Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Horse Cryptic.EK


  • This topic is locked This topic is locked
6 replies to this topic

#1 Nosaji

Nosaji

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:15 PM

Posted 14 April 2010 - 09:50 PM

Can someone please help me? I've been infected with a trojan Horse called Cryptic.EK. My AVG anti-virus manages to catch it whenever it pops-up but but it just keeps coming back.

Here is my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:18 PM, on 4/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Jason\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Documents and Settings\Jason\My Documents\Mal-Busters\Process Explorer\procexp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Jason\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFE25519-838E-4815-9113-611642F6CFC8}: NameServer = 209.18.47.61,209.18.47.62
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService GhostStartServiceSwPrv (GhostStartServiceSwPrv) - Unknown owner - C:\WINDOWS\system32\3076o.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7865 bytes


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:15 AM

Posted 19 April 2010 - 12:14 AM

Hi,

In which item AVG detects the infection?

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #3 Nosaji

    Nosaji
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:04:15 PM

    Posted 19 April 2010 - 01:19 PM

    It found the virus in svchost.exe. However it seems that a recent AVG update managed to find and get rid of the virus that I had issues with but I keep seeing viral activity pop up from time to time coming from svchost. Well anyway here are my logs I'd appreciate it if you looked through it and tell me if you find something AVG could have missed.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Jason at 11:06:47.53 on 04/19/2010 Mon
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.2046.1229 [GMT -7:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Documents and Settings\Jason\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jason\My Documents\Mal-Busters\dds.com
    C:\WINDOWS\system32\conime.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\youtube downloader toolbar\SearchSettings.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\youtube downloader toolbar\SearchSettings.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\1.0\youtubedownloaderToolbarIE.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\1.0\youtubedownloaderToolbarIE.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [TuneUp MemOptimizer] "c:\program files\tuneup utilities 2006\MemOptimizer.exe" autostart
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
    mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [SearchSettings] "c:\program files\youtube downloader toolbar\SearchSettings.exe"
    StartupFolder: c:\docume~1\jason\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jason\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-explorer: NoInstrumentation = 1 (0x1)
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: %SYSTEMROOT%\system32\nvappfilter.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    TCP: {AFE25519-838E-4815-9113-611642F6CFC8} = 209.18.47.61,209.18.47.62
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\5eo3zuvu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\youtube downloader toolbar\ssff\components\SearchSettingsFF.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\jason\application data\mozilla\firefox\profiles\5eo3zuvu.default\extensions\openxmlviewer@codeplex.com\plugins\npDocX.dll
    FF - plugin: c:\documents and settings\jason\application data\mozilla\firefox\profiles\5eo3zuvu.default\extensions\openxmlviewer@codeplex.com\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-7-14 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-7-14 5248]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-4 216200]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-4 29512]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-4 242696]
    R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-2-4 353672]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-2-19 380928]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
    R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-8-29 45824]
    R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
    R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-8-29 56960]
    R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
    S2 GhostStartServiceSwPrv;GhostStartService GhostStartServiceSwPrv;c:\windows\system32\3076o.exe srv --> c:\windows\system32\3076o.exe srv [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-7 1684736]
    S3 dump_wmimmc;dump_wmimmc;\??\f:\ijji\english\gunz\gameguard\dump_wmimmc.sys --> f:\ijji\english\gunz\gameguard\dump_wmimmc.sys [?]
    S3 krdpdre;krdpdre;\??\c:\docume~1\jason\locals~1\temp\krdpdre.sys --> c:\docume~1\jason\locals~1\temp\krdpdre.sys [?]
    S3 NAVAP;NAVAP;c:\windows\system32\drivers\NAVAP.SYS [2001-12-8 183872]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20020228.020\NAVENG.SYS [2009-6-15 65920]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20020228.020\NAVEX15.SYS [2009-6-15 585792]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
    S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2004-7-30 56576]
    S3 XDva269;XDva269;\??\c:\windows\system32\xdva269.sys --> c:\windows\system32\XDva269.sys [?]
    S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]
    S4 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton systemworks\norton antivirus\Navapsvc.exe [2002-2-27 116344]
    S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408]

    =============== Created Last 30 ================

    2010-04-15 19:27:10 0 d-----w- c:\docume~1\jason\applic~1\Search Settings
    2010-04-15 19:27:04 0 d-----w- c:\docume~1\jason\applic~1\YouTube Downloader
    2010-04-15 07:21:37 0 d-----w- c:\program files\Application Updater
    2010-04-15 07:21:35 0 d-----w- c:\program files\YouTube Downloader Toolbar
    2010-04-14 07:51:02 232 --s-a-w- c:\windows\system32\3071474315.dat
    2010-03-30 04:38:36 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-03-26 10:16:26 0 d-----w- c:\docume~1\jason\applic~1\.minecraft

    ==================== Find3M ====================

    2010-03-12 21:39:15 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-12 21:39:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-12 21:38:41 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-02-23 04:26:00 147456 ----a-w- c:\windows\system32\uc_neosteam_launching.dll
    2010-01-22 18:24:36 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll

    ============= FINISH: 11:07:34.06 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/15/2009 12:24:10 AM
    System Uptime: 4/19/2010 10:54:27 AM (1 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P5N-D
    Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 | 2200/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 98 GiB total, 21.838 GiB free.
    D: is FIXED (NTFS) - 298 GiB total, 289.731 GiB free.
    E: is CDROM (CDFS)
    F: is FIXED (NTFS) - 342 GiB total, 84.645 GiB free.
    G: is FIXED (NTFS) - 492 GiB total, 300.599 GiB free.
    I: is CDROM ()
    J: is CDROM ()
    K: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: ATI HDMI Audio
    Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\7&2ECC29F6&0&0001
    Manufacturer: Realtek
    Name: ATI HDMI Audio
    PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\7&2ECC29F6&0&0001
    Service: RTHDMIAzAudService

    Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    Description: USB Gaming Keyboard Pro
    Device ID: USB\VID_06A3&PID_8000&MI_02\6&1A4A8BD4&0&0002
    Manufacturer: Saitek
    Name: USB Gaming Keyboard Pro
    PNP Device ID: USB\VID_06A3&PID_8000&MI_02\6&1A4A8BD4&0&0002
    Service:

    ==== System Restore Points ===================

    RP174: 1/20/2010 12:55:21 AM - System Checkpoint
    RP175: 1/21/2010 1:19:28 AM - System Checkpoint
    RP176: 1/22/2010 3:34:57 PM - System Checkpoint
    RP177: 1/23/2010 4:18:09 PM - System Checkpoint
    RP178: 1/24/2010 5:14:45 PM - System Checkpoint
    RP179: 1/26/2010 1:00:05 AM - Installed Ghostbusters ™: The Video Game
    RP180: 1/27/2010 1:55:21 AM - System Checkpoint
    RP181: 1/28/2010 4:46:31 PM - System Checkpoint
    RP182: 1/29/2010 8:53:31 PM - System Checkpoint
    RP183: 1/31/2010 6:36:45 PM - System Checkpoint
    RP184: 2/1/2010 10:23:31 PM - System Checkpoint
    RP185: 2/2/2010 9:55:47 AM - Avg8 Update
    RP186: 2/3/2010 10:02:45 AM - System Checkpoint
    RP187: 2/4/2010 10:47:44 AM - System Checkpoint
    RP188: 2/5/2010 1:07:38 PM - System Checkpoint
    RP189: 2/6/2010 2:01:16 PM - System Checkpoint
    RP190: 2/9/2010 2:29:23 PM - System Checkpoint
    RP191: 2/10/2010 3:21:53 PM - System Checkpoint
    RP192: 2/11/2010 7:22:14 PM - System Checkpoint
    RP193: 2/12/2010 7:23:46 PM - System Checkpoint
    RP194: 2/12/2010 8:08:05 PM - Installed DupDetector
    RP195: 2/14/2010 1:40:35 PM - System Checkpoint
    RP196: 2/15/2010 2:18:35 PM - System Checkpoint
    RP197: 2/15/2010 6:09:51 PM - Spybot-S&D Spyware removal
    RP198: 2/16/2010 4:37:43 PM - インストール済み Adobe Photoshop
    RP199: 2/17/2010 5:14:35 PM - System Checkpoint
    RP200: 2/18/2010 7:26:44 PM - System Checkpoint
    RP201: 2/20/2010 3:24:36 AM - System Checkpoint
    RP202: 2/20/2010 6:29:05 PM - Installed Touhou Project - Collection 2009.
    RP203: 2/21/2010 8:21:46 PM - System Checkpoint
    RP204: 2/22/2010 10:59:37 PM - System Checkpoint
    RP205: 2/24/2010 2:11:26 AM - System Checkpoint
    RP206: 2/25/2010 1:43:12 PM - System Checkpoint
    RP207: 2/26/2010 2:10:35 PM - System Checkpoint
    RP208: 2/27/2010 4:30:07 PM - System Checkpoint
    RP209: 3/1/2010 2:07:32 AM - System Checkpoint
    RP210: 3/1/2010 6:26:02 AM - Installed DirectX
    RP211: 3/2/2010 10:52:14 AM - System Checkpoint
    RP212: 3/3/2010 10:27:13 AM - Installed AVG Free 9.0
    RP213: 3/3/2010 10:36:22 AM - Avg8 Update
    RP214: 3/4/2010 2:18:06 PM - System Checkpoint
    RP215: 3/5/2010 3:01:03 PM - System Checkpoint
    RP216: 3/6/2010 9:07:31 PM - System Checkpoint
    RP217: 3/8/2010 2:20:05 PM - System Checkpoint
    RP218: 3/9/2010 5:35:06 PM - System Checkpoint
    RP219: 3/10/2010 11:56:33 PM - System Checkpoint
    RP220: 3/12/2010 1:22:05 AM - System Checkpoint
    RP221: 3/12/2010 9:37:48 AM - Avg8 Update
    RP222: 3/12/2010 1:39:26 PM - Avg Update
    RP223: 3/13/2010 7:54:02 PM - System Checkpoint
    RP224: 3/14/2010 8:31:20 PM - System Checkpoint
    RP225: 3/16/2010 12:25:46 AM - System Checkpoint
    RP226: 3/16/2010 11:02:14 AM - Avg Update
    RP227: 3/17/2010 2:48:45 PM - System Checkpoint
    RP228: 3/18/2010 8:20:13 PM - System Checkpoint
    RP229: 3/19/2010 9:29:27 PM - System Checkpoint
    RP230: 3/21/2010 2:34:43 PM - System Checkpoint
    RP231: 3/22/2010 6:02:11 PM - System Checkpoint
    RP232: 3/23/2010 6:13:38 PM - System Checkpoint
    RP233: 3/24/2010 7:11:04 PM - System Checkpoint
    RP234: 3/25/2010 7:55:06 PM - System Checkpoint
    RP235: 3/26/2010 8:52:05 PM - System Checkpoint
    RP236: 3/28/2010 8:17:39 PM - System Checkpoint
    RP237: 3/29/2010 8:10:05 PM - ILLUSION 人工少女3 を削除しました
    RP238: 3/30/2010 11:07:37 PM - System Checkpoint
    RP239: 4/1/2010 1:11:43 AM - System Checkpoint
    RP240: 4/1/2010 12:06:24 PM - Avg Update
    RP241: 4/1/2010 12:07:27 PM - Avg Update
    RP242: 4/2/2010 12:41:38 PM - System Checkpoint
    RP243: 4/3/2010 1:00:47 PM - System Checkpoint
    RP244: 4/4/2010 4:21:17 PM - System Checkpoint
    RP245: 4/5/2010 6:19:46 PM - System Checkpoint
    RP246: 4/6/2010 6:37:14 PM - System Checkpoint
    RP247: 4/7/2010 11:11:22 AM - Avg Update
    RP248: 4/8/2010 11:23:00 PM - System Checkpoint
    RP249: 4/9/2010 11:37:52 PM - System Checkpoint
    RP250: 4/11/2010 12:55:21 PM - System Checkpoint
    RP251: 4/12/2010 7:48:40 PM - System Checkpoint
    RP252: 4/14/2010 11:46:18 AM - Spybot-S&D Spyware removal
    RP253: 4/15/2010 3:55:44 PM - System Checkpoint
    RP254: 4/16/2010 4:15:33 PM - System Checkpoint
    RP255: 4/18/2010 4:56:24 PM - System Checkpoint

    ==== Installed Programs ======================

    "Nero SoundTrax Help
    3ivx MPEG-4 5.0.3 (remove only)
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge 1.0
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Common File Installer
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 Professional
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Help Center 1.0
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS2
    Adobe Reader 9.3.2
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos 1.0
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advertising Center
    AI Suite
    AIM 6
    AIM Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Artificial Girl 3
    Ashampoo Burning Studio 6 FREE
    Assassin's Creed
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    Autodesk 3ds Max 8
    AVG Free 9.0
    Backburner
    BitTornado 0.3.9
    Bonjour
    Borderlands
    BUFFALO INC. DISK FORMATTER
    Call of Duty® 4 - Modern Warfare™
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Canon MP250 series MP Drivers
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner
    CDDRV_Installer
    championBuilder v0.4.0
    Champions Online
    Citrix XenApp Web Plugin
    CMake 2.8 a cross-platform, open-source build system
    Combined Community Codec Pack 2008-01-24
    Compatibility Pack for the 2007 Office system
    Connect
    DAEMON Tools
    Delta3D REL-2.4.0
    DFOLauncher
    DivX Codec
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Web Player
    DolbyFiles
    Download Updater (AOL LLC)
    Driver Detective
    Dropbox
    DupDetector
    erLT
    Exteel
    Fallout 3
    Family Project v1.0
    FL Studio v7.0
    Fraps (remove only)
    Free Video to Mp3 Converter version 3.1
    Game Maker 7.0
    GameSpy Arcade
    Ghostbusters ™: The Video Game
    Hero Lab V3.6
    Heroes of Newerth
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    hp deskjet 5100
    HP Memories Disc
    HP Photo and Imaging 2.0 - Deskjet Series
    hp print screen utility
    HuxleyLite
    HuxleyTheDystopia
    ijji
    ijji - Gunz
    ijji FireFox Launcher 1.0
    ijji REACTOR
    ImagXpress
    Intel® Processor ID Utility
    iTunes
    J2SE Development Kit 5.0 Update 21
    Japanese Fonts Support For Adobe Reader 9
    Java DB 10.4.2.1
    Java™ 6 Update 16
    Java™ SE Development Kit 6 Update 14
    Java™ SE Development Kit 6 Update 16
    JavaFX™ 1.2 SDK
    KhalInstallWrapper
    kuler
    LAME v3.98.2 for Audacity
    Left 4 Dead
    Left 4 Dead 2
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    Menu Templates - Starter Kit
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft DirectX SDK (August 2007)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Platform SDK (3790.1830)
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft WSE 3.0 Runtime
    MobileMe Control Panel
    Movie Templates - Starter Kit
    Mozilla Firefox (3.6.3)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB925673)
    Multiverse Client
    MUSICMATCHR Jukebox
    muvee Plugin 1.0
    MyScribe
    MySQL Server 5.1
    Nero 9 Trial
    Nero Burning ROM Help
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express Help
    Nero InfoTool
    Nero Installer
    Nero Live
    Nero Live Help
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    NeroLiveGadget
    NeroLiveGadget Help
    neroxml
    Neverwinter Nights
    Norton Ghost
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    NVIDIA PhysX v8.10.29
    O&O Defrag Professional Edition
    Pando Media Booster
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PlayNC Launcher
    QuickTime
    Realtek High Definition Audio Driver
    S4 League_EU
    Security Update for Windows XP (KB923789)
    Shin Megami Tensei: Imagine
    SmartDraw 2009
    SoundTrax
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.3
    Steam
    Suguri Perfect Edition 1.0
    Suite Shared Configuration CS4
    Symantec Network Drivers Update
    Torque Game Engine 1.5.2 SDK (remove only)
    Touhou Project - Collection 2008
    Touhou Project - Collection 2009
    TuneUp Utilities 2006
    ubCore
    Uninstall 1.0.0.1
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC 9.0 Runtime
    VC80CRTRedist - 8.0.50727.762
    WebEx
    WebEx Training Manager for Firefox/Netscape/Chrome
    WebFldrs XP
    Windows 7 Upgrade Advisor
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Support Tools
    Windows XP Service Pack 3
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0
    XviD MPEG-4 Codec
    Yahoo! Messenger
    Yahoo! Toolbar
    Youda Sushi Chef
    YouTube Downloader 2.5.4
    YouTube Downloader Toolbar v1.0
    ZoneAlarm
    陽射しの中のリアル

    ==== Event Viewer Messages From Past Week ========

    4/16/2010 9:41:17 AM, error: Service Control Manager [7000] - The TuneUp Design Expansion service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

    ==== End Of File ===========================


    #4 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:15 AM

    Posted 19 April 2010 - 01:24 PM

    Hi,

    BitTornado

    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.


    Please continue as follows:
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #5 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:15 AM

    Posted 26 April 2010 - 08:41 AM

    Hi,

    Do you still need help with this?

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #6 Nosaji

    Nosaji
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:04:15 PM

    Posted 26 April 2010 - 11:28 AM

    Oh man... I'm sorry about that.

    After AVG got rid of the virus my computer kept running smoothly and I ended up resuming my normal routine. It was really rude of me to suddenly forget that someone was trying to help me and I'm really sorry about that. As of right now I don't think I'll need anymore help with this problem and I'd like to thank you for everything you've done.

    Edited by Nosaji, 26 April 2010 - 11:38 AM.


    #7 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:15 AM

    Posted 26 April 2010 - 01:30 PM

    Ok. Thanks for letting us know smile.gif

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users