Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with lots of trojans


  • This topic is locked This topic is locked
56 replies to this topic

#1 mystique13

mystique13

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 12 October 2009 - 02:41 PM

I was on Facebook and I tried to click the down arrow to scroll down. Suddenly I had pop-ups for Total Security and Antivirus 2010. AV 2010 went away but Total Security stayed and I noticed Windows Police Pro was installed. As far as I can tell these 3 are gone but there are other trojans lurking. For a while I was unable to run Malwarebytes' Anti-malware until I emptied its quarantine folder. Currently it is back up and running. I was able to get Task Manager back working. I was unable to run avast so I downloaded Avira which keeps finding trojans. After emptying Avira quarantine folder I am able to run Avast scanner for the first time in 3 weeks. BIT service and Automatic Update service have been disabled and I am unable to start them due to errors. I can not use IE or Firefox. Safari is the only one that works. I've tried reinstalling IE8 but I receive an error. I can't run Spybot S&D. I'm attaching a document that has the errors I'm receiving and some of the things I've downloaded and run.
System restore was disabled (unbeknownst to me) until after I was infected. Windows Defender wouldn't run so I made the mistake of uninstalling, now I can't reinstall.
I will be glad to provide more information when needed.

DDS (Ver_09-09-29.01) - NTFSx86
Run by Victor Harp at 18:18:01.81 on Tue 10/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.165 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1356 [VPS 091001-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NBC Direct\DirectPlayerCore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Pando Networks\Media Booster\pmb.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\twain_32\escndv\escndv.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uTMBackup.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Documents and Settings\Victor Harp\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
EB: MRI_DISABLED - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [arcsoft connection service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\boponase.dll,bemevaja.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = difodime.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\victor~1\applic~1\mozilla\firefox\profiles\rjt1umu0.default\
FF - component: c:\documents and settings\victor harp\application data\mozilla\firefox\profiles\rjt1umu0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\extensions\kodak-companion@mozilla.com\platform\winnt\components\pickup.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-29 207280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-23 114768]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-29 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-9-29 229304]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-23 20560]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-29 55656]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-9-29 87656]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\free ride games\X4HSX32Ex.sys [2008-10-22 29856]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-10-1 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-10-1 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-10-1 46592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-10-1 115088]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 glaide32;glaide32;\??\c:\windows\system32\drivers\glaide32.sys --> c:\windows\system32\drivers\glaide32.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]

=============== Created Last 30 ================

2009-10-02 16:17 <DIR> --d----- c:\docume~1\victor~1\applic~1\Anabel
2009-10-01 20:09 672,256 a------- C:\cqf3.tmp
2009-10-01 20:02 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 20:02 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-01 19:40 <DIR> --d----- c:\docume~1\victor~1\applic~1\PCToolsFirewallPlus
2009-10-01 14:47 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-01 14:46 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2009-10-01 14:44 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-10-01 14:44 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-10-01 14:44 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-10-01 14:44 115,088 a------- c:\windows\system32\drivers\pctplfw.sys
2009-10-01 14:40 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-10-01 14:22 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-01 11:43 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-10-01 11:43 153,088 a------- c:\windows\system32\unrar3.dll
2009-10-01 11:43 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-10-01 11:43 75,264 a------- c:\windows\system32\unacev2.dll
2009-10-01 11:43 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-10-01 11:42 <DIR> --d----- c:\docume~1\victor~1\applic~1\Simply Super Software
2009-10-01 11:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-09-30 00:33 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-09-30 00:33 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-09-30 00:33 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-09-30 00:33 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-09-30 00:33 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-09-30 00:33 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-09-30 00:33 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-09-30 00:33 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-09-30 00:33 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-09-30 00:32 19,200 a------- c:\windows\system32\dllcache\wstcodec.sys
2009-09-30 00:32 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-09-30 00:32 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-09-30 00:32 8,832 a------- c:\windows\system32\dllcache\wmiacpi.sys
2009-09-30 00:32 154,624 a------- c:\windows\system32\dllcache\wlluc48.sys
2009-09-30 00:30 12,415 a------- c:\windows\system32\dllcache\wadv01nt.sys
2009-09-30 00:30 16,925 a------- c:\windows\system32\dllcache\w940nd.sys
2009-09-30 00:30 19,016 a------- c:\windows\system32\dllcache\w926nd.sys
2009-09-30 00:30 19,528 a------- c:\windows\system32\dllcache\w840nd.sys
2009-09-30 00:30 48,256 a------- c:\windows\system32\dllcache\w32.dll
2009-09-30 00:30 64,605 a------- c:\windows\system32\dllcache\vvoice.sys
2009-09-30 00:30 397,502 a------- c:\windows\system32\dllcache\vpctcom.sys
2009-09-30 00:30 604,253 a------- c:\windows\system32\dllcache\vmodem.sys
2009-09-30 00:30 249,402 a------- c:\windows\system32\dllcache\vinwm.sys
2009-09-30 00:30 24,576 a------- c:\windows\system32\dllcache\viairda.sys
2009-09-30 00:30 53,760 a------- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-30 00:30 687,999 a------- c:\windows\system32\dllcache\usrwdxjs.sys
2009-09-30 00:29 765,884 a------- c:\windows\system32\dllcache\usrti.sys
2009-09-30 00:29 113,762 a------- c:\windows\system32\dllcache\usrpda.sys
2009-09-30 00:29 7,556 a------- c:\windows\system32\dllcache\usroslba.sys
2009-09-30 00:29 224,802 a------- c:\windows\system32\dllcache\usr1807a.sys
2009-09-30 00:29 794,399 a------- c:\windows\system32\dllcache\usr1806v.sys
2009-09-30 00:29 793,598 a------- c:\windows\system32\dllcache\usr1806.sys
2009-09-30 00:29 794,654 a------- c:\windows\system32\dllcache\usr1801.sys
2009-09-30 00:29 26,112 a------- c:\windows\system32\dllcache\usbser.sys
2009-09-30 00:28 60,032 a------- c:\windows\system32\dllcache\usbaudio.sys
2009-09-30 00:28 32,384 a------- c:\windows\system32\dllcache\usb101et.sys
2009-09-30 00:28 94,720 a------- c:\windows\system32\dllcache\umaxud32.dll
2009-09-30 00:28 28,160 a------- c:\windows\system32\dllcache\umaxu40.dll
2009-09-30 00:28 26,624 a------- c:\windows\system32\dllcache\umaxu22.dll
2009-09-30 00:28 69,632 a------- c:\windows\system32\dllcache\umaxu12.dll
2009-09-30 00:28 50,688 a------- c:\windows\system32\dllcache\umaxscan.dll
2009-09-30 00:28 22,912 a------- c:\windows\system32\dllcache\umaxpcls.sys
2009-09-30 00:28 50,176 a------- c:\windows\system32\dllcache\umaxp60.dll
2009-09-30 00:28 47,616 a------- c:\windows\system32\dllcache\umaxcam.dll
2009-09-30 00:27 211,968 a------- c:\windows\system32\dllcache\um54scan.dll
2009-09-30 00:27 216,064 a------- c:\windows\system32\dllcache\um34scan.dll
2009-09-30 00:27 11,520 a------- c:\windows\system32\dllcache\twotrack.sys
2009-09-30 00:27 14,336 a------- c:\windows\system32\dllcache\tsprof.exe
2009-09-30 00:27 166,784 a------- c:\windows\system32\dllcache\tridxpm.sys
2009-09-30 00:27 525,568 a------- c:\windows\system32\dllcache\tridxp.dll
2009-09-30 00:27 159,232 a------- c:\windows\system32\dllcache\tridkbm.sys
2009-09-30 00:27 440,576 a------- c:\windows\system32\dllcache\tridkb.dll
2009-09-30 00:27 222,336 a------- c:\windows\system32\dllcache\trid3dm.sys
2009-09-30 00:27 315,520 a------- c:\windows\system32\dllcache\trid3d.dll
2009-09-30 00:27 34,375 a------- c:\windows\system32\dllcache\tpro4.sys
2009-09-30 00:27 42,496 a------- c:\windows\system32\dllcache\tp4res.dll
2009-09-30 00:25 30,464 a------- c:\windows\system32\dllcache\tbatm155.sys
2009-09-30 00:25 7,040 a------- c:\windows\system32\dllcache\tandqic.sys
2009-09-30 00:25 36,640 a------- c:\windows\system32\dllcache\t2r4mini.sys
2009-09-30 00:25 172,768 a------- c:\windows\system32\dllcache\t2r4disp.dll
2009-09-30 00:25 94,293 a------- c:\windows\system32\dllcache\sxports.dll
2009-09-30 00:25 103,936 a------- c:\windows\system32\dllcache\sx.sys
2009-09-30 00:25 3,968 a------- c:\windows\system32\dllcache\swusbflt.sys
2009-09-30 00:25 10,240 a------- c:\windows\system32\dllcache\swpidflt.dll
2009-09-30 00:25 10,240 a------- c:\windows\system32\dllcache\swpdflt2.dll
2009-09-30 00:25 53,760 a------- c:\windows\system32\dllcache\sw_wheel.dll
2009-09-30 00:25 41,472 a------- c:\windows\system32\dllcache\sw_effct.dll
2009-09-30 00:24 15,232 a------- c:\windows\system32\dllcache\streamip.sys
2009-09-30 00:24 155,648 a------- c:\windows\system32\dllcache\stlnprop.dll
2009-09-30 00:24 53,248 a------- c:\windows\system32\dllcache\stlncoin.dll
2009-09-30 00:24 285,760 a------- c:\windows\system32\dllcache\stlnata.sys
2009-09-30 00:24 16,896 a------- c:\windows\system32\dllcache\stcusb.sys
2009-09-30 00:24 48,736 a------- c:\windows\system32\dllcache\srwlnd5.sys
2009-09-30 00:24 99,328 a------- c:\windows\system32\dllcache\srusd.dll
2009-09-30 00:24 101,376 a------- c:\windows\system32\dllcache\srusbusd.dll
2009-09-30 00:24 24,660 a------- c:\windows\system32\dllcache\spxupchk.dll
2009-09-30 00:24 61,824 a------- c:\windows\system32\dllcache\speed.sys
2009-09-30 00:22 25,034 a------- c:\windows\system32\dllcache\smcpwr2n.sys
2009-09-30 00:21 91,294 a------- c:\windows\system32\dllcache\skfpwin.sys
2009-09-30 00:21 94,698 a------- c:\windows\system32\dllcache\sk98xwin.sys
2009-09-30 00:21 157,696 a------- c:\windows\system32\dllcache\sisv256.dll
2009-09-30 00:21 50,432 a------- c:\windows\system32\dllcache\sisv.sys
2009-09-30 00:21 32,768 a------- c:\windows\system32\dllcache\sisnic.sys
2009-09-30 00:21 238,592 a------- c:\windows\system32\dllcache\sisgrv.dll
2009-09-30 00:21 104,064 a------- c:\windows\system32\dllcache\sisgrp.sys
2009-09-30 00:21 150,144 a------- c:\windows\system32\dllcache\sis6306v.dll
2009-09-30 00:21 68,608 a------- c:\windows\system32\dllcache\sis6306p.sys
2009-09-30 00:21 252,032 a------- c:\windows\system32\dllcache\sis300iv.dll
2009-09-30 00:21 101,760 a------- c:\windows\system32\dllcache\sis300ip.sys
2009-09-30 00:21 18,944 a------- c:\windows\system32\dllcache\simptcp.dll
2009-09-30 00:20 161,568 a------- c:\windows\system32\dllcache\sgsmusb.sys
2009-09-30 00:20 18,400 a------- c:\windows\system32\dllcache\sgsmld.sys
2009-09-30 00:20 98,080 a------- c:\windows\system32\dllcache\sgiulnt5.sys
2009-09-30 00:20 386,560 a------- c:\windows\system32\dllcache\sgiul50.dll
2009-09-30 00:20 36,480 a------- c:\windows\system32\dllcache\sfmanm.sys
2009-09-30 00:20 6,784 a------- c:\windows\system32\dllcache\serscan.sys
2009-09-30 00:20 17,664 a------- c:\windows\system32\dllcache\sermouse.sys
2009-09-30 00:20 26,112 a------- c:\windows\system32\dllcache\EXCH_seos.dll
2009-09-30 00:20 6,912 a------- c:\windows\system32\dllcache\seaddsmc.sys
2009-09-30 00:20 11,520 a------- c:\windows\system32\dllcache\scsiscan.sys
2009-09-30 00:20 11,648 a------- c:\windows\system32\dllcache\scsiprnt.sys
2009-09-30 00:19 57,856 a------- c:\windows\system32\dllcache\EXCH_scripto.dll
2009-09-30 00:19 17,280 a------- c:\windows\system32\dllcache\scr111.sys
2009-09-30 00:19 16,640 a------- c:\windows\system32\dllcache\scmstcs.sys
2009-09-30 00:19 23,936 a------- c:\windows\system32\dllcache\sccmusbm.sys
2009-09-30 00:19 23,936 a------- c:\windows\system32\dllcache\sccmn50m.sys
2009-09-30 00:19 43,904 a------- c:\windows\system32\dllcache\sbp2port.sys
2009-09-30 00:19 495,616 a------- c:\windows\system32\dllcache\sblfx.dll
2009-09-30 00:19 75,392 a------- c:\windows\system32\dllcache\s3savmxm.sys
2009-09-30 00:19 245,632 a------- c:\windows\system32\dllcache\s3savmx.dll
2009-09-30 00:19 77,824 a------- c:\windows\system32\dllcache\s3sav4m.sys
2009-09-30 00:19 198,400 a------- c:\windows\system32\dllcache\s3sav4.dll
2009-09-30 00:19 61,504 a------- c:\windows\system32\dllcache\s3sav3dm.sys
2009-09-30 00:17 9,216 a------- c:\windows\system32\dllcache\rsmgrstr.dll
2009-09-30 00:17 3,840 a------- c:\windows\system32\dllcache\rpfun.sys
2009-09-30 00:17 79,104 a------- c:\windows\system32\dllcache\rocket.sys
2009-09-30 00:17 37,563 a------- c:\windows\system32\dllcache\rlnet5.sys
2009-09-30 00:17 86,097 a------- c:\windows\system32\dllcache\reslog32.dll
2009-09-30 00:17 23,040 a------- c:\windows\system32\dllcache\EXCH_regtrace.exe
2009-09-30 00:17 14,848 a------- c:\windows\system32\dllcache\register.exe
2009-09-30 00:17 19,584 a------- c:\windows\system32\dllcache\rasirda.sys
2009-09-30 00:17 714,762 a------- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-09-30 00:17 899,146 a------- c:\windows\system32\dllcache\r2mdkxga.sys
2009-09-30 00:17 41,472 a------- c:\windows\system32\dllcache\qvusd.dll
2009-09-30 00:15 131,584 a------- c:\windows\system32\dllcache\pmxviceo.dll
2009-09-30 00:14 30,282 a------- c:\windows\system32\dllcache\pcntn5hl.sys
2009-09-30 00:13 48,000 a------- c:\windows\system32\dllcache\ovcam2.sys
2009-09-30 00:13 25,088 a------- c:\windows\system32\dllcache\ovca.sys
2009-09-30 00:13 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys
2009-09-30 00:13 43,689 a------- c:\windows\system32\dllcache\otceth5.sys
2009-09-30 00:13 27,209 a------- c:\windows\system32\dllcache\otc06x5.sys
2009-09-30 00:13 54,528 a------- c:\windows\system32\dllcache\opl3sax.sys
2009-09-30 00:13 61,696 a------- c:\windows\system32\dllcache\ohci1394.sys
2009-09-30 00:13 198,144 a------- c:\windows\system32\dllcache\nv3.sys
2009-09-30 00:13 123,776 a------- c:\windows\system32\dllcache\nv3.dll
2009-09-30 00:12 51,552 a------- c:\windows\system32\dllcache\ntgrip.sys
2009-09-30 00:12 38,912 a------- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-09-30 00:12 9,344 a------- c:\windows\system32\dllcache\ntapm.sys
2009-09-30 00:12 7,552 a------- c:\windows\system32\dllcache\nsmmc.sys
2009-09-30 00:12 28,672 a------- c:\windows\system32\dllcache\nscirda.sys
2009-09-30 00:12 87,040 a------- c:\windows\system32\dllcache\nm6wdm.sys
2009-09-30 00:12 126,080 a------- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-09-30 00:12 32,840 a------- c:\windows\system32\dllcache\ngrpci.sys
2009-09-30 00:12 132,695 a------- c:\windows\system32\dllcache\netwlan5.sys
2009-09-30 00:12 65,278 a------- c:\windows\system32\dllcache\netflx3.sys
2009-09-30 00:12 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys
2009-09-30 00:10 19,968 a------- c:\windows\system32\dllcache\mxicfg.dll
2009-09-30 00:10 21,888 a------- c:\windows\system32\dllcache\mxcard.sys
2009-09-30 00:10 229,439 a------- c:\windows\system32\dllcache\multibox.dll
2009-09-30 00:10 103,296 a------- c:\windows\system32\dllcache\mtxvideo.sys
2009-09-30 00:10 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2009-09-30 00:10 49,024 a------- c:\windows\system32\dllcache\mstape.sys
2009-09-30 00:10 12,416 a------- c:\windows\system32\dllcache\msriffwv.sys
2009-09-30 00:10 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-09-30 00:09 22,016 a------- c:\windows\system32\dllcache\msircomm.sys
2009-09-30 00:09 1,875,968 a------- c:\windows\system32\dllcache\msir3jp.lex
2009-09-30 00:09 98,304 a------- c:\windows\system32\dllcache\msir3jp.dll
2009-09-30 00:09 35,200 a------- c:\windows\system32\dllcache\msgame.sys
2009-09-30 00:09 6,016 a------- c:\windows\system32\dllcache\msfsio.sys
2009-09-30 00:09 56,832 a------- c:\windows\system32\dllcache\msdvbnp.ax
2009-09-30 00:09 51,200 a------- c:\windows\system32\dllcache\msdv.sys
2009-09-30 00:09 15,232 a------- c:\windows\system32\dllcache\mpe.sys
2009-09-30 00:09 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-09-30 00:07 48,768 a------- c:\windows\system32\dllcache\maestro.sys
2009-09-30 00:06 25,065 a------- c:\windows\system32\dllcache\lmndis3.sys
2009-09-30 00:05 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-09-30 00:04 59,904 a------- c:\windows\system32\dllcache\imkrinst.exe
2009-09-30 00:03 100,936 a------- c:\windows\system32\dllcache\ibmtok.sys
2009-09-30 00:02 542,879 a------- c:\windows\system32\dllcache\hsf_msft.sys
2009-09-30 00:01 101,376 a------- c:\windows\system32\dllcache\hpgt34.dll
2009-09-30 00:00 470,144 a------- c:\windows\system32\dllcache\g200d.dll
2009-09-29 23:59 11,850 a------- c:\windows\system32\dllcache\f3ab18xj.sys
2009-09-29 23:58 114,944 a------- c:\windows\system32\dllcache\epstw2k.sys
2009-09-29 23:57 334,208 a------- c:\windows\system32\dllcache\ds1wdm.sys
2009-09-29 23:56 37,735 a------- c:\windows\system32\dllcache\digiasyn.sys
2009-09-29 23:56 65,622 a------- c:\windows\system32\dllcache\digiasyn.dll
2009-09-29 23:56 419,357 a------- c:\windows\system32\dllcache\dgconfig.dll
2009-09-29 23:56 29,531 a------- c:\windows\system32\dllcache\dgapci.sys
2009-09-29 23:56 24,649 a------- c:\windows\system32\dllcache\dfe650d.sys
2009-09-29 23:56 24,648 a------- c:\windows\system32\dllcache\dfe650.sys
2009-09-29 23:55 24,064 a------- c:\windows\system32\dllcache\devldr32.exe
2009-09-29 23:55 256,512 a------- c:\windows\system32\dllcache\devcon32.dll
2009-09-29 23:55 20,928 a------- c:\windows\system32\dllcache\defpa.sys
2009-09-29 23:55 7,424 a------- c:\windows\system32\dllcache\ddsmc.sys
2009-09-29 23:55 110,592 a------- c:\windows\system32\dllcache\dc260usd.dll
2009-09-29 23:54 86,016 a------- c:\windows\system32\dllcache\dc240usd.dll
2009-09-29 23:54 63,208 a------- c:\windows\system32\dllcache\dc21x4.sys
2009-09-29 23:54 80,896 a------- c:\windows\system32\dllcache\dc210usd.dll
2009-09-29 23:54 25,600 a------- c:\windows\system32\dllcache\dc210_32.dll
2009-09-29 23:54 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
2009-09-29 23:54 27,648 a------- c:\windows\system32\dllcache\cyzports.dll
2009-09-29 23:52 39,936 a------- c:\windows\system32\dllcache\cnxt1803.sys
2009-09-29 23:51 17,024 a------- c:\windows\system32\dllcache\ccdecode.sys
2009-09-29 23:50 10,752 a------- c:\windows\system32\dllcache\c_iscii.dll
2009-09-29 23:49 9,728 a------- c:\windows\system32\dllcache\brserif.dll
2009-09-29 23:48 26,624 a------- c:\windows\system32\dllcache\ativxbar.sys
2009-09-29 23:47 24,576 a------- c:\windows\system32\dllcache\agcgauge.ax
2009-09-29 23:45 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-09-29 16:45 <DIR> --d-h--- c:\windows\PIF
2009-09-29 15:39 672,256 a------- C:\cqf2.tmp
2009-09-29 12:44 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-29 12:44 <DIR> --d----- c:\program files\Avira
2009-09-29 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-09-29 12:06 229,304 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-29 12:06 207,280 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-29 12:06 87,656 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-29 12:06 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-29 12:06 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-29 12:06 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-29 12:05 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-29 12:05 <DIR> --d----- c:\docume~1\victor~1\applic~1\PC Tools
2009-09-29 12:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-28 17:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-28 17:13 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-28 17:13 <DIR> --d----- c:\docume~1\victor~1\applic~1\SUPERAntiSpyware.com
2009-09-28 17:11 <DIR> --d----- c:\program files\CCleaner
2009-09-28 17:10 <DIR> --d----- c:\docume~1\victor~1\applic~1\Uniblue
2009-09-28 17:10 <DIR> --d----- c:\program files\Uniblue
2009-09-28 16:55 <DIR> --d----- c:\program files\Firefox
2009-09-28 16:30 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-28 16:21 <DIR> --d----- c:\windows\pss
2009-09-28 15:23 0 a------- c:\windows\system32\AVR09.exe
2009-09-28 15:23 0 a------- c:\windows\system32\winhelper.dll
2009-09-26 15:34 672,256 a------- C:\cqfB.tmp
2009-09-26 15:34 672,256 a------- C:\cqfuy.tmp
2009-09-26 15:34 407,680 a------- C:\cqfuy.exe
2009-09-26 00:43 92 a------- c:\windows\system32\sonhelp.htm
2009-09-26 00:02 0 a------- c:\windows\win32k.sys
2009-09-25 17:17 19,857 a------- c:\program files\common files\ziqujox.vbs
2009-09-25 17:17 19,116 a------- c:\program files\common files\oxixe.com
2009-09-25 17:17 18,940 a------- c:\program files\common files\akeze.bin
2009-09-25 17:17 17,968 a------- c:\docume~1\victor~1\applic~1\galilyz.vbs
2009-09-25 17:17 17,152 a------- c:\windows\nohuxo._dl
2009-09-25 17:17 15,332 a------- c:\windows\ipicemymyv.dll
2009-09-25 17:17 12,170 a------- c:\docume~1\alluse~1\applic~1\kemifik.pif
2009-09-25 17:17 10,413 a------- c:\windows\system32\epejafakyz.dll
2009-09-25 17:17 12,462 a------- c:\windows\defatuwyv.bin
2009-09-25 17:17 10,640 a------- c:\windows\system32\sigojuge.dl
2009-09-25 15:05 17,191 a------- c:\windows\owafekizoj.inf
2009-09-25 15:05 18,424 a------- c:\windows\system32\tykeb.bin
2009-09-25 15:05 17,718 a------- c:\windows\eleber.lib
2009-09-25 15:05 15,473 a------- c:\windows\udiqopuryb.dat
2009-09-25 15:05 15,226 a------- c:\windows\system32\uxylevuw.exe
2009-09-25 15:05 13,565 a------- c:\docume~1\victor~1\applic~1\ubeletak.reg
2009-09-25 15:05 12,201 a------- c:\docume~1\alluse~1\applic~1\jabunamek.pif
2009-09-25 15:05 15,046 a------- c:\windows\ajityjerub.exe
2009-09-25 15:05 12,030 a------- c:\docume~1\victor~1\applic~1\yxadefys.bin
2009-09-25 15:05 10,574 a------- c:\windows\codycisoc.ban
2009-09-25 14:53 108 a------- c:\windows\system32\temp32.bat
2009-09-24 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-09-24 20:28 204 a------- C:\Plugins
2009-09-24 20:28 <DIR> --d----- c:\program files\Pando Networks
2009-09-24 20:28 <DIR> a-d----- c:\program files\NBC Direct
2009-09-24 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NBC Direct
2009-09-24 19:00 <DIR> --d----- c:\program files\iTunes
2009-09-24 19:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-24 12:52 84,056 a---h--- c:\windows\system32\mlfcache.dat
2009-09-19 16:20 664 a------- c:\windows\system32\d3d9caps.dat
2009-09-19 11:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2009-09-14 10:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Princess Isabella
2009-09-09 12:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Enkord

==================== Find3M ====================

2009-09-25 17:17 19,919 a------- c:\program files\common files\amufu.lib
2009-09-25 17:17 17,807 a------- c:\program files\common files\dupewih.inf
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\dllcache\atl.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2005-05-26 14:35 1,422 a------- c:\program files\ReadMe.txt
2004-08-04 07:00 94,784 ---sh--- c:\windows\twain.dll
2008-04-13 20:12 50,688 ---sh--- c:\windows\twain_32.dll

============= FINISH: 18:20:16.00 ===============

Malwarebytes' Anti-Malware 1.41
Database version: 2922
Windows 5.1.2600 Service Pack 3

10/7/2009 5:45:42 PM
mbam-log-2009-10-07 (17-45-23).txt

Scan type: Quick Scan
Objects scanned: 136868
Time elapsed: 21 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Folders Infected:
C:\Documents and Settings\Victor Harp\Start Menu\Programs\Total Security (Rogue.TotalSecurity) -> No action taken.

Files Infected:
C:\Documents and Settings\Victor Harp\Start Menu\Programs\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> No action taken.
C:\Documents and Settings\Victor Harp\Application Data\ubeletak.reg (Rogue.AntiVirusPro) -> No action taken.
C:\cqfuy.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AVR09.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> No action taken.

Attached Files



BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:48 PM

Posted 12 October 2009 - 03:10 PM

Your on board mbam utility should certainly take care of this but your log shows that you took no action. Scan again, but this time make sure you have done the following:
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected then click on the Scan button.
  • The scan will begin and "Scan in progress" will show at the top. Wait for the scan to complete and do nothing else with the computer during the scan.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Exit MBAM. Please remember to copy and paste the contents of that report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 mystique13

mystique13
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 14 October 2009 - 01:49 PM

Ok. I am currently in safe mode. Here's my new MBAM log
Malwarebytes' Anti-Malware 1.41
Database version: 2962
Windows 5.1.2600 Service Pack 3 (Safe Mode)

10/14/2009 2:42:29 PM
mbam-log-2009-10-14 (14-42-29).txt

Scan type: Quick Scan
Objects scanned: 135221
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I corrected the Hijack.windowsupdates registry entry manually. I was able to
turn on Automatic Updates. I have not logged in under normal mode to start BITS.

2 other issues I'm having but forgot to put in my first post
1) When clicking a link in my email, nothing happens.
2) I've downloaded Microsoft's Malicious Software Removal Tool but it won't run.

#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:48 PM

Posted 14 October 2009 - 03:52 PM

The problem with your email link doing nothing when you click on it could be that it is just malformed. The fact that it happened is just anecdotal without some detail...you gave none.
Tell me what happens when you click This Link.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 mystique13

mystique13
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 14 October 2009 - 05:41 PM

I didn't get your reply via email. Thought I had it set up to email me all replies but I did something wrong. Think I have it fixed now. I'm not sure what other info to give regarding that. I click on any link in any email in outlook and it tries to start firefox but nothing happens. This problem is an annoyance but the least of my concerns. Incidently now when I have outlook open it asks for my network password every time it starts to check for new email. I checked my email settings and my password is saved in there so I don't know why it keeps asking. Again, an annoyance but not the main problem. Also, BITS is working again.

#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:48 PM

Posted 14 October 2009 - 08:42 PM

What happens when you click the link in post #4?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 mystique13

mystique13
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 15 October 2009 - 09:38 AM

it takes me to Kaspersky online scanner http://www.kaspersky.com/kos/eng/partner/d...n=1255553387631 but i can't run it because I can't get IE installed and I can't get firefox to come up. I tried installing IE7 but couldn't get it to install either. Also, Avira keeps saying I have TR/Crypt.Xpack.Gen. I tell it to delete, rename, quarantine or deny access and it still shows up. It changes the name of the file slightly each time. This is the location C:\WINDOWS\Temp\_avast4_. There's a file in here called webshlock.txt that I can not open or delete. And there are files in c:\Windows\temp that look similar to this Perflib_Perfdata_1bc.dat. Are these legitimate files?

I had Super AntiSpyware installed but after running once, I received an error when trying to run. I tried repairing but with now luck. So I uninstalled it. Now when trying to install I receive the following error "Error 1321. Windows Installer has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe." I am able to run the online scanner but I would like to have it installed.

Edited by mystique13, 15 October 2009 - 03:09 PM.


#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:48 PM

Posted 15 October 2009 - 04:13 PM

What browser are you using?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#9 mystique13

mystique13
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 15 October 2009 - 04:32 PM

Safari and I just got Firefox back working properly.

Edited by mystique13, 15 October 2009 - 05:27 PM.


#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:48 PM

Posted 15 October 2009 - 05:29 PM

Safari and I just got Firefox back working properly.
BTW, I'm getting emails from other topics/forums from bleepingcomputer.com but I'm still not getting an email with your replies.

At the top of this thread, click the Options drop down menu and click "Track this topic".

On to business...using firefox then, return to the link I provided above and scan with Kaspersky following these instructions:
  • At the main page click on "Accept" (after reading the agreement).
  • The necessary files will be downloaded...wait for the Database to finish updating.
Note: If prompted to run or update your Java, follow the prompts to do so. (Kaspersky requires Java to run).
  • Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
  • Select Scan Report.
  • If any threats were found they will appear in the report
  • Select "Save error report as"
Then in the file name just type in kaspersky Under "save as type" select text .txt Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 mystique13

mystique13
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 16 October 2009 - 10:49 AM

The scan took 16 hours!!! But it found 2 infections that none of the others found. So what do I do to rid myself of these bad boys?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 16, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 16, 2009 00:41:07
Records in database: 3002958
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 315482
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 16:00:48


File name / Threat / Threats count
C:\Program Files\Dell Games\Puzzle Quest - Challenge of the Warlords\Puzzle Quest-WT.exe Infected: Packed.Win32.Krap.w 1
C:\Program Files\WildGames\Bejeweled Twist\BejeweledTwist-WT.exe Infected: Trojan-Dropper.Win32.Delf.dzy 1

Selected area has been scanned.

#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:48 PM

Posted 16 October 2009 - 05:51 PM

I'm very surprised that kaspersky found only those two games. Have you done some cleanup work? Removed quarantined items from your protective software? How 'bout system restore points...have you removed them or have you turned off system restore? Very puzzling.

At this point, we still need to address the two antivirus products you have running. Both are very good but you should decide which to keep and uninstall the other (avira and antivir).

You can also uninstall the following software:
Viewpoint View Manager
Viewpoint Toolbar
Viewpoint media player
or anything else with Viewpoint in it's name.
Java (all versions you have installed are out of date and exploited...we'll install the latest version when we finish up)

Then, go Here and upload those game file executables for a free scan...we need the second opinion as I believe kaspersky may just have reported a fp on these:
C:\Program Files\Dell Games\Puzzle Quest - Challenge of the Warlords\Puzzle Quest-WT.exe
C:\Program Files\WildGames\Bejeweled Twist\BejeweledTwist-WT.exe

Post back those results and advise how the system is behaving for you now. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#13 mystique13

mystique13
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 16 October 2009 - 06:59 PM

I've cleaned out all quarantined files from everywhere. I do have system restore turned on but it was off (unbeknownst to be) before infection. I turned it on a couple days after infection.
When going to Add/Remove Programs, I don't see anything with Viewpoint in the name. I installed Java 6 update 16 so I could run Kaspersky, do I still need to uninstall?
I uninstalled Avira.

Results for C:\Program Files\Dell Games\Puzzle Quest - Challenge of the Warlords\Puzzle Quest-WT.exe
VirSCAN.org Scanned Report :
Scanned time : 2009/10/16 19:57:40 (EDT)
Scanner results: 14% Scanner(5/37) found malware!
File Name : Puzzle Quest-WT.exe
File Size : 4100224 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 6a4130355f6b6f01ea5c29340bb2b66f
SHA1 : ee637006413e2a0dabca31005902f53f59131651
Online report : http://virscan.org/report/7a8c1c1bd2394a2f...30f79fded5.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091017010225 2009-10-17 4.67 -
AhnLab V3 2009.10.17.00 2009.10.17 2009-10-17 1.00 -
AntiVir 8.2.1.35 7.1.6.118 2009-10-16 0.22 -
Antiy 2.0.18 20091016.3012703 2009-10-16 0.12 -
Arcavir 2009 200910161632 2009-10-16 0.22 -
Authentium 5.1.1 200910162138 2009-10-16 9.85 W32/Swizzor-based.2!Maximus (Heuristic)
AVAST! 4.7.4 091016-0 2009-10-16 0.24 -
AVG 8.5.288 270.14.20/2441 2009-10-17 0.41 -
BitDefender 7.81008.4356227 7.28375 2009-10-17 4.16 -
CA (VET) 9.0.0.143 35.1.7071 2009-10-17 7.80 -
ClamAV 0.95.2 9905 2009-10-16 2.02 -
Comodo 3.12 2625 2009-10-16 1.30 -
CP Secure 1.3.0.5 2009.10.16 2009-10-16 0.57 -
Dr.Web 4.44.0.9170 2009.10.16 2009-10-16 6.05 -
F-Prot 4.4.4.56 20091016 2009-10-16 9.42 Possible W32/Swizzor-based.2!Maximus
F-Secure 7.02.73807 2009.10.16.14 2009-10-16 8.86 Packed.Win32.Krap.w [AVP]
Fortinet 2.81-3.120 10.949 2009-10-15 0.45 -
GData 19.8436/19.513 20091017 2009-10-17 5.27 Packed.Win32.Krap.w [Engine:A]
ViRobot 20091016 2009.10.16 2009-10-16 0.41 -
Ikarus T3.1.01.72 2009.10.16.74145 2009-10-16 4.33 -
JiangMin 11.0.800 2009.10.16 2009-10-16 3.72 -
Kaspersky 5.5.10 2009.10.16 2009-10-16 0.28 Packed.Win32.Krap.w
KingSoft 2009.2.5.15 2009.10.16.21 2009-10-16 0.53 -
McAfee 5.3.00 5773 2009-10-16 3.53 -
Microsoft 1.5101 2009.10.16 2009-10-16 5.79 -
Norman 6.01.09 6.01.00 2009-10-16 4.01 -
Panda 9.05.01 2009.10.16 2009-10-16 1.85 -
Trend Micro 8.700-1004 6.550.01 2009-10-16 0.09 -
Quick Heal 10.00 2009.10.16 2009-10-16 3.36 -
Rising 20.0 21.51.44.00 2009-10-16 1.07 -
Sophos 3.00.1 4.46 2009-10-17 2.70 -
Sunbelt 5453 5453 2009-10-16 1.60 -
Symantec 1.3.0.24 20091016.003 2009-10-16 0.12 -
nProtect 20091014.02 5818832 2009-10-14 7.63 -
The Hacker 6.5.0.2 v00044 2009-10-16 0.71 -
VBA32 3.12.10.11 20091016.1550 2009-10-16 2.35 -
VirusBuster 4.5.11.10 10.112.70/2008421 2009-10-16 3.55 -

Results for C:\Program Files\WildGames\Bejeweled Twist\BejeweledTwist-WT.exe
VirSCAN.org Scanned Report :
Scanned time : 2009/10/16 20:05:26 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : BejeweledTwist-WT.exe
File Size : 9755752 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 45132f3fb04277a8c47b8041f7fa48b5
SHA1 : 9fa1651e106458ad1a3272be4926cbacf1fd400d
Online report : http://virscan.org/report/89c0a998a9a84a3d...e3b84f7f1c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091017010225 2009-10-17 7.33 -
AhnLab V3 2009.10.17.00 2009.10.17 2009-10-17 0.98 -
AntiVir 8.2.1.35 7.1.6.118 2009-10-16 0.57 -
Antiy 2.0.18 20091016.3012703 2009-10-16 0.53 -
Arcavir 2009 200910161632 2009-10-16 0.23 -
Authentium 5.1.1 200910162138 2009-10-16 6.23 -
AVAST! 4.7.4 091016-0 2009-10-16 0.49 -
AVG 8.5.288 270.14.20/2441 2009-10-17 0.41 -
BitDefender 7.81008.4356227 7.28375 2009-10-17 3.82 -
CA (VET) 9.0.0.143 35.1.7071 2009-10-17 6.82 -
ClamAV 0.95.2 9905 2009-10-16 5.09 -
Comodo 3.12 2625 2009-10-16 0.74 -
CP Secure 1.3.0.5 2009.10.16 2009-10-16 0.83 -
Dr.Web 4.44.0.9170 2009.10.16 2009-10-16 6.20 -
F-Prot 4.4.4.56 20091016 2009-10-16 5.93 -
F-Secure 7.02.73807 2009.10.16.14 2009-10-16 0.31 -
Fortinet 2.81-3.120 10.949 2009-10-15 0.36 -
GData 19.8436/19.513 20091017 2009-10-17 6.20 -
ViRobot 20091016 2009.10.16 2009-10-16 0.41 -
Ikarus T3.1.01.72 2009.10.16.74145 2009-10-16 4.50 -
JiangMin 11.0.800 2009.10.16 2009-10-16 3.97 -
Kaspersky 5.5.10 2009.10.16 2009-10-16 0.23 -
KingSoft 2009.2.5.15 2009.10.16.21 2009-10-16 1.40 -
McAfee 5.3.00 5773 2009-10-16 3.49 -
Microsoft 1.5101 2009.10.16 2009-10-16 6.33 -
Norman 6.01.09 6.01.00 2009-10-16 4.00 -
Panda 9.05.01 2009.10.16 2009-10-16 2.02 -
Trend Micro 8.700-1004 6.550.01 2009-10-16 0.10 -
Quick Heal 10.00 2009.10.16 2009-10-16 6.48 -
Rising 20.0 21.51.44.00 2009-10-16 0.99 -
Sophos 3.00.1 4.46 2009-10-17 9.87 -
Sunbelt 5453 5453 2009-10-16 1.72 -
Symantec 1.3.0.24 20091016.003 2009-10-16 0.31 -
nProtect 20091014.02 5818832 2009-10-14 8.05 -
The Hacker 6.5.0.2 v00044 2009-10-16 0.83 -
VBA32 3.12.10.11 20091016.1550 2009-10-16 1.99 -
VirusBuster 4.5.11.10 10.112.70/2008421 2009-10-16 4.99 -

Edited by mystique13, 16 October 2009 - 07:23 PM.


#14 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:48 PM

Posted 16 October 2009 - 10:46 PM

OK, you should be able to uninstall those games. Look for them in add/remove, and look for:
jre1.5.0_06
...and uninstall it. It may appear in the listing as Java Runtime Environment (JRE) 5.0 Update 6
The dds log showed that "c:\program files\java\jre1.5.0_06" is one of the FF plugins.

Do you have hijackthis installed? If not, click HERE to download HijackThis.

Under HijackThis downloads:, click the "Installer" link. Double click on the installer and it will be installed by default here:
C:\Program Files\Trend Micro\HijackThis...and A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation. You can double click the icon that was placed on the Desktop to run subsequent hijackthis scans or you can use the icon inside the folder.

The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click Do a system scan and save a logfile. Copy and paste the contents of that log in your next reply. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#15 mystique13

mystique13
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 17 October 2009 - 01:53 PM

I uninstalled the games and Java.
Installed HijackThis and received the following errors when trying to perform a scan
Please help us improve HijackThis by reporting this error

Click 'Yes' to submit

Error Details:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version: 8.0.6001.18702
HijackThis version: 2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:24 PM, on 10/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\WildGames\Game Console - WildGames\GameConsole-wt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 itsecure.microsoft.com
O1 - Hosts: 209.44.111.62 avremover-pro.com
O1 - Hosts: 209.44.111.62 www.avremover-pro.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [arcsoft connection service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O20 - AppInit_DLLs: c:\windows\system32\boponase.dll,bemevaja.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8699 bytes

Let me know what I should get rid of.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users