Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection type(if any) unknown


  • This topic is locked This topic is locked
2 replies to this topic

#1 edkjr

edkjr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 14 November 2009 - 06:58 AM

Hello and Thank You in advance for any help. I'm not sure if I have an infection but anything I have running (games etc.) minimize for no apparent reason then often experience a problem and need to close. This has only been occurring for app. one week. I always have Windows Firewall enabled and I use AVG Free Edition anti-virus. I use CCleaner several times daily to keep cookies and temp files cleaned out. I also run Sybot Search& Destroy as well as Ad-AwareSE but all scans come back clean. It's almost as if a pop-up has been activated yet there is no visible pop-up window. Could it be a back door program? Since nothing has been found in the above scans I thought I would post here and hopefully get an idea what might be causing this.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Ed at 6:11:52.68 on Sat 11/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1115 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Download\Utilities\DDSTool\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - c:\program files\devicevm\browser configuration utility\IEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.17\AsRunHelp.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [AudioHQU] c:\program files\creative\sblive\audiohq\AHQTBU.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243823173187
DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} - hxxp://csweb.netgame.com/main/MLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1004.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-5 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-4 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-4 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-5 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-5 285392]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-28 212232]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-6-16 12672]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-5-31 10384]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-11-12 582992]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2007-5-1 132232]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-11-12 206608]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-28 1684736]
S3 cpuz130;cpuz130;\??\c:\docume~1\ed\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ed\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-11-12 206608]

=============== Created Last 30 ================


==================== Find3M ====================

2009-11-10 14:01:00 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-07 19:18:30 189184 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-07 18:05:07 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-05 16:25:19 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-05 16:25:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 02:31:17 139152 ----a-w- c:\docume~1\ed\applic~1\PnkBstrK.sys
2009-09-02 02:30:55 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 07:04:24 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 07:04:08 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-17 07:03:44 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 07:03:38 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 07:03:28 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 07:03:28 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 07:03:22 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 07:03:02 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 07:03:00 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 07:03:00 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-17 07:03:00 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-17 07:03:00 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-17 07:02:52 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-17 04:57:00 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-17 04:57:00 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-17 04:57:00 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-17 04:57:00 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-17 04:57:00 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-17 04:57:00 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-17 04:57:00 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-17 04:57:00 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-17 04:57:00 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-17 04:57:00 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-16 20:27:12 116840 ----a-w- c:\windows\hpqins00.dat

============= FINISH: 6:12:13.84 ===============

Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/1/2009 12:10:47 AM
System Uptime: 11/12/2009 9:26:35 PM (33 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+ | Socket M2 | 2611/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 332.195 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP115: 8/16/2009 4:23:02 PM - Removed HP Update
RP116: 8/16/2009 4:23:06 PM - Installed HP Update.
RP117: 8/17/2009 4:41:18 PM - System Checkpoint
RP118: 8/18/2009 5:41:18 PM - System Checkpoint
RP119: 8/19/2009 2:05:40 PM - Software Distribution Service 3.0
RP120: 8/20/2009 12:21:12 AM - Installed Java™ 6 Update 15
RP121: 8/21/2009 12:40:16 AM - System Checkpoint
RP122: 8/22/2009 3:54:03 AM - System Checkpoint
RP123: 8/23/2009 4:36:28 AM - System Checkpoint
RP124: 8/24/2009 5:20:54 AM - System Checkpoint
RP125: 8/25/2009 6:30:58 AM - System Checkpoint
RP126: 8/26/2009 6:42:32 AM - System Checkpoint
RP127: 8/27/2009 8:00:19 AM - System Checkpoint
RP128: 8/28/2009 8:02:45 AM - System Checkpoint
RP129: 8/28/2009 9:48:20 AM - Avg8 Update
RP130: 8/28/2009 9:49:36 AM - Avg8 Update
RP131: 8/29/2009 10:02:18 AM - System Checkpoint
RP132: 8/30/2009 10:34:08 AM - System Checkpoint
RP133: 8/31/2009 11:34:08 AM - System Checkpoint
RP134: 9/1/2009 12:34:08 PM - System Checkpoint
RP135: 9/2/2009 1:34:08 PM - System Checkpoint
RP136: 9/3/2009 3:38:46 PM - System Checkpoint
RP137: 9/4/2009 4:32:30 PM - System Checkpoint
RP138: 9/5/2009 6:42:25 PM - System Checkpoint
RP139: 9/6/2009 11:46:31 PM - System Checkpoint
RP140: 9/8/2009 2:38:57 AM - System Checkpoint
RP141: 9/9/2009 3:32:40 AM - System Checkpoint
RP142: 9/10/2009 6:06:47 AM - System Checkpoint
RP143: 9/11/2009 6:32:42 AM - System Checkpoint
RP144: 9/11/2009 11:40:27 AM - Installed Futuremark SystemInfo
RP145: 9/11/2009 4:12:54 PM - Software Distribution Service 3.0
RP146: 9/12/2009 4:35:33 PM - System Checkpoint
RP147: 9/13/2009 4:31:07 PM - Installed Call of Duty® 2
RP148: 9/13/2009 5:06:22 PM - Installed Call of Duty® 2 Patch 1.3
RP149: 9/14/2009 6:05:45 PM - System Checkpoint
RP150: 9/15/2009 6:50:08 PM - System Checkpoint
RP151: 9/16/2009 6:57:15 PM - System Checkpoint
RP152: 9/17/2009 7:48:12 PM - System Checkpoint
RP153: 9/18/2009 8:35:11 PM - System Checkpoint
RP154: 9/19/2009 5:32:17 PM - Software Distribution Service 3.0
RP155: 9/20/2009 2:13:43 PM - Installed Call of Duty® - World at War™ 1.6 Patch
RP156: 9/21/2009 2:41:23 PM - System Checkpoint
RP157: 9/22/2009 12:24:13 AM - Installed Call of Duty - United Offensive
RP158: 9/23/2009 12:41:23 AM - System Checkpoint
RP159: 9/24/2009 1:22:03 AM - System Checkpoint
RP160: 9/25/2009 2:13:31 AM - System Checkpoint
RP161: 9/26/2009 2:57:53 AM - System Checkpoint
RP162: 9/27/2009 3:13:31 AM - System Checkpoint
RP163: 9/27/2009 4:04:45 PM - Installed VZAccess Manager for RIM.
RP164: 9/28/2009 5:36:14 PM - System Checkpoint
RP165: 9/29/2009 7:16:31 PM - System Checkpoint
RP166: 9/30/2009 7:19:28 PM - System Checkpoint
RP167: 10/1/2009 7:21:41 PM - System Checkpoint
RP168: 10/2/2009 8:21:41 PM - System Checkpoint
RP169: 10/3/2009 9:21:41 PM - System Checkpoint
RP170: 10/4/2009 11:10:44 PM - System Checkpoint
RP171: 10/5/2009 8:53:11 AM - Avg8 Update
RP172: 10/5/2009 8:53:48 AM - Avg8 Update
RP173: 10/5/2009 5:29:42 PM - Installed 3DVIA player 5.0
RP174: 10/8/2009 12:42:02 PM - Avg8 Update
RP175: 10/10/2009 1:28:07 AM - Restore Operation
RP176: 10/10/2009 1:32:37 AM - Avg8 Update
RP177: 10/28/2009 12:08:50 PM - Installed Browser Configuration Utility
RP178: 10/28/2009 12:09:24 PM - Installed AMD Processor Driver
RP179: 10/28/2009 12:09:44 PM - Installed Realtek High Definition Audio Driver
RP180: 10/28/2009 12:14:07 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP181: 10/28/2009 12:15:11 AM - Avg8 Update
RP182: 10/28/2009 12:16:02 AM - Avg8 Update
RP183: 10/28/2009 12:37:02 PM - Restore Operation
RP184: 10/28/2009 7:44:59 PM - Unsigned driver install
RP185: 10/29/2009 8:00:07 AM - Avg8 Update
RP186: 10/29/2009 8:00:51 AM - Avg8 Update
RP187: 10/30/2009 8:11:16 AM - System Checkpoint
RP188: 10/31/2009 9:07:56 AM - System Checkpoint
RP189: 11/1/2009 3:23:12 AM - Removed America's Army Utility Package
RP190: 11/1/2009 4:29:33 PM - Installed Realtek High Definition Audio Driver
RP191: 11/2/2009 5:05:41 PM - System Checkpoint
RP192: 11/3/2009 9:57:32 AM - Software Distribution Service 3.0
RP193: 11/3/2009 10:06:35 AM - Avg8 Update
RP194: 11/3/2009 8:07:53 PM - Installed Java™ 6 Update 17
RP195: 11/3/2009 8:41:43 PM - Installed HP Print Diagnostic Utility
RP196: 11/4/2009 9:31:14 PM - System Checkpoint
RP197: 11/5/2009 12:24:54 PM - Installed AVG Free 9.0
RP198: 11/6/2009 4:26:54 PM - System Checkpoint
RP199: 11/7/2009 5:12:37 PM - System Checkpoint
RP200: 11/7/2009 8:23:57 PM - Software Distribution Service 3.0
RP201: 11/7/2009 8:26:50 PM - Software Distribution Service 3.0
RP202: 11/8/2009 7:03:14 PM - Configured IL-2 Sturmovik 1946
RP203: 11/8/2009 9:05:56 PM - Installed IL-2 Sturmovik 1946
RP204: 11/9/2009 8:14:47 PM - Installed Windows XP KB954708.
RP205: 11/9/2009 8:15:01 PM - Installed DirectX
RP206: 11/10/2009 9:00:18 AM - Avg8 Update
RP207: 11/10/2009 9:01:07 AM - Avg8 Update
RP208: 11/10/2009 2:53:01 PM - Software Distribution Service 3.0
RP209: 11/11/2009 3:05:33 PM - System Checkpoint
RP210: 11/12/2009 8:52:06 AM - Avg8 Update
RP211: 11/12/2009 9:02:23 PM - Installed Trend Micro RUBotted
RP212: 11/13/2009 9:30:51 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
6400_Help
AA3Deploy
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AMD Processor Driver
ASUSUpdate
AVG Free 9.0
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Configuration Utility
BufferChm
Call of Duty
Call of Duty - United Offensive
Call of Duty® - World at War™
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.3 Patch
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.5 Patch
Call of Duty® - World at War™ 1.6 Patch
Call of Duty® 2
Call of Duty® 2 Patch 1.3
CCleaner
CDDRV_Installer
CPUID CPU-Z 1.52.2
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DH Driver Cleaner.NET
Diskeeper 2008 Home
DocMgr
DocProc
DocProcQFolder
Download Manager 2.3.9
Dual-Core Optimizer
EAX4 Unified Redist
erLT
eSupportQFolder
Fax
ffdshow [rev 2946] [2009-05-15]
Futuremark SystemInfo
Glary Utilities 2.17.0.776
Google Toolbar for Internet Explorer
GPBaseService
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Document Manager 1.0
HP Driver Diagnostics
HP Imaging Device Functions 10.0
HP Officejet J6400 Series
HP Photosmart Essential 2.5
HP Print Diagnostic Utility
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Hunting Unlimited 2010
IL-2 Manager 5.0 PF
IL-2 Sturmovik 1946
IncrediMail
J6400
Java™ 6 Update 17
Junk Mail filter update
KhalInstallWrapper
Logitech SetPoint
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OCR Software by I.R.I.S. 10.0
OPERATION7
PC Probe II
ProductContext
PSSWCORE
PunkBuster Services
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Saitek SD6 Programming Software 6.6.6.9
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shop for HP Supplies
SmartWebPrintingOC
Sniper Elite
SolutionCenter
Spybot - Search & Destroy
Status
System Requirements Lab
TeamSpeak 2 RC2
Tom Clancy's Rainbow Six Vegas 2
Tom Clancy's Splinter Cell Double Agent
Toolbox
TrayApp
Trend Micro RUBotted
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WebFldrs XP
WebReg
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/8/2009 11:39:22 PM, error: Print [6161] - The document http://img.photobucket.com/albums/v438/Jod.../Install_1-2/mo owned by Ed failed to print on printer HP Officejet J6400 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 2752512. Number of bytes printed: 2752512. Total number of pages in the document: 1. Number of pages printed: 3. Client machine: \\ED-F01EA8F09E16. Win32 error code returned by the print processor: 0 (0x0).
11/7/2009 8:30:25 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/7/2009 8:29:03 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

RootRepeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/14 06:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAF897000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB85D8000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE5FB000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-1BBB29D1.pf
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{163FA3CF-077C-4857-9F35-FF051DD648E5}\RP124\change.log.2
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\DRMStub-AM.txt:{B3A7B244-0ACC-2FFD-237E-E3154CE1BB46}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Ed\Local Settings\Apps\2.0\DXDB3BQL.88B\ZC1PNJB9.91Q\manifests\AA3Deploy.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Ed\Local Settings\Apps\2.0\DXDB3BQL.88B\ZC1PNJB9.91Q\manifests\AA3Deploy.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xb810887e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xb8108bfe

==EOF==

Edited by Maurice Naggar, 21 November 2009 - 09:04 AM.


BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:12 PM

Posted 21 November 2009 - 09:13 AM

Hello and welcome to BC forums.

Step 1
Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both of those boxes.

Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 2
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 3
Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.
How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

Step 4
Please download & save Malwarebytes Anti-Malware from
http://www.download.com/Malwarebytes-Anti-..._4-10804572.htm or
http://www.besttechie.net/tools/mbam-setup.exe or
http://malwarebytes.gt500.org/mbam.jsp

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Step 5
Reply with copy of the Sysclean log
the MBAM scan log
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:12 PM

Posted 01 December 2009 - 06:39 AM

This thread is closed due to lack of response.
If you are the original poster and still have same issues & wish this re-opened, send a PM to a moderator.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users