Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - any help appriciated


  • This topic is locked This topic is locked
5 replies to this topic

#1 MacV2

MacV2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 July 2010 - 11:38 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:54 AM, on 7/9/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Users\Preston\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\LINKSY~1\LinksysAdvisor.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5438
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.4\ManyCam.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2735462899-1299481681-945845200-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-2735462899-1299481681-945845200-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O4 - Startup: Dropbox.lnk = C:\Users\Preston\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA768C1-3524-4134-A90E-E8AE00F954F9}: NameServer = 93.188.162.223,93.188.166.203
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.223,93.188.166.203
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA768C1-3524-4134-A90E-E8AE00F954F9}: NameServer = 93.188.162.223,93.188.166.203
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: NameServer = 93.188.162.223,93.188.166.203
O17 - HKLM\System\CS10\Services\Tcpip\..\{0EA768C1-3524-4134-A90E-E8AE00F954F9}: NameServer = 93.188.162.223,93.188.166.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.223,93.188.166.203
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: gearsec - GEAR Software - C:\Windows\system32\gearsec.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12166 bytes



Thanks in Advance!

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:36 AM

Posted 12 July 2010 - 01:47 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 MacV2

MacV2
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 12 July 2010 - 03:41 PM

Here are the logs. thanks again.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume4
Install Date: 7/17/2009 7:36:46 PM
System Uptime: 7/9/2010 12:29:49 AM (86 hours ago)

Motherboard: Intel Corporation | | D945GCF
Processor: Intel® Core™2 CPU 4300 @ 1.80GHz | LGA 775 | 1799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 75.564 GiB free.
D: is FIXED (FAT32) - 53 GiB total, 30.485 GiB free.
E: is FIXED (FAT32) - 3 GiB total, 0.547 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 4.321 GiB free.
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP496: 7/3/2010 1:21:12 PM - Windows Update
RP497: 7/4/2010 3:14:03 AM - Windows Update
RP498: 7/4/2010 1:20:41 PM - Windows Update
RP499: 7/5/2010 4:53:10 AM - Scheduled Checkpoint
RP500: 7/5/2010 1:19:54 PM - Windows Update
RP501: 7/6/2010 3:23:52 AM - Scheduled Checkpoint
RP502: 7/6/2010 1:19:55 PM - Windows Update
RP503: 7/7/2010 9:08:16 PM - Windows Update
RP504: 7/9/2010 12:33:42 AM - Installed HiJackThis
RP505: 7/10/2010 2:46:07 AM - Scheduled Checkpoint
RP506: 7/11/2010 6:58:06 AM - Scheduled Checkpoint
RP507: 7/12/2010 4:28:31 AM - Scheduled Checkpoint

==== Installed Programs ======================

3Dconnexion 3DxSoftware
3Dconnexion 3DxWare
3Dconnexion Add-In for AutoCAD 2007 - 2010
3Dconnexion Add-In for Inventor 11 - 2010
3Dconnexion Add-In for Solid Edge V18 - ST2
3Dconnexion Add-In for SolidWorks 2005 - 2010
3Dconnexion Add-On for XSI v3.5 - 2010
3Dconnexion Extension for SketchUp
3Dconnexion Plug-In for 3ds Max v9 - 2010
3Dconnexion Plug-in for Acrobat 3D
3Dconnexion Plug-In for Maya v8.5 - 2010
3Dconnexion Plug-In for NX v3.0 - v7.0
3Dconnexion Plug-In for Photoshop CS3 - CS4
3Dconnexion Plug-In for Pro/ENGINEER WF3 - WF5
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8
Adobe Shockwave Player 11.5
AIM 6
AIM Toolbar
Aion
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
AVG Free 9.0
Bejeweled 2 Deluxe
BigFix
BitTorrent
Blackhawk Striker 2
Blasterball 3
Bonjour
Browser Address Error Redirector
CDex extraction audio
CDisplay 1.8
City of Villains/City of Heroes (remove only)
CoView
Digital Media Reader
Diner Dash
DivX Setup
Download Updater (AOL LLC)
Drivers Install For Linksys Easylink Advisor
Dropbox
Emerald Viewer 1.23.5.1636
FATE
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
Futuremark SystemInfo
Gateway Game Console
Gateway Recovery Center Installer
GLIntercept 0.5
Google Toolbar for Internet Explorer
Guild Wars
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Print Diagnostic Utility
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Viiv™ Software
InterActual Player
iTunes
Java™ SE Runtime Environment 6
Junk Mail filter update
Linkit_eBay
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft LifeCam
Microsoft Money 2006
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MixMeister Fusion Demo
MorphVOX Junior
Mozilla Firefox (3.5.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Server 5.1
MySQL Servers and Clients 3.23.52
Napster
Napster Burn Engine
NCsoft Launcher
Neverwinter Nights 2
Norton Security Scan
NVIDIA Drivers
NVIDIA PhysX
Penguins!
PlayOnline Viewer & Tetra Master
Polar Bowler
Polar Golfer
Power2Go 5.0
PS2 Multimedia Keyboard Driver
QuickTime
SAM Broadcaster (remove only)
SCRABBLE
SecondLife (remove only)
SecondLifeBetaViewer (remove only)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
SHOUTcast Radio Toolbar
SHOUTcast Source DSP 1.9.1 (remove only)
SigmaTel Audio
Skype web features
Skype™ 4.1
Soft Data Fax Modem with SmartCP
SoulSeek 157 NS 13e
Spyware Doctor 7.0
SUPERAntiSpyware Free Edition
System Requirements Lab
Tradewinds
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Virtual DJ - Atomix Productions
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/9/2010 12:29:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/9/2010 12:18:44 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1550.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
7/9/2010 12:18:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/8/2010 12:26:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
7/8/2010 12:26:02 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/8/2010 11:56:51 PM, Error: EventLog [6008] - The previous system shutdown at 11:54:31 PM on 7/8/2010 was unexpected.
7/8/2010 10:45:13 AM, Error: disk [11] - The driver detected a controller error on \...\DR6.
7/8/2010 10:28:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
7/7/2010 9:10:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.85.1655.0).
7/7/2010 9:09:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1550.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80070643 Error description: Fatal error during installation.
7/6/2010 9:01:18 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
7/6/2010 9:01:17 PM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Hang Exception code: Resource: file:\Device\HarddiskVolume4\Program Files\AOL 9.0\AOL90\COMP03.000
7/6/2010 6:25:32 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/6/2010 6:21:24 PM, Error: Service Control Manager [7034] - The MySql service terminated unexpectedly. It has done this 1 time(s).
7/6/2010 6:21:08 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
7/6/2010 6:15:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/6/2010 6:12:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
7/6/2010 6:09:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/6/2010 6:09:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/6/2010 6:09:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/6/2010 6:09:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/6/2010 6:04:43 PM, Error: EventLog [6008] - The previous system shutdown at 6:02:49 PM on 7/6/2010 was unexpected.
7/6/2010 5:59:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/6/2010 5:59:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 i8042prt MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
7/6/2010 5:59:16 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/6/2010 5:57:54 PM, Error: EventLog [6008] - The previous system shutdown at 5:55:35 PM on 7/6/2010 was unexpected.
7/6/2010 5:51:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
7/6/2010 5:48:35 PM, Error: EventLog [6008] - The previous system shutdown at 5:46:22 PM on 7/6/2010 was unexpected.
7/6/2010 5:45:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
7/6/2010 5:17:28 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147632576 User: Preston-PC\Preston Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.85.1550.0, AS: 1.85.1550.0 Engine Version: 1.1.5902.0
7/6/2010 5:16:10 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2010 5:07:08 PM, Error: Service Control Manager [7034] - The Intel® Alert Service service terminated unexpectedly. It has done this 1 time(s).
7/6/2010 5:06:47 PM, Error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
7/12/2010 12:40:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1550.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80072efd Error description: A connection with the server could not be established
7/11/2010 12:39:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1550.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80072efd Error description: A connection with the server could not be established
7/10/2010 12:40:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1550.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80072efd Error description: A connection with the server could not be established

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86
Run by Preston at 14:50:10.54 on Mon 07/12/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3325.1735 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Windows\system32\gearsec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\mysql\bin\mysqld-nt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\Preston\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NCSoft\Launcher\NCLauncher.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\City of Heroes\CohUpdater.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Preston\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\preston\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\preston\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\preston\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &SHOUTcast Search - c:\programdata\shoutcast radio toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.223,93.188.166.203
TCP: {0EA768C1-3524-4134-A90E-E8AE00F954F9} = 93.188.162.223,93.188.166.203
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\preston\appdata\roaming\mozilla\firefox\profiles\643qhhhv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-3 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-17 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-17 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-17 242896]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-5 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-5 308064]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952]
R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2009-7-17 5504]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-5 430152]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-09 04:35:05 0 d-----w- c:\program files\Trend Micro
2010-07-07 20:25:36 0 d-----w- c:\users\preston\appdata\roaming\Dropbox
2010-07-06 22:39:29 0 d-----w- C:\$RECYCLE.BIN
2010-07-06 22:16:50 14952 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-07-06 22:11:49 0 d-----w- C:\ComboFix
2010-07-02 02:15:16 0 d-----w- c:\program files\City of Heroes
2010-06-29 07:05:33 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-06-29 07:05:33 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-29 07:05:25 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-29 07:05:18 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-06-29 07:05:17 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-28 07:00:30 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-28 07:00:30 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-28 07:00:30 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-28 07:00:30 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-28 07:00:30 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-28 00:46:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-28 00:46:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-15 23:09:58 0 d-----w- c:\program files\common files\DivX Shared
2010-06-15 23:07:56 0 d-----w- c:\program files\DivX
2010-06-15 23:07:37 0 d-----w- c:\programdata\DivX

==================== Find3M ====================

2010-07-12 07:28:03 32061 ----a-w- c:\programdata\nvModes.dat
2010-06-12 07:02:36 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-12 07:02:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-12 07:02:36 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-03 12:38:03 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-05 12:51:09 261632 ----a-w- c:\windows\PEV_AVG_RESTORED.exe
2010-05-05 12:51:06 303104 ----a-w- c:\windows\sttray_AVG_RESTORED_2.exe
2010-05-05 12:51:05 303104 ----a-w- c:\windows\sttray_AVG_RESTORED_1.exe
2010-05-05 12:51:05 303104 ----a-w- c:\windows\sttray_AVG_RESTORED.exe
2010-05-05 12:51:05 303104 ----a-w- c:\windows\sttray.exe
2010-05-05 05:03:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-04 18:42:57 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-04-23 13:55:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:10:05 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-07-19 01:39:54 174 --sha-w- c:\program files\desktop.ini
2009-07-19 00:43:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-17 21:25:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071720090718\index.dat
2010-03-29 20:08:11 49152 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032220100329\index.dat
2010-03-29 20:08:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032920100330\index.dat
2010-03-29 20:08:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat

============= FINISH: 14:54:38.32 ===============
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-12 16:23:05
Windows 6.0.6001 Service Pack 1
Running: 2dk5jh39.exe; Driver: C:\Users\Preston\AppData\Local\Temp\fxddyfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8B19E2D6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8B19E4C8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8B19DF44]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8B19E6D0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 43C 82304B00 8 Bytes [D6, E2, 19, 8B, C8, E4, 19, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82304F18 4 Bytes [44, DF, 19, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 918 82304FDC 4 Bytes [D0, E6, 19, 8B]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[936] ntdll.dll!NtResumeThread 776E8DE8 5 Bytes JMP 0252000A
.text C:\Program Files\Winamp\winamp.exe[1812] ntdll.dll!NtResumeThread 776E8DE8 5 Bytes JMP 003A000A
.text C:\Program Files\Winamp\winamp.exe[1812] USER32.dll!GetScrollPos 7785C090 5 Bytes JMP 0424B6A6 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[1812] USER32.dll!GetScrollRange 7785C33B 5 Bytes JMP 0424B6CB C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[1812] USER32.dll!SetScrollRange 7785E173 5 Bytes JMP 0424B74C C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[1812] USER32.dll!GetScrollInfo 77860804 7 Bytes JMP 0424B67E C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[1812] USER32.dll!ShowScrollBar 77860E7C 5 Bytes JMP 0424B77A C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[1812] USER32.dll!SetScrollInfo 77868663 7 Bytes JMP 0424B6F6 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[1812] USER32.dll!EnableScrollBar 7787B11E 7 Bytes JMP 0424B656 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[1812] USER32.dll!SetScrollPos 77883A1E 5 Bytes JMP 0424B721 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtResumeThread 776E8DE8 5 Bytes JMP 020D000A
.text C:\Program Files\AVG\AVG9\avgtray.exe[2088] ntdll.dll!NtResumeThread 776E8DE8 5 Bytes JMP 003D000A
.text C:\Program Files\Skype\Phone\Skype.exe[2224] ntdll.dll!NtResumeThread 776E8DE8 5 Bytes JMP 003E000A
.text C:\Program Files\ManyCam 2.4\ManyCam.exe[2464] ntdll.dll!NtResumeThread 776E8DE8 5 Bytes JMP 0036000A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[5376] ntdll.dll!NtResumeThread 776E8DE8 5 Bytes JMP 003A000A
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [310037C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [31003850] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [310037C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [310037C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [31003850] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [310037C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [310037C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [31003850] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [310037C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\USER32.dll [GDI32.dll!CreateFontIndirectW] [310036E0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [31003850] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [310037C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateFontIndirectW] [310036E0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [31003850] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [310037C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [310037C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [31003850] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [31003780] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [31003740] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[1116] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!CreateFontIndirectA] [310036C0] C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\TRAPAPIS.dll (TrapAPIs Dynamic Link Library/Intel® Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61449CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61449C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61449CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61449C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61449D87] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5408] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)




#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:36 AM

Posted 14 July 2010 - 01:38 PM

Hello, MacV2
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:36 AM

Posted 17 July 2010 - 01:51 AM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:36 AM

Posted 19 July 2010 - 11:13 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users