine\mini engine\uzeil.sys [?]
S3 XDva019;XDva019;\??\c:\windows\system32\xdva019.sys --> c:\windows\system32\XDva019.sys [?]
S3 xp1;xp1;\??\c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\xpengine [zenos' new one]\xp.sys --> c:\documents and settings\isaac\desktop\s5nsa\s3nsa 5 [s5nsa]\would i rather date\boys\working uce's\xpengine [zenos' new one]\xp.sys [?]
S3 zenx1;zenx1;\??\c:\docume~1\isaac\locals~1\temp\rar$ex00.047\zenxengine_latest\zenx.sys --> c:\docume~1\isaac\locals~1\temp\rar$ex00.047\zenxengine_latest\zenx.sys [?]
S3 ΦΩ곌ㄴΝ1;ΦΩ곌ㄴΝ1;\??\c:\documents and settings\isaac\desktop\ve5_1032\ve5 1032\nvid999.sys --> c:\documents and settings\isaac\desktop\ve5_1032\ve5 1032\nvid999.sys [?]

=============== Created Last 30 ================

2009-07-12 23:51 116,224 a------- c:\windows\system32\dllcache\OLDBA1.tmp
2009-07-12 23:51 23,040 a------- c:\windows\system32\dllcache\OLDB9D.tmp
2009-07-12 23:51 18,944 a------- c:\windows\system32\dllcache\OLDB99.tmp
2009-07-12 23:51 27,648 a------- c:\windows\system32\dllcache\OLDB95.tmp
2009-07-12 23:51 4,608 a------- c:\windows\system32\dllcache\OLDB91.tmp
2009-07-12 23:49 701,386 a------- c:\windows\system32\dllcache\OLDB57.tmp
2009-07-12 23:48 113,762 a------- c:\windows\system32\dllcache\OLDB00.tmp
2009-07-12 23:47 216,064 a------- c:\windows\system32\dllcache\OLDAB8.tmp
2009-07-12 23:46 138,528 a------- c:\windows\system32\dllcache\OLDA75.tmp
2009-07-12 23:45 53,248 a------- c:\windows\system32\dllcache\OLDA24.tmp
2009-07-12 23:44 5,632 a------- c:\windows\system32\dllcache\OLD9BB.tmp
2009-07-12 23:43 68,608 a------- c:\windows\system32\dllcache\OLD937.tmp
2009-07-12 23:42 43,904 a------- c:\windows\system32\dllcache\OLD8E8.tmp
2009-07-12 23:41 9,216 a------- c:\windows\system32\dllcache\OLD888.tmp
2009-07-12 23:40 112,574 a------- c:\windows\system32\dllcache\OLD848.tmp
2009-07-12 23:39 35,328 a------- c:\windows\system32\dllcache\OLD7D8.tmp
2009-07-12 23:38 61,696 a------- c:\windows\system32\dllcache\OLD784.tmp
2009-07-12 23:37 91,488 a------- c:\windows\system32\dllcache\OLD739.tmp
2009-07-12 23:36 40,960 a------- c:\windows\system32\dllcache\OLD6EE.tmp
2009-07-12 23:35 58,368 a------- c:\windows\system32\dllcache\OLD697.tmp
2009-07-12 23:34 18,432 a------- c:\windows\system32\dllcache\OLD62E.tmp
2009-07-12 23:33 26,624 a------- c:\windows\system32\dllcache\OLD5E0.tmp
2009-07-12 23:32 150,239 a------- c:\windows\system32\dllcache\OLD584.tmp
2009-07-12 23:31 320,384 a------- c:\windows\system32\dllcache\OLD512.tmp
2009-07-12 23:30 137,088 a------- c:\windows\system32\dllcache\OLD48B.tmp
2009-07-12 23:29 50,719 a------- c:\windows\system32\dllcache\OLD3F2.tmp
2009-07-12 23:28 256,512 a------- c:\windows\system32\dllcache\OLD35A.tmp
2009-07-12 23:27 980,034 a------- c:\windows\system32\dllcache\OLD2A3.tmp
2009-07-12 23:26 102,400 a------- c:\windows\system32\dllcache\OLD176.tmp
2009-07-12 23:25 762,780 a------- c:\windows\system32\dllcache\OLD60.tmp
2009-07-12 22:22 165,888 a------- c:\windows\system32\dllcache\OLD56E.tmp
2009-07-12 20:12 <DIR> --d----- C:\_OTS
2009-07-05 02:32 <DIR> --d----- C:\VundoFix Backups
2009-07-03 20:44 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-03 20:44 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-03 20:44 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-03 20:44 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-03 20:44 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-03 20:44 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-07-03 20:44 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-07-03 20:44 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-03 20:44 19,200 a------- c:\windows\system32\dllcache\wstcodec.sys
2009-07-03 20:44 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-07-03 20:44 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-07-03 20:42 48,256 a------- c:\windows\system32\dllcache\w32.dll
2009-07-03 20:41 94,720 a------- c:\windows\system32\dllcache\umaxud32.dll
2009-07-03 20:40 315,520 a------- c:\windows\system32\dllcache\trid3d.dll
2009-07-03 20:39 94,293 a------- c:\windows\system32\dllcache\sxports.dll
2009-07-03 20:38 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-07-03 20:37 30,208 a------- c:\windows\system32\dllcache\sm87w.dll
2009-07-03 20:36 6,784 a------- c:\windows\system32\dllcache\serscan.sys
2009-07-03 20:35 29,696 a------- c:\windows\system32\dllcache\rw450ext.dll
2009-07-03 20:35 27,648 a------- c:\windows\system32\dllcache\rw430ext.dll
2009-07-03 20:35 79,104 a------- c:\windows\system32\dllcache\rocket.sys
2009-07-03 20:34 6,016 a------- c:\windows\system32\dllcache\qic157.sys
2009-07-03 20:34 159,232 a------- c:\windows\system32\dllcache\ptpusd.dll
2009-07-03 20:34 33,280 a------- c:\windows\system32\dllcache\psisrndr.ax
2009-07-03 20:34 363,520 a------- c:\windows\system32\dllcache\psisdecd.dll
2009-07-03 20:34 17,664 a------- c:\windows\system32\dllcache\ppa3.sys
2009-07-03 20:34 8,832 a------- c:\windows\system32\dllcache\powerfil.sys
2009-07-03 20:33 259,328 a------- c:\windows\system32\dllcache\perm3dd.dll
2009-07-03 20:33 28,032 a------- c:\windows\system32\dllcache\perm3.sys
2009-07-03 20:33 211,584 a------- c:\windows\system32\dllcache\perm2dll.dll
2009-07-03 20:33 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-07-03 20:32 61,696 a------- c:\windows\system32\dllcache\ohci1394.sys
2009-07-03 20:32 28,672 a------- c:\windows\system32\dllcache\nscirda.sys
2009-07-03 20:31 10,880 a------- c:\windows\system32\dllcache\ndisip.sys
2009-07-03 20:31 85,248 a------- c:\windows\system32\dllcache\nabtsfec.sys
2009-07-03 20:30 49,024 a------- c:\windows\system32\dllcache\mstape.sys
2009-07-03 20:30 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2009-07-03 20:30 22,016 a------- c:\windows\system32\dllcache\msircomm.sys
2009-07-03 20:30 56,832 a------- c:\windows\system32\dllcache\msdvbnp.ax
2009-07-03 20:30 51,200 a------- c:\windows\system32\dllcache\msdv.sys
2009-07-03 20:30 15,232 a------- c:\windows\system32\dllcache\mpe.sys
2009-07-03 20:29 26,112 a------- c:\windows\system32\dllcache\memstpci.sys
2009-07-03 20:29 7,040 a------- c:\windows\system32\dllcache\ltotape.sys
2009-07-03 20:28 34,688 a------- c:\windows\system32\dllcache\lbrtfdc.sys
2009-07-03 20:28 43,008 a------- c:\windows\system32\dllcache\ksxbar.ax
2009-07-03 20:28 91,136 a------- c:\windows\system32\dllcache\kswdmcap.ax
2009-07-03 20:28 61,952 a------- c:\windows\system32\dllcache\kstvtune.ax
2009-07-03 20:28 253,952 a------- c:\windows\system32\dllcache\kdsusd.dll
2009-07-03 20:28 48,640 a------- c:\windows\system32\dllcache\kdsui.dll
2009-07-03 20:28 28,160 a------- c:\windows\system32\dllcache\irmon.dll
2009-07-03 20:28 151,552 a------- c:\windows\system32\dllcache\irftp.exe
2009-07-03 20:28 88,192 a------- c:\windows\system32\dllcache\irda.sys
2009-07-03 20:28 16,384 a------- c:\windows\system32\dllcache\ipsink.ax
2009-07-03 20:27 702,845 a------- c:\windows\system32\dllcache\i81xdnt5.dll
2009-07-03 20:25 20,352 a------- c:\windows\system32\dllcache\hidbatt.sys
2009-07-03 20:25 28,288 a------- c:\windows\system32\dllcache\grserial.sys
2009-07-03 20:25 59,136 a------- c:\windows\system32\dllcache\gckernel.sys
2009-07-03 20:25 10,624 a------- c:\windows\system32\dllcache\gameenum.sys
2009-07-03 20:22 20,992 a------- c:\windows\system32\dllcache\dshowext.ax
2009-07-03 20:22 206,976 a------- c:\windows\system32\dllcache\dot4.sys
2009-07-03 20:22 8,320 a------- c:\windows\system32\dllcache\dlttape.sys
2009-07-03 20:20 249,856 a------- c:\windows\system32\dllcache\ctmasetp.dll
2009-07-03 20:20 10,240 a------- c:\windows\system32\dllcache\compbatt.sys
2009-07-03 20:20 13,952 a------- c:\windows\system32\dllcache\cmbatt.sys
2009-07-03 20:20 8,192 a------- c:\windows\system32\dllcache\changer.sys
2009-07-03 20:20 17,024 a------- c:\windows\system32\dllcache\ccdecode.sys
2009-07-03 20:19 121,856 a------- c:\windows\system32\dllcache\camext30.dll
2009-07-03 20:19 18,432 a------- c:\windows\system32\dllcache\bdaplgin.ax
2009-07-03 20:19 11,776 a------- c:\windows\system32\dllcache\bdasup.sys
2009-07-03 20:19 14,208 a------- c:\windows\system32\dllcache\battc.sys
2009-07-03 20:19 13,696 a------- c:\windows\system32\dllcache\avcstrm.sys
2009-07-03 20:18 38,912 a------- c:\windows\system32\dllcache\avc.sys
2009-07-03 20:18 48,128 a------- c:\windows\system32\dllcache\61883.sys
2009-07-03 20:18 12,288 a------- c:\windows\system32\dllcache\4mmdat.sys
2009-07-03 20:18 53,376 a------- c:\windows\system32\dllcache\1394bus.sys
2009-07-02 21:08 <DIR> --d----- c:\program files\ESET
2009-07-02 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-02 20:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-02 19:52 <DIR> --d----- c:\program files\CCleaner
2009-07-01 15:56 <DIR> --d----- c:\program files\42Ninjas
2009-07-01 15:31 <DIR> --d----- c:\docume~1\isaac\applic~1\VOWSoft
2009-07-01 15:31 <DIR> --d----- c:\program files\PicaLoader
2009-06-30 12:06 137,000 a------- c:\windows\system32\MSMAPI32.OCX
2009-06-30 12:06 116,224 a------- c:\windows\system32\pdfcmnnt.dll
2009-06-30 12:06 23,552 a------- c:\windows\system32\MSMPIDE.DLL
2009-06-30 12:06 <DIR> --d----- c:\program files\PDFCreator
2009-06-28 00:16 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-26 08:22 117,430 a------- c:\windows\hpqins00.dat
2009-06-19 01:08 <DIR> --d----- c:\program files\Sony

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-06 16:14 77,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-05 20:27 38,942 ac------ c:\windows\scunin.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 a------- c:\windows\system32\dllcache\rpcrt4.dll
2008-01-15 21:30 6,320,872 ac------ c:\program files\npsibelius.dll
2006-05-03 05:06 163,328 ac-shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 -c-shr-- c:\windows\system32\msfDX.dll

============= FINISH: 0:04:10.45 ===============

Attached Files



#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 13 July 2009 - 08:22 AM

Hello.

I'm going to ask you to remove all the games and their hacks/cracks that you have downloaded off the Internet. I suspect they contain infected files.

Download and Run OTMoveIT
  • Please download OTM by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :services
    procguard
    ba1
    CEDRIVER53
    cheetah1
    DADriv1
    DCSPGSRV
    DISK_DRIVE32
    Dua1
    geebers12
    iCheat1
    kaspersky1
    KIKIDRIVER
    memxers12
    npggsvc
    PCHWDRVDEVICE0
    phoenix1
    Revolution1
    sejt1
    spuce1
    toBzM
    uzeil1
    XDva019
    xp1
    zenx1
    ΦΩ곌ㄴΝ1
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.

Take a new DDS log after. Include the Attach.txt

EDIT: Sorry about that. Please take a new GMER log too. I might have missed something. If you still have the old one saved, that will work too.

With Regards,
The Panda

Edited by PropagandaPanda, 13 July 2009 - 12:40 PM.


#13 thegrainsong

thegrainsong
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 14 July 2009 - 12:10 AM

Hi.
Here are the logs.

========== SERVICES/DRIVERS ==========

Service\Driver procguard deleted successfully.

Service\Driver ba1 deleted successfully.

Service\Driver CEDRIVER53 deleted successfully.

Service\Driver cheetah1 deleted successfully.

Service\Driver DADriv1 deleted successfully.

Service\Driver DCSPGSRV deleted successfully.

Service\Driver DISK_DRIVE32 deleted successfully.

Service\Driver Dua1 deleted successfully.

Service\Driver geebers12 deleted successfully.

Service\Driver iCheat1 deleted successfully.

Service\Driver kaspersky1 deleted successfully.

Service\Driver KIKIDRIVER deleted successfully.

Service\Driver memxers12 deleted successfully.

Service\Driver npggsvc deleted successfully.

Service\Driver PCHWDRVDEVICE0 deleted successfully.

Service\Driver phoenix1 deleted successfully.

Service\Driver Revolution1 deleted successfully.

Service\Driver sejt1 deleted successfully.

Service\Driver spuce1 deleted successfully.

Service\Driver toBzM deleted successfully.

Service\Driver uzeil1 deleted successfully.

Service\Driver XDva019 deleted successfully.

Service\Driver xp1 deleted successfully.

Service\Driver zenx1 deleted successfully.
Service\Driver ΦΩ곌ㄴΝ1 not found.
Service\Driver ΦΩ곌ㄴΝ1 not found.

OTM by OldTimer - Version 3.0.0.5 log created on 07132009_140243






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, July 14, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, July 14, 2009 03:23:28
Records in database: 2466716
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\
I:\

Scan statistics:
Files scanned: 118176
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:46:08


File name / Threat name / Threats count
C:\Program Files\mIRC 6.3 + keygen\mIRC 6.3 + keygen\mIRC - English.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1

The selected area was scanned.






DDS (Ver_09-06-26.01) - NTFSx86
Run by Isaac at 0:42:58.07 on 2009-07-14
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uStart Page = hxxp://gmail.com/
uSearch Page =
uSearch Bar =
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [Aim6]
uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe
uRun: [Google Update] "c:\documents and settings\isaac\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} - hxxp://www.mathchamp.org/oz/ozviewer/ZTransferX.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6584C510-924B-486A-A1A0-E380DE08C2DB} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\isaac\applic~1\mozilla\firefox\profiles\m1n30yoc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
FF - plugin: c:\documents and settings\isaac\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-13 14:02 <DIR> --d----- C:\_OTM
2009-07-12 23:32 68,608 a------- c:\windows\system32\dllcache\hpgt53tk.dll
2009-07-12 20:12 <DIR> --d----- C:\_OTS
2009-07-05 02:32 <DIR> --d----- C:\VundoFix Backups
2009-07-03 20:44 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-03 20:44 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-03 20:44 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-03 20:44 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-03 20:44 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-03 20:44 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-07-03 20:44 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-07-03 20:44 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-03 20:44 19,200 a------- c:\windows\system32\dllcache\wstcodec.sys
2009-07-03 20:44 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-07-03 20:44 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-07-03 20:42 48,256 a------- c:\windows\system32\dllcache\w32.dll
2009-07-03 20:41 94,720 a------- c:\windows\system32\dllcache\umaxud32.dll
2009-07-03 20:40 315,520 a------- c:\windows\system32\dllcache\trid3d.dll
2009-07-03 20:39 94,293 a------- c:\windows\system32\dllcache\sxports.dll
2009-07-03 20:38 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-07-03 20:37 30,208 a------- c:\windows\system32\dllcache\sm87w.dll
2009-07-03 20:36 6,784 a------- c:\windows\system32\dllcache\serscan.sys
2009-07-03 20:35 29,696 a------- c:\windows\system32\dllcache\rw450ext.dll
2009-07-03 20:35 27,648 a------- c:\windows\system32\dllcache\rw430ext.dll
2009-07-03 20:35 79,104 a------- c:\windows\system32\dllcache\rocket.sys
2009-07-03 20:34 6,016 a------- c:\windows\system32\dllcache\qic157.sys
2009-07-03 20:34 159,232 a------- c:\windows\system32\dllcache\ptpusd.dll
2009-07-03 20:34 33,280 a------- c:\windows\system32\dllcache\psisrndr.ax
2009-07-03 20:34 363,520 a------- c:\windows\system32\dllcache\psisdecd.dll
2009-07-03 20:34 17,664 a------- c:\windows\system32\dllcache\ppa3.sys
2009-07-03 20:34 8,832 a------- c:\windows\system32\dllcache\powerfil.sys
2009-07-03 20:33 259,328 a------- c:\windows\system32\dllcache\perm3dd.dll
2009-07-03 20:33 28,032 a------- c:\windows\system32\dllcache\perm3.sys
2009-07-03 20:33 211,584 a------- c:\windows\system32\dllcache\perm2dll.dll
2009-07-03 20:33 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-07-03 20:32 61,696 a------- c:\windows\system32\dllcache\ohci1394.sys
2009-07-03 20:32 28,672 a------- c:\windows\system32\dllcache\nscirda.sys
2009-07-03 20:31 10,880 a------- c:\windows\system32\dllcache\ndisip.sys
2009-07-03 20:31 85,248 a------- c:\windows\system32\dllcache\nabtsfec.sys
2009-07-03 20:30 49,024 a------- c:\windows\system32\dllcache\mstape.sys
2009-07-03 20:30 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2009-07-03 20:30 22,016 a------- c:\windows\system32\dllcache\msircomm.sys
2009-07-03 20:30 56,832 a------- c:\windows\system32\dllcache\msdvbnp.ax
2009-07-03 20:30 51,200 a------- c:\windows\system32\dllcache\msdv.sys
2009-07-03 20:30 15,232 a------- c:\windows\system32\dllcache\mpe.sys
2009-07-03 20:29 26,112 a------- c:\windows\system32\dllcache\memstpci.sys
2009-07-03 20:29 7,040 a------- c:\windows\system32\dllcache\ltotape.sys
2009-07-03 20:28 34,688 a------- c:\windows\system32\dllcache\lbrtfdc.sys
2009-07-03 20:28 43,008 a------- c:\windows\system32\dllcache\ksxbar.ax
2009-07-03 20:28 91,136 a------- c:\windows\system32\dllcache\kswdmcap.ax
2009-07-03 20:28 61,952 a------- c:\windows\system32\dllcache\kstvtune.ax
2009-07-03 20:28 253,952 a------- c:\windows\system32\dllcache\kdsusd.dll
2009-07-03 20:28 48,640 a------- c:\windows\system32\dllcache\kdsui.dll
2009-07-03 20:28 28,160 a------- c:\windows\system32\dllcache\irmon.dll
2009-07-03 20:28 151,552 a------- c:\windows\system32\dllcache\irftp.exe
2009-07-03 20:28 88,192 a------- c:\windows\system32\dllcache\irda.sys
2009-07-03 20:28 16,384 a------- c:\windows\system32\dllcache\ipsink.ax
2009-07-03 20:27 702,845 a------- c:\windows\system32\dllcache\i81xdnt5.dll
2009-07-03 20:25 20,352 a------- c:\windows\system32\dllcache\hidbatt.sys
2009-07-03 20:25 28,288 a------- c:\windows\system32\dllcache\grserial.sys
2009-07-03 20:25 59,136 a------- c:\windows\system32\dllcache\gckernel.sys
2009-07-03 20:25 10,624 a------- c:\windows\system32\dllcache\gameenum.sys
2009-07-03 20:22 20,992 a------- c:\windows\system32\dllcache\dshowext.ax
2009-07-03 20:22 206,976 a------- c:\windows\system32\dllcache\dot4.sys
2009-07-03 20:22 8,320 a------- c:\windows\system32\dllcache\dlttape.sys
2009-07-03 20:20 249,856 a------- c:\windows\system32\dllcache\ctmasetp.dll
2009-07-03 20:20 10,240 a------- c:\windows\system32\dllcache\compbatt.sys
2009-07-03 20:20 13,952 a------- c:\windows\system32\dllcache\cmbatt.sys
2009-07-03 20:20 8,192 a------- c:\windows\system32\dllcache\changer.sys
2009-07-03 20:20 17,024 a------- c:\windows\system32\dllcache\ccdecode.sys
2009-07-03 20:19 121,856 a------- c:\windows\system32\dllcache\camext30.dll
2009-07-03 20:19 18,432 a------- c:\windows\system32\dllcache\bdaplgin.ax
2009-07-03 20:19 11,776 a------- c:\windows\system32\dllcache\bdasup.sys
2009-07-03 20:19 14,208 a------- c:\windows\system32\dllcache\battc.sys
2009-07-03 20:19 13,696 a------- c:\windows\system32\dllcache\avcstrm.sys
2009-07-03 20:18 38,912 a------- c:\windows\system32\dllcache\avc.sys
2009-07-03 20:18 48,128 a------- c:\windows\system32\dllcache\61883.sys
2009-07-03 20:18 12,288 a------- c:\windows\system32\dllcache\4mmdat.sys
2009-07-03 20:18 53,376 a------- c:\windows\system32\dllcache\1394bus.sys
2009-07-02 21:08 <DIR> --d----- c:\program files\ESET
2009-07-02 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-02 20:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-02 19:52 <DIR> --d----- c:\program files\CCleaner
2009-07-01 15:56 <DIR> --d----- c:\program files\42Ninjas
2009-07-01 15:31 <DIR> --d----- c:\docume~1\isaac\applic~1\VOWSoft
2009-07-01 15:31 <DIR> --d----- c:\program files\PicaLoader
2009-06-30 12:06 137,000 a------- c:\windows\system32\MSMAPI32.OCX
2009-06-30 12:06 116,224 a------- c:\windows\system32\pdfcmnnt.dll
2009-06-30 12:06 23,552 a------- c:\windows\system32\MSMPIDE.DLL
2009-06-30 12:06 <DIR> --d----- c:\program files\PDFCreator
2009-06-28 00:16 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-26 08:22 117,430 a------- c:\windows\hpqins00.dat
2009-06-19 01:08 <DIR> --d----- c:\program files\Sony

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-06 16:14 77,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-05 20:27 38,942 ac------ c:\windows\scunin.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 a------- c:\windows\system32\dllcache\rpcrt4.dll
2008-01-15 21:30 6,320,872 ac------ c:\program files\npsibelius.dll
2006-05-03 05:06 163,328 ac-shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 -c-shr-- c:\windows\system32\msfDX.dll

============= FINISH: 0:44:11.89 ===============

Attached Files



#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 14 July 2009 - 08:33 AM

Hello.

Download and Run MBR
  • Please download MBR.exe to your desktop.
  • Double click the file to run it.
  • You will see a black command prompt window open then close. A file named mbr.txt will appear on your desktop. Open it and copy its contents into your next reply.
With Regards,
The Panda

#15 thegrainsong

thegrainsong
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 14 July 2009 - 12:27 PM

Hi. Here is the mbr log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x829601c0
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> 0x82999e70
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users