Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Security Suite Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 h_i_mcdonnough

h_i_mcdonnough

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 23 June 2010 - 07:53 PM

Only way to run DDS logs was in safemode:



DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Russ at 19:42:24.84 on Wed 06/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.736 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated)

{AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark

toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark

toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [bffvohgi] c:\documents and settings\russ\local settings\application

data\qaigvwqqj\rwjffxjtssd.exe
uRun: [asam] c:\documents and settings\russ\local settings\application data\asam.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [lxdvmon.exe] "c:\program files\lexmark x5400 series\lxdvmon.exe"
mRun: [lxdvamon] "c:\program files\lexmark x5400 series\lxdvamon.exe"
mRun: [Adobe Reader Speed Launcher] "g:\adobe\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "g:\itunes\iTunesHelper.exe"
mRun: [bffvohgi] c:\documents and settings\russ\local settings\application

data\qaigvwqqj\rwjffxjtssd.exe
mRun: [ISTray] "g:\spyware doctor\pctsTray.exe"
mRun: [asam] c:\documents and settings\russ\local settings\application data\asam.exe
StartupFolder: c:\docume~1\russ\startm~1\programs\startup\pictur~1.lnk -

d:\cybershot\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\documents and settings\russ\start menu\programs\startup\PowerReg Scheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {01118400-3E00-11D2-8470-0060089874ED} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -

file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25B82430-A083-4C36-9D72-A4868E744CE2} - hxxp://magic/magictsd/wspellAM.cab
DPF: {26700CD9-6157-4B72-B46F-EC93C952F19C} - hxxp://solarwinds/SWToolset.exe
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} -

hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} -

hxxp://mp1.mplay.oberon-media.com/client/flashnet.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} -

hxxp://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.48.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -

hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -

hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} -

hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} -

hxxp://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -

hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -

hxxp://a.download.toontown.com/sv1.0.33.7/ttinst.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} -

file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} -

hxxp://gamenextus.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -

hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer

.exe
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -

hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\russ\applic~1\mozilla\firefox\profiles\a0fnppvv.default\
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/playsushi_tbard/ws/redir?_iceUrl=true&

user_id=16190117&tool_id=60231&qkw=
FF - component: c:\documents and settings\russ\application

data\mozilla\firefox\profiles\a0fnppvv.default\extensions\{517ca167-b6e8-4397-a0b4-a0074bbe3d5b}\

components\Engine.dll
FF - plugin: c:\documents and settings\all users\application

data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\russ\application

data\mozilla\firefox\profiles\a0fnppvv.default\extensions\oberongamehost@oberongames.com\platform

\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\documents and settings\russ\local settings\application

data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: d:\veetle\player\npvlc.dll
FF - plugin: d:\veetle\plugins\npVeetle.dll
FF - plugin: d:\veetle\vlcbroadcast\npvbp.dll
FF - plugin: g:\adobe\reader\browser\nppdf32.dll
FF - plugin: g:\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: g:\divx\divx plus web player\npdivx32.dll
FF - plugin: g:\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b}

- c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-19 218592]
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2006-8-3 1984]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-21 11608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir

desktop\sched.exe [2009-11-21 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe

[2009-11-21 185089]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-21 56816]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe

[2009-11-3 135664]
S2 iRacingService;iRacing.com Helper Service;g:\iracing\iRacingService.exe [2010-5-21 458912]
S2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service -->

c:\windows\system32\lxdvcoms.exe -service [?]
S2

lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\

lxdvserv.exe [2009-1-19 98984]
S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat

engine\dbk32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service -->

c:\windows\system32\GameMon.des -service [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-3-3 176896]

=============== Created Last 30 ================

2010-06-22 22:22:03 25 ----a-w- c:\windows\herjek.config
2010-06-19 12:49:45 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-19 12:49:45 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-19 12:49:41 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-19 12:49:41 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-19 12:49:41 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-19 12:49:41 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-19 12:49:32 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-19 12:49:32 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-19 12:49:11 0 d-----w- c:\program files\common files\PC Tools
2010-06-19 12:49:11 0 d-----w- c:\docume~1\russ\applic~1\PC Tools
2010-06-19 12:49:11 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-06-19 12:46:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 12:45:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 12:45:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-11 01:28:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-01 14:30:43 0 dc----w- C:\.HackScape10.6_file_store_32

==================== Find3M ====================

2010-06-18 19:07:43 138208 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-18 19:07:29 202304 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-01 15:41:24 87 ----a-w- c:\documents and

settings\russ\jagex_runescape_preferences2.dat
2010-06-01 15:40:12 41 ----a-w- c:\documents and

settings\russ\jagex__preferences3.dat
2010-06-01 15:40:03 69 ----a-w- c:\documents and

settings\russ\jagex_runescape_preferences.dat
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 13:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-02-11 02:44:13 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-08-19 12:41:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 19:43:31.82 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2006 6:19:08 PM
System Uptime: 6/23/2010 7:38:25 PM (0 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel® Pentium® 4 CPU 1.50GHz | Microprocessor | 1495/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 32 GiB total, 3.697 GiB free.
D: is FIXED (NTFS) - 5 GiB total, 1.059 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 149 GiB total, 128.015 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1292: 6/13/2010 2:51:15 PM - System Checkpoint
RP1293: 6/14/2010 6:02:57 PM - System Checkpoint
RP1294: 6/15/2010 6:19:33 PM - System Checkpoint
RP1295: 6/17/2010 2:05:31 PM - System Checkpoint
RP1296: 6/18/2010 6:47:55 PM - System Checkpoint

==== Installed Programs ======================

3DVIA Player 4.1
3ivx MPEG-4 5.0.3 (remove only)
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avira AntiVir Personal - Free Antivirus
AVS Audio Converter version 6.1
AVS Update Manager 1.0
Bonjour
Cisco Systems VPN Client 4.0.2 (A)
Critical Update for Windows Media Player 11 (KB959772)
deskPDF 2.5 Standard Edition
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Express Burn
Free Realms
Free Realms Installer
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
igLoader
ijji REACTOR
iRacing.com Race Simulation
iTunes
Java DB 10.3.1.4
Java™ 6 Update 15
LEGO Chess
Lexmark Toolbar
Lexmark X5400 Series
Malwarebytes' Anti-Malware
Marble Blast Gold
Marble Blast Gold Demo (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Visio Viewer 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mirar
MKV Splitter
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
muvee Plugin 1.0
Nero Suite
NetZero For Riverdeep
NVIDIA Drivers
OTOY
Pandemonium
Pando Media Booster
PokerStars.net
PowerDVD
Primo
PunkBuster Services
QuickTime
QuickTime for Windows (32-bit)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sikorsky Blackhawk Package
Sony Picture Utility
SopCast 3.2.4
Splinter Cell Pandora Tomorrow
Spyware Doctor 7.0
Stunt Playground
System Requirements Lab
TeamSpeak 2 RC2
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
Tom Clancy's Splinter Cell Chaos Theory
TomTom HOME Visual Studio Merge Modules
ubi.com
UltraJam .01b
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WordSearcher
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

6/21/2010 7:01:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

service StiSvc with arguments "" in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/21/2010 6:49:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2010 6:48:26 PM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: avgio avipbb Fips Processor ssmdrv
6/21/2010 6:46:56 PM, error: sfsync02 [12] -
6/17/2010 9:05:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds)

waiting for the lxdvCATSCustConnectService service to connect.
6/17/2010 9:05:05 AM, error: Service Control Manager [7000] - The npkcrypt service failed to

start due to the following error: The system cannot find the file specified.
6/17/2010 9:05:05 AM, error: Service Control Manager [7000] - The lxdvCATSCustConnectService

service failed to start due to the following error: The service did not respond to the start or

control request in a timely fashion.

==== End Of File ===========================






BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:22 AM

Posted 28 June 2010 - 07:45 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

***************************************************

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested. Also, try running GMER in Safe Mode.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


~Blade


In your next reply, please include the following:
GMER log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:22 AM

Posted 11 July 2010 - 12:45 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users