Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer virus, many reader_s.exe


  • Please log in to reply
1 reply to this topic

#1 DemonicReaper

DemonicReaper

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 31 March 2010 - 01:10 AM

Hello, just recently i got a bunch of viruses/malware/adware/spyware. At first i problems with the start nvatabus.sys, it would not let me boot up my pc. So i corrected the problem by copying a new "navatabus.sys" into the correct directory by using the xp install cd. This allowed me to boot up my oc, but know i am having other issues, such as being slow, limited access to sites on the internet, and ect. I have tried running several programs. I have used ccleaner, vundofix, truesword, and trojan remover successfully. Other programs i have tried to use are prevxcsi and spyware doctor, but both were useless because i could not access the database needed to update/run the program. I have tried running combofix, but the program comes up with a warning saying "Cannot run, not safe". The last program i tried using "superantispyware" would run the scan but come up with the blue screen of death. I have removed several infected files but, i know there is more. The main file reader_s.exe keeps coming up in scans and doesn't seem to be ever completely removed. I have run checks in both safemode and regular mode but, i cant seem to get rid of the problem. Any help would be greatly appreciated.

*** First problem i noticed were porn icons that randomly appeared on my desktop***

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mantis at 22:14:59.50 on Tue 03/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.878 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\docume~1\mantis\locals~1\temp\cp1 .exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\PereSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Prevx\prevx.exe
C:\program files\microsoft activesync\wcescomm .exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Documents and Settings\Mantis\reader_s.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\program files\creative\sbaudigy2zs\surround mixer\ctsysvol .exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\verizon\mccitrayapp .exe
c:\program files\cyberlink\powerdvd\pdvdserv .exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
c:\program files\poweriso\pwrisovm .exe
C:\WINDOWS\System32\Rundll32.exe
c:\program files\java\jre6\bin\jusched .exe
c:\program files\itunes\ituneshelper .exe
c:\program files\quicktime\qttask .exe
svchost.exe C:\WINDOWS\TEMP\VRTA.tmp
c:\progra~1\avg\avg9\avgtray .exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Verizon\McciBrowser.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: {b5fc0079-a296-4b5e-87c2-76588e4df3a9} - nokehini.dll
BHO: Club Bing Toolbar Helper: {b771fea3-2a05-4c21-b1e2-55551a97d520} - c:\program files\club bing toolbar helper\Bmbho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Club Bing Toolbar: {719d74ab-1af9-43a1-8c62-d8750628d93e} - c:\program files\club bing toolbar\Toolbar.dll
TB: Club Bing Toolbar Helper: {b771fea3-2a05-4c21-b1e2-55551a97d520} - c:\program files\club bing toolbar helper\Bmbho.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm .exe"
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Google Update] "c:\documents and settings\mantis\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [YVIBBBHA8C] c:\docume~1\mantis\locals~1\temp\cp1 .exe
uRun: [reader_s] c:\documents and settings\mantis\reader_s.exe
uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom\apdproxy.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Firefly] c:\program files\snapstream media\firefly\Firefly.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [V0270Mon.exe] c:\windows\V0270Mon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [lcqkc] c:\windows\system32\lcqkc.exe \u
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [TrojanScanner] c:\documents and settings\mantis\my documents\downloads\trojan remover\Trjscan.exe /boot
mRun: [srv] "c:\windows\system32\srv.net"
mRun: [ewrgetuj] c:\docume~1\mantis\locals~1\temp\geurge.exe
mRun: [owjngz] RUNDLL32.EXE c:\windows\system32\msbyylfy.dll,w
mRun: [wuyokudapi] Rundll32.exe "degorota.dll",s
mRun: [rmosnq] RUNDLL32.EXE c:\windows\system32\msyblkya.dll,w
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [reader_s] c:\documents and settings\mantis\reader_s.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - hxxp://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - hxxp://www.cyberlink.com/winxp/CheckDVD.cab
DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} - hxxp://media.labs.live.com/all/ps/_code_/Photosynth.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188940771484
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188940737906
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
DPF: {871AA60B-D425-4784-AD09-6C2E63342CAD} - hxxp://download.verizon.net/sfp/Cabs/dlink/webinstall/FrmUpDLink11047.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8B7D2210-CC81-4F59-A486-4409FB485D4A} - hxxp://www2.verizon.net/help/fios_settings/includes/vzTCPConfig.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://www.windowsecurity.com/trojanscan/axscan.cab
DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} - hxxp://speedtest.adelphia.net/customerdiag/speedtest/SPEEDTESTACTIVEX.CAB
DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - hxxp://www.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax3606.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4981/mcfscan.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.196.24/DGTx.CAB
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: NameServer = 93.188.164.22,93.188.161.146
TCP: {2E1E2F00-55A2-4E0D-A80C-28985EC05F48} = 93.188.164.22,93.188.161.146
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: dikoyahe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: jarisilum - {e55f7d1c-b060-43f5-b3cf-d9c270243eee} - No File
SSODL: GootkitSSO - {7B1E182E-19B1-49CC-8835-CC068DEA7A4A} - c:\windows\system32\msxsltsso.dll
STS: {e55f7d1c-b060-43f5-b3cf-d9c270243eee}: tokatiluy
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli hiyupifa.dll dikoyahe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mantis\applic~1\mozilla\firefox\profiles\dreeekeu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff30\gears.dll
FF - plugin: c:\documents and settings\mantis\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\mantis\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\mantis\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-30 217032]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-3-30 22536]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-26 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-9-25 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-26 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-30 112592]
R2 Cepstral License Server;Cepstral License Server;c:\program files\cepstral\bin\CepstralLicSrv.exe [2008-6-24 81920]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-3-30 4150840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-23 54752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-8-17 3712]
R2 peresvc;peresvc Service;c:\windows\system32\PereSvc.exe [2001-8-23 69120]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2005-12-8 15840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-30 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-30 1142224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-2 49152]
R3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [2008-1-16 227488]
R3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [2008-1-16 7424]
S2 BtwSvc;BtwSvc;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2004-11-1 262144]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-23 22821]
S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2001-10-17 25434]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2009-6-24 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2009-6-24 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2009-6-24 28032]
S3 TucbAudio;TucbAudio;c:\windows\system32\drivers\TucbAudio.sys [2009-10-1 23096]

=============== Created Last 30 ================

2010-03-31 04:55:33 0 d-----w- c:\docume~1\mantis\applic~1\Uniblue
2010-03-31 04:55:22 0 d-----w- c:\program files\Uniblue
2010-03-31 04:46:14 55296 ----a-w- c:\windows\system32\reader_s.exe
2010-03-31 04:46:11 3072 ----a-w- c:\windows\system32\C.tmp
2010-03-31 04:46:05 84 ----a-w- c:\windows\system32\B.tmp
2010-03-31 04:45:55 238920 ----a-w- c:\windows\system32\4792399.exe
2010-03-31 04:45:49 169675 ----a-w- c:\windows\system32\8853113.exe
2010-03-31 03:36:10 238920 ----a-w- c:\windows\system32\8897471.exe
2010-03-31 03:36:08 44 ----a-w- c:\windows\system32\8.tmp
2010-03-31 03:36:03 169675 ----a-w- c:\windows\system32\4052545.exe
2010-03-31 03:22:21 44 ----a-w- c:\windows\system32\6.tmp
2010-03-31 03:22:15 238920 ----a-w- c:\windows\system32\5365824.exe
2010-03-31 03:22:09 93696 ----a-w- c:\windows\system32\w.exe
2010-03-31 03:22:09 169675 ----a-w- c:\windows\system32\6275904.exe
2010-03-31 02:49:44 882 ----a-w- c:\windows\RegSDImport.xml
2010-03-31 02:49:44 879 ----a-w- c:\windows\RegISSImport.xml
2010-03-31 02:49:44 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-31 02:49:44 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-31 02:49:44 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-31 02:49:44 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-31 02:49:44 131 ----a-w- c:\windows\IDB.zip
2010-03-31 02:49:44 1152444 ----a-w- c:\windows\UDB.zip
2010-03-31 02:48:33 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-03-31 02:48:33 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-31 02:48:28 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-31 02:48:28 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-03-31 02:48:28 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-03-31 02:48:28 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-31 02:48:21 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-03-31 02:48:21 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-31 02:48:14 0 d-----w- c:\program files\common files\PC Tools
2010-03-31 02:48:14 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-03-31 02:44:02 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-03-31 02:44:02 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-03-31 01:48:54 238920 ----a-w- c:\windows\system32\8980174.exe
2010-03-31 01:48:50 44544 ----a-w- c:\windows\system32\so.bin
2010-03-31 01:48:50 36864 ----a-w- c:\windows\system32\ms.bin
2010-03-31 01:48:49 44 ----a-w- c:\windows\system32\7.tmp
2010-03-31 01:48:49 169675 ----a-w- c:\windows\system32\6121942.exe
2010-03-31 01:38:15 0 d-----w- c:\windows\ERUNT
2010-03-31 01:35:10 44544 ----a-w- c:\windows\system32\t1p0_584117152823.b1k
2010-03-31 01:35:09 44544 ----a-w- c:\windows\system32\t1p0_69362687414.b1k
2010-03-31 01:34:38 36864 ----a-w- c:\windows\system32\t1p0_836934501808.b1k
2010-03-31 01:34:37 36864 ----a-w- c:\windows\system32\t1p0_812845467726.b1k
2010-03-31 01:34:18 238920 ----a-w- c:\windows\system32\5689158.exe
2010-03-31 01:34:14 36865 ----a-w- c:\windows\system32\msyblkya.dll
2010-03-31 01:34:12 36864 ----a-w- c:\windows\system32\d.bin
2010-03-31 01:34:11 169675 ----a-w- c:\windows\system32\280163.exe
2010-03-31 00:32:53 98 ----a-w- C:\qtf5wrdq73ugv108.bat
2010-03-31 00:32:27 238920 ----a-w- c:\windows\system32\2286753.exe
2010-03-31 00:25:34 0 d-----w- C:\SDFix
2010-03-31 00:05:17 238920 ----a-w- c:\windows\system32\4588694.exe
2010-03-31 00:00:12 238920 ----a-w- c:\windows\system32\5226359.exe
2010-03-30 23:52:36 238920 ----a-w- c:\windows\system32\6306986.exe
2010-03-30 23:42:10 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-30 23:42:03 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-30 23:42:03 0 d-----w- c:\docume~1\mantis\applic~1\SUPERAntiSpyware.com
2010-03-30 23:26:11 47616 ----a-w- c:\windows\system32\9610036.exe
2010-03-30 23:22:33 44 ----a-w- c:\documents and settings\mantis\E.tmp
2010-03-30 23:12:40 94720 ----a-w- C:\rundll32.exe
2010-03-30 23:12:40 94720 ----a-w- C:\rundll32 .exe
2010-03-30 23:12:17 94720 ----a-w- C:\cthelper.exe
2010-03-30 23:12:16 94720 ----a-w- C:\logi_mwx.exe
2010-03-30 23:01:41 42496 ----a-w- c:\windows\system32\msxsltsso.dll
2010-03-30 23:01:37 182912 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-03-30 23:00:22 238920 ----a-w- c:\windows\system32\6636576.exe
2010-03-30 22:56:23 238920 ----a-w- c:\windows\system32\5280222.exe
2010-03-30 22:56:19 36865 ----a-w- c:\windows\system32\msbyylfy.dll
2010-03-30 22:56:05 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2010-03-30 22:56:05 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2010-03-30 22:56:05 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-03-30 22:56:05 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2010-03-30 22:55:57 0 d-----w- c:\program files\Spyware Doctor
2010-03-30 22:55:57 0 d-----w- c:\docume~1\mantis\applic~1\PC Tools
2010-03-30 22:55:18 3 ----a-w- c:\windows\system32\fhpatch.dll
2010-03-30 22:55:18 0 ----a-w- c:\windows\system32\fiplock.dll
2010-03-30 22:54:55 573440 ----a-w- c:\windows\system32\IPHACTION.dll
2010-03-30 22:52:58 22536 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-03-30 22:52:58 0 d-----w- c:\program files\Prevx
2010-03-30 22:51:16 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-30 22:51:14 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 22:51:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 22:41:48 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-03-30 22:29:34 238920 ----a-w- c:\windows\system32\5384135.exe
2010-03-30 22:29:27 47616 ----a-w- c:\windows\system32\686498.exe
2010-03-30 22:26:29 54784 ----a-w- c:\documents and settings\mantis\reader_s.exe
2010-03-30 22:26:29 54784 ----a-w- c:\documents and settings\mantis\reader_s .exe
2010-03-30 22:26:19 44 ----a-w- c:\documents and settings\mantis\11.tmp
2010-03-30 15:02:45 52608 ----a-w- c:\windows\system32\drivers\nvatabus.sys
2010-03-30 06:02:59 135168 ----a-w- c:\windows\system32\nmklo.dll.vir
2010-03-30 05:39:15 94720 ----a-w- c:\windows\system32\cthelper.exe
2010-03-30 05:29:06 94720 ----a-w- c:\documents and settings\mantis\rundll32.exe
2010-03-30 05:26:53 94720 ----a-w- c:\documents and settings\mantis\cthelper.exe
2010-03-30 05:26:52 94720 ----a-w- c:\documents and settings\mantis\khalmnpr.exe
2010-03-30 05:26:51 94720 ----a-w- c:\documents and settings\mantis\logi_mwx.exe
2010-03-30 05:19:13 0 d-----w- c:\windows\system32\GroupPolicy
2010-03-30 05:18:52 54784 ----a-w- c:\windows\system32\reader_s .exe
2010-03-30 05:18:16 238920 ----a-w- c:\windows\system32\5564646.exe
2010-03-30 05:18:15 47616 ----a-w- c:\windows\system32\3677877.exe
2010-03-30 05:18:12 154455 ----a-w- c:\windows\system32\3237726.exe
2010-03-30 05:14:08 238920 ----a-w- c:\windows\system32\661262.exe
2010-03-30 05:14:06 70656 ----a-w- c:\windows\system32\w.exe.vir
2010-03-30 05:14:00 47616 ----a-w- c:\windows\system32\6870931.exe
2010-03-30 05:13:28 154455 ----a-w- c:\windows\system32\657757.exe
2010-03-30 05:13:27 65024 ----a-w- c:\windows\system32\bb52fkri.few
2010-03-30 05:13:27 32768 ----a-w- c:\windows\system32\23rh46g.4e
2010-03-30 05:13:12 0 ----a-w- c:\windows\SC.INS
2010-03-30 05:13:11 577536 ----a-w- c:\windows\system32\user32.DLL
2010-03-30 05:13:11 577536 ----a-w- c:\windows\system32\paqiqo
2010-03-30 05:12:10 314880 ----a-w- c:\windows\system32\cooper.mine
2010-03-30 05:07:58 94720 ----a-w- c:\windows\system32\khalmnpr.exe
2010-03-30 05:07:58 94720 ----a-w- c:\windows\system32\khalmnpr .exe
2010-03-30 05:07:57 94720 ----a-w- c:\windows\system32\logi_mwx.exe.delme173
2010-03-30 05:07:57 94720 ----a-w- c:\windows\system32\logi_mwx.exe
2010-03-30 05:07:57 94720 ----a-w- c:\windows\system32\logi_mwx .exe
2010-03-30 05:07:51 94720 ----a-w- c:\windows\updreg.exe.delme171
2010-03-30 05:07:51 94720 ----a-w- c:\windows\updreg.exe
2010-03-30 05:01:00 93696 ----a-w- c:\windows\system32\app_dll.dll
2010-03-30 04:58:51 30720 ----a-w- c:\windows\system32\OLD1907.tmp
2010-03-30 04:58:39 539136 ----a-w- c:\windows\system32\OLD1904.tmp
2010-03-30 04:58:36 94720 ----a-w- c:\windows\system32\lcqkc.exe.delme203
2010-03-30 04:58:36 94720 ----a-w- c:\windows\system32\lcqkc.exe
2010-03-30 04:58:36 94720 ----a-w- c:\windows\system32\lcqkc .exe
2010-03-30 04:58:26 49152 ----a-w- c:\windows\system32\OLD1901.tmp
2010-03-30 04:58:23 0 d-----w- c:\windows\_VOIDouqxphxrxv
2010-03-30 04:58:00 6 ----a-w- c:\windows\system32\ipjy.dll
2010-03-30 04:57:55 30720 ----a-w- c:\windows\system32\OLD18FD.tmp
2010-03-30 04:57:07 197120 ----a-w- c:\windows\Chucua.exe.vir
2010-03-30 04:56:59 208384 ----a-w- c:\windows\system32\OLD18FA.tmp
2010-03-30 04:55:47 110661 ----a-w- c:\windows\system32\srv.net
2010-03-24 16:57:31 200704 ----a-w- c:\windows\system32\nvusmb.exe
2010-03-24 16:57:31 196608 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-24 16:57:31 196608 ----a-w- c:\windows\system32\nvuide.exe
2010-03-19 00:19:54 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-19 00:19:54 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-19 00:19:54 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-19 00:19:54 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-19 00:19:54 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-19 00:19:53 0 d-----w- c:\program files\Trojan Remover
2010-03-19 00:19:53 0 d-----w- c:\docume~1\mantis\applic~1\Simply Super Software
2010-03-19 00:19:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-03-12 17:02:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-03-31 04:45:53 94720 ----a-w- c:\windows\v0270mon.exe
2010-03-31 00:31:28 94720 ----a-w- c:\windows\v0270mon .exe
2010-03-31 00:12:32 5732 ----a-w- c:\windows\system32\tmp.reg
2010-03-30 23:01:37 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-03-30 05:08:01 94720 ----a-w- c:\windows\system32\cthelper .exe
2010-03-30 05:02:06 79360 ----a-w- c:\windows\system32\drivers\nvatabus.sys.vir
2010-03-30 04:58:02 94720 ----a-w- c:\windows\updreg .exe
2010-03-12 17:02:19 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 17:01:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-24 04:34:21 104940 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-16 02:01:49 536825 ----a-w- C:\HaxFix.exe
2010-02-11 03:16:10 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-06 21:03:34 58880 ----a-w- c:\documents and settings\mantis\dvuav.exe.vir
2007-01-11 22:42:26 4 ----a-w- c:\program files\common files\Cvtaqlog.dat
2006-02-03 22:29:50 7759 ----a-w- c:\program files\key (154 x 99).jpg
2005-04-05 19:16:14 0 ----a-w- c:\program files\Inspection Report Creator (DEMO)movies_rpt.dat
1601-01-01 00:03:52 65536 --sha-w- c:\windows\system32\dikoyahe.dll
2008-09-21 14:08:05 7520 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:15:45.04 ===============

Attached Files


Edited by DemonicReaper, 31 March 2010 - 01:38 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:11 AM

Posted 31 March 2010 - 03:06 PM

Hello,

I'm afraid that your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary.

QUOTE
The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.
CA Virus detail of W32/Virut

QUOTE
The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.
McAfee Risk Assessment and Overview of W32/Virut

QUOTE
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.
AVG Overview of W32/VirutVirut is commonly spread via a flash drive (usb, pen, thumb, jump) infection using RUNDLL32.EXE and other malicious files. It is often contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

QUOTE
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...
Keygen and Crack Sites Distribute VIRUX and FakeAV

However, the CA Security Advisor Research Blog have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Since virut is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:
2 guidelines when backing up your data prior to reinstallation:

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do NOT backup any applications/installers and Do NOT backup any files with the following extensions
  • .exe
  • .scr
  • .htm
  • .html
  • .xml
  • .zip
  • .rar

This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Orange Blossom fruits_cherry.gif

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users