Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Virus do I have?


  • This topic is locked This topic is locked
10 replies to this topic

#1 ThisVirusSucks

ThisVirusSucks

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 11 July 2010 - 09:54 PM

Hello,
I'm running XP home edition.
I have run virus and registry scans with AVG 8.5, Malwarebytes, CCleaner, Eusing, then Ad-Aware. Then uninstalled Ad-Aware, and upgraded AVG to 9.0 and rescanned. II've turned off system resotre and boot up windows in safemode and run scans and I am still having the same problems which are:

My internet browser, IE, constantly redirects my google searches, and it also opens up IE windows on its own some times, even when I'm not on the internet.

I have heavy CPU usage at %100 for long periods that make the OS unfunctional and lead to hard reboots. I also notice that the CPU tends to run at a low level say %6 and then peak to %100 cyclically for periods of 1 min low CPU usage then 1 min High usage. Sporadically it will stay up at %100 for long periods of time thus causing the reboot.

AVG is finding attempted downloads of viruses onto my computer typically durring or after virus scans. This is scary. After all the scans I've done with the above mentioned programs each time the scans typically pick up different virues each time, even when I run the same program to do the scan. So I'm not even sure which virus I have. I have the logs for most of these scans, and previous back up registries if needed.

Durring the first GMER scan, the program said it had to close and then my computer rebooted on its own without notification, this was all only after about 2 min. After I restarted and ran it again, it ran all the way through just fine, took about an hour.

Oragne Blossom told me to follow the Prep. Guide and post my GMER and DDS logs.
So here they are, thank you for all the help:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Casey at 14:45:19.92 on Sun 07/11/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1460 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Casey\My Documents\Downloads\Software Trials\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {0ff527a4-6274-44ff-a14c-c2fb99e648c9} - Image Extractor
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.freewebarcade.com/game/paper-airplane-simulator/"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [Speed racer] c:\program files\creative\sbpci512\playcenter\CTSRReg.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AudioHQ] c:\program files\creative\sbpci512\audiohq\AHQTB.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Pdepelana] rundll32.exe "c:\windows\isahifur.dll",Startup
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\documents and settings\casey\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-7 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-7 308136]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\casey\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\casey\locals~1\temp\cpuz130\cpuz_x32.sys [?]

=============== Created Last 30 ================

2010-07-11 21:34:45 160 ----a-w- c:\documents and settings\casey\defogger_reenable
2010-07-09 05:25:21 0 d-----w- c:\program files\Trend Micro
2010-07-08 07:42:53 0 d--h--w- C:\$AVG
2010-07-08 07:26:35 0 d-----w- c:\docume~1\casey\applic~1\avidemux
2010-07-08 07:25:49 0 d-----w- c:\program files\Avidemux 2.5
2010-07-08 06:37:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-08 06:37:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-08 06:37:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 06:37:19 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-08 06:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-07 06:31:16 0 d-----w- c:\docume~1\casey\applic~1\Malwarebytes
2010-07-07 06:31:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 06:31:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 06:31:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 06:31:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-07 06:12:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-05 21:06:25 0 ----a-w- c:\windows\Yvise.dat
2010-07-05 21:06:25 0 ----a-w- c:\windows\Agavesikomejesu.bin

==================== Find3M ====================

2010-06-24 06:35:20 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-24 06:35:11 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2007-08-26 01:35:40 6144 -csha-w- c:\program files\Thumbs.db
2009-01-03 01:17:30 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010220090103\index.dat

============= FINISH: 14:46:38.98 ===============









And this one





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/10/2005 9:15:28 PM
System Uptime: 7/11/2010 2:37:39 PM (0 hours ago)

Motherboard: DFI Corp,LTD | | LP NF4 Series
Processor: AMD Hammer Family processor - Model Unknown | Socket 939 | 2412/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 79.044 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2241E12920
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\2241E12920
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Service: NVENETFD

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11.5
AOL Instant Messenger
Assassin's Creed
ATI - Software Uninstall Utility
ATI Display Driver
ATI HYDRAVISION
AudibleManager
AutoUpdate
AVG Free 9.0
Avidemux 2.5
Battlefield 2™
Battlefield 2142
BitTorrent 5.0.5
Call of Duty
CCleaner (remove only)
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Creative Zen Nano Plus
Diablo II
DivX
DivX Player
DivX Web Player
Doom 3
DOOM 3: Resurrection of Evil
Dual-Core Optimizer
DVD Decrypter (Remove Only)
DVD Shrink 3.2
E.M. Total Video Player 1.31
EAX Unified
Eusing Free Registry Cleaner
Fraps
FrostWire 4.20.3
G-Force
GIMP 2.6.8
Grand Theft Auto IV
GTA San Andreas
GUN ™
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hyper Shutdown 1.3
InterActual Player
J2SE Runtime Environment 5.0 Update 10
Java Auto Updater
Java™ 6 Update 19
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Juice 2.2
LightScribe System Software 1.10.19.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Manhunt
Max Payne
McAfee Shredder
MechWarrior 4 Mercenaries
MechWarrior Black Knight
MechWarrior Vengeance
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Moyea FLV Downloader version 1.16.0.17
Moyea FLV Player version 1.5.2.7
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Essentials
neroxml
Neverwinter Nights
NVIDIA PhysX
NvMixer
Power Tab Editor 1.7
PowerDVD
PrintServer Utilities
Project Reality 0917 Full - Part 1 of 2
PunkBuster Services
QuickTime
RealPlayer
Rockstar Games Social Club
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sound Blaster PCI512
Star Wars Battlefront
Starcraft
Starcraft Brood War (RAZOR 1911)
Stronghold 2 Deluxe
SWAT 4
TeamSpeak 2 RC2
Thief - Deadly Shadows
Tom Clancy's Rainbow Six Vegas
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vampire - The Masquerade Bloodlines
Vietcong
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
X-Men™ Legends 2
XviD
YouTube Downloader 2.5.4

==== Event Viewer Messages From Past Week ========

7/8/2010 6:02:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec Lbd MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip WS2IFSL
7/8/2010 6:02:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2010 6:02:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2010 6:02:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2010 6:02:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2010 6:01:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/8/2010 6:00:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/7/2010 12:13:32 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/7/2010 12:13:32 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/7/2010 11:31:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
7/6/2010 11:45:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
7/5/2010 11:17:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
7/5/2010 11:17:27 PM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================











And This one




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-11 18:02:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Casey\LOCALS~1\Temp\kxtdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xB960DA0C]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8424000, 0x1B601E, 0xE8000020]
.rsrc C:\WINDOWS\system32\DRIVERS\netbt.sys entry point in ".rsrc" section [0xA2521A14]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wuauclt.exe[336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\wuauclt.exe[336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\wuauclt.exe[336] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B8000C
.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1024] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D3000A
.text C:\WINDOWS\Explorer.EXE[2012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[2012] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\wuauclt.exe[3240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\wuauclt.exe[3240] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\wuauclt.exe[3240] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device -> \Driver\nvatabus \Device\Harddisk0\DR0 89448EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x03 0x24 0xB4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8B 0x64 0xA3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x87 0x67 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0xCF 0xC5 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8B 0x64 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x87 0x67 0xCE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0xCF 0xC5 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8B 0x64 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x87 0x67 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x03 0x24 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8B 0x64 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x87 0x67 0xCE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x03 0x24 0xB4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8B 0x64 0xA3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x87 0x67 0xCE ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious modification
File C:\WINDOWS\system32\drivers\nvatabus.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by ThisVirusSucks, 11 July 2010 - 09:58 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:25 AM

Posted 16 July 2010 - 01:55 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds.txt log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 ThisVirusSucks

ThisVirusSucks
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 17 July 2010 - 04:35 AM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Casey at 2:33:00.81 on Sat 07/17/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1426 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Casey\My Documents\Downloads\Software Trials\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {0ff527a4-6274-44ff-a14c-c2fb99e648c9} - Image Extractor
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.freewebarcade.com/game/paper-airplane-simulator/"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [Speed racer] c:\program files\creative\sbpci512\playcenter\CTSRReg.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AudioHQ] c:\program files\creative\sbpci512\audiohq\AHQTB.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Pdepelana] rundll32.exe "c:\windows\isahifur.dll",Startup
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\documents and settings\casey\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-7 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-7 308136]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\casey\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\casey\locals~1\temp\cpuz130\cpuz_x32.sys [?]

=============== Created Last 30 ================

2010-07-17 09:28:57 4978 ----a-w- c:\documents and settings\casey\.recently-used.xbel
2010-07-11 21:34:45 160 ----a-w- c:\documents and settings\casey\defogger_reenable
2010-07-09 05:25:21 0 d-----w- c:\program files\Trend Micro
2010-07-08 07:42:53 0 d--h--w- C:\$AVG
2010-07-08 07:26:35 0 d-----w- c:\docume~1\casey\applic~1\avidemux
2010-07-08 07:25:49 0 d-----w- c:\program files\Avidemux 2.5
2010-07-08 06:37:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-08 06:37:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-08 06:37:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 06:37:19 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-08 06:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-07 06:31:16 0 d-----w- c:\docume~1\casey\applic~1\Malwarebytes
2010-07-07 06:31:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 06:31:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 06:31:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 06:31:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-07 06:12:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-05 21:06:25 0 ----a-w- c:\windows\Yvise.dat
2010-07-05 21:06:25 0 ----a-w- c:\windows\Agavesikomejesu.bin

==================== Find3M ====================

2010-06-24 06:35:20 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-24 06:35:11 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2007-08-26 01:35:40 6144 -csha-w- c:\program files\Thumbs.db
2009-01-03 01:17:30 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010220090103\index.dat

============= FINISH: 2:34:23.01 ===============










UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/10/2005 9:15:28 PM
System Uptime: 7/17/2010 2:00:20 AM (0 hours ago)

Motherboard: DFI Corp,LTD | | LP NF4 Series
Processor: AMD Hammer Family processor - Model Unknown | Socket 939 | 2412/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 76.417 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2241E12920
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\2241E12920
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Service: NVENETFD

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11.5
AOL Instant Messenger
Assassin's Creed
ATI - Software Uninstall Utility
ATI Display Driver
ATI HYDRAVISION
AudibleManager
AutoUpdate
AVG Free 9.0
Avidemux 2.5
Battlefield 2™
Battlefield 2142
BitTorrent 5.0.5
Call of Duty
CCleaner (remove only)
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Creative Zen Nano Plus
Diablo II
DivX
DivX Player
DivX Web Player
Doom 3
DOOM 3: Resurrection of Evil
Dual-Core Optimizer
DVD Decrypter (Remove Only)
DVD Shrink 3.2
E.M. Total Video Player 1.31
EAX Unified
Eusing Free Registry Cleaner
Fraps
FrostWire 4.20.3
G-Force
GIMP 2.6.8
Grand Theft Auto IV
GTA San Andreas
GUN ™
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hyper Shutdown 1.3
InterActual Player
J2SE Runtime Environment 5.0 Update 10
Java Auto Updater
Java™ 6 Update 19
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Juice 2.2
LightScribe System Software 1.10.19.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Manhunt
Max Payne
McAfee Shredder
MechWarrior 4 Mercenaries
MechWarrior Black Knight
MechWarrior Vengeance
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Moyea FLV Downloader version 1.16.0.17
Moyea FLV Player version 1.5.2.7
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Essentials
neroxml
Neverwinter Nights
NVIDIA PhysX
NvMixer
Power Tab Editor 1.7
PowerDVD
PrintServer Utilities
Project Reality 0917 Full - Part 1 of 2
PunkBuster Services
QuickTime
RealPlayer
Rockstar Games Social Club
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sound Blaster PCI512
Star Wars Battlefront
Starcraft
Starcraft Brood War (RAZOR 1911)
Stronghold 2 Deluxe
SWAT 4
TeamSpeak 2 RC2
Thief - Deadly Shadows
Tom Clancy's Rainbow Six Vegas
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vampire - The Masquerade Bloodlines
Vietcong
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
X-Men™ Legends 2
XviD
YouTube Downloader 2.5.4

==== Event Viewer Messages From Past Week ========

7/11/2010 2:38:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
7/11/2010 2:38:41 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/11/2010 2:38:41 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:25 AM

Posted 17 July 2010 - 01:12 PM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 ThisVirusSucks

ThisVirusSucks
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 17 July 2010 - 04:52 PM

Durring the Combo fix, right as it began the first part of the scan, there was an error that blipped up for a split second and I so quick I couldn't see what it was. The scan continued, and moved as what seemed to be normal. My my pc had finished there was a run dll error that I took a pciture of and have included.





ComboFix 10-07-16.01 - Casey 07/17/2010 14:20:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1563 [GMT -7:00]
Running from: c:\documents and settings\Casey\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Casey\Local Settings\Application Data\{7D9C0D0C-6F16-47F0-952C-EA2F47D7AD4A}
c:\documents and settings\Casey\Local Settings\Application Data\{7D9C0D0C-6F16-47F0-952C-EA2F47D7AD4A}\chrome.manifest
c:\documents and settings\Casey\Local Settings\Application Data\{7D9C0D0C-6F16-47F0-952C-EA2F47D7AD4A}\chrome\content\_cfg.js
c:\documents and settings\Casey\Local Settings\Application Data\{7D9C0D0C-6F16-47F0-952C-EA2F47D7AD4A}\chrome\content\overlay.xul
c:\documents and settings\Casey\Local Settings\Application Data\{7D9C0D0C-6F16-47F0-952C-EA2F47D7AD4A}\install.rdf
c:\documents and settings\Casey\Local Settings\Application Data\Windows Server
c:\documents and settings\Casey\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Casey\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\Casey\My Documents\RestorableRegistry_07-03-10.reg
c:\windows\isahifur.dll

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-09 05:25 . 2010-07-09 05:25 -------- d-----w- c:\program files\Trend Micro
2010-07-08 07:42 . 2010-07-08 07:42 -------- d-----w- C:\$AVG
2010-07-08 07:26 . 2010-07-08 07:29 -------- d-----w- c:\documents and settings\Casey\Application Data\avidemux
2010-07-08 07:25 . 2010-07-15 20:57 -------- d-----w- c:\program files\Avidemux 2.5
2010-07-08 06:37 . 2010-07-08 06:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-08 06:37 . 2010-07-08 06:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-08 06:37 . 2010-07-08 06:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 06:37 . 2010-07-08 06:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-08 06:37 . 2010-07-17 20:30 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-08 06:35 . 2010-07-08 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-07 06:31 . 2010-07-07 06:31 -------- d-----w- c:\documents and settings\Casey\Application Data\Malwarebytes
2010-07-07 06:31 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 06:31 . 2010-07-07 06:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 06:31 . 2010-07-07 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-07 06:31 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 06:12 . 2010-07-07 06:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-07 06:10 . 2010-07-07 06:10 -------- d-----w- c:\documents and settings\Casey\Local Settings\Application Data\Sunbelt Software
2010-07-05 21:06 . 2010-07-10 08:44 0 ----a-w- c:\windows\Yvise.dat
2010-07-05 21:06 . 2010-07-09 07:16 0 ----a-w- c:\windows\Agavesikomejesu.bin
2010-06-23 01:33 . 2010-06-23 01:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-23 01:26 . 2010-06-24 04:41 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 09:48 . 2008-12-07 23:27 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-17 09:45 . 2010-04-03 18:25 -------- d-----w- c:\documents and settings\Casey\Application Data\gtk-2.0
2010-07-08 10:04 . 2008-12-17 07:38 -------- d-----w- c:\program files\Total Video Player
2010-07-08 06:35 . 2008-12-30 02:28 -------- d-----w- c:\program files\AVG
2010-07-08 06:29 . 2007-08-06 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-04 18:11 . 2009-02-24 07:46 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-06-24 06:35 . 2007-08-29 04:02 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-24 06:35 . 2007-04-03 21:24 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-21 07:48 . 2008-12-13 03:01 -------- d-----w- c:\documents and settings\Casey\Application Data\FrostWire
2010-05-28 02:48 . 2005-08-11 04:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 01:55 . 2010-05-28 01:55 61440 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5b02fb2d-n\decora-sse.dll
2010-05-28 01:55 . 2010-05-28 01:55 503808 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48d200a4-n\msvcp71.dll
2010-05-28 01:55 . 2010-05-28 01:55 499712 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48d200a4-n\jmc.dll
2010-05-28 01:55 . 2010-05-28 01:55 348160 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48d200a4-n\msvcr71.dll
2010-05-28 01:55 . 2010-05-28 01:55 12800 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5b02fb2d-n\decora-d3d.dll
2010-05-27 07:38 . 2008-02-07 05:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-27 07:38 . 2008-02-07 05:12 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-19 03:17 . 2005-08-16 06:00 -------- d-----w- c:\program files\Viewpoint
2010-05-19 03:17 . 2005-08-16 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2007-08-26 01:35 . 2007-08-26 01:35 6144 -csha-w- c:\program files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"Speed racer"="c:\program files\Creative\SBPCI512\PlayCenter\CTSRReg.exe" [1999-11-16 5632]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-09-28 155648]
"AudioHQ"="c:\program files\Creative\SBPCI512\AudioHQ\AHQTB.EXE" [1999-11-30 204800]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-08 131072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-08 2065760]

c:\documents and settings\Casey\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-3-9 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-08 06:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Games\\BF2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Games\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/7/2010 11:37 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/7/2010 11:37 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/7/2010 11:36 PM 308136]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Casey\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Casey\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/27/2006 5:36 PM 642560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 23:25 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Pdepelana - c:\windows\isahifur.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-1708537768-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1715567821-1708537768-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,84,4e,34,14,af,90,c2,40,4c,a3,fb,bd,c1,d3,22,66,97,e0,89,b2,33,0a,
72,b7,4f,7d,2b,5e,5b,7c,1f,31,2a,83,68,a9,97,59,a2,09,19,a4,80,39,2c,fb,c1,\
"??"=hex:91,37,df,4b,4e,23,f9,a7,7c,0e,15,f9,d2,69,34,50

[HKEY_USERS\S-1-5-21-1715567821-1708537768-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:43,bc,bf,10,0e,d7,05,f9,a7,73,f6,de,ac,44,7f,49,e6,15,c6,c1,f8,
91,f3,57,0e,1b,f7,ee,a2,04,d7,51,0d,b7,f8,91,28,d0,67,42,c2,8e,71,10,a1,07,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\CTSvcCDA.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-07-17 14:37:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-17 21:37

Pre-Run: 81,922,985,984 bytes free
Post-Run: 83,677,327,360 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 6C6026EF52C9EEE378490CF7F18CD18A








DDS LOGS





DDS (Ver_10-03-17.01) - NTFSx86
Run by Casey at 14:51:53.76 on Sat 07/17/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1467 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Casey\My Documents\Downloads\Software Trials\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {0ff527a4-6274-44ff-a14c-c2fb99e648c9} - Image Extractor
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.freewebarcade.com/game/paper-airplane-simulator/"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [Speed racer] c:\program files\creative\sbpci512\playcenter\CTSRReg.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AudioHQ] c:\program files\creative\sbpci512\audiohq\AHQTB.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\documents and settings\casey\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-7 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-7 308136]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\casey\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\casey\locals~1\temp\cpuz130\cpuz_x32.sys [?]

=============== Created Last 30 ================

2010-07-17 20:57:44 0 d-sha-r- C:\cmdcons
2010-07-17 20:53:59 98816 ----a-w- c:\windows\sed.exe
2010-07-17 20:53:59 77312 ----a-w- c:\windows\MBR.exe
2010-07-17 20:53:59 256512 ----a-w- c:\windows\PEV.exe
2010-07-17 20:53:59 161792 ----a-w- c:\windows\SWREG.exe
2010-07-17 09:45:38 5611 ----a-w- c:\documents and settings\casey\.recently-used.xbel
2010-07-11 21:34:45 160 ----a-w- c:\documents and settings\casey\defogger_reenable
2010-07-09 05:25:21 0 d-----w- c:\program files\Trend Micro
2010-07-08 07:42:53 0 d-----w- C:\$AVG
2010-07-08 07:26:35 0 d-----w- c:\docume~1\casey\applic~1\avidemux
2010-07-08 07:25:49 0 d-----w- c:\program files\Avidemux 2.5
2010-07-08 06:37:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-08 06:37:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-08 06:37:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 06:37:19 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-08 06:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-07 06:31:16 0 d-----w- c:\docume~1\casey\applic~1\Malwarebytes
2010-07-07 06:31:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 06:31:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 06:31:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 06:31:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-07 06:12:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-05 21:06:25 0 ----a-w- c:\windows\Yvise.dat
2010-07-05 21:06:25 0 ----a-w- c:\windows\Agavesikomejesu.bin

==================== Find3M ====================

2010-06-24 06:35:20 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-24 06:35:11 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2007-08-26 01:35:40 6144 -csha-w- c:\program files\Thumbs.db
2009-01-03 01:17:30 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010220090103\index.dat

============= FINISH: 14:52:10.45 ===============



Attached Log






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/10/2005 9:15:28 PM
System Uptime: 7/17/2010 2:30:21 PM (0 hours ago)

Motherboard: DFI Corp,LTD | | LP NF4 Series
Processor: AMD Hammer Family processor - Model Unknown | Socket 939 | 2412/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 77.956 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2241E12920
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\2241E12920
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Service: NVENETFD

==== System Restore Points ===================

RP1: 7/17/2010 1:53:58 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11.5
AOL Instant Messenger
Assassin's Creed
ATI - Software Uninstall Utility
ATI Display Driver
ATI HYDRAVISION
AudibleManager
AutoUpdate
AVG Free 9.0
Avidemux 2.5
Battlefield 2™
Battlefield 2142
BitTorrent 5.0.5
Call of Duty
CCleaner (remove only)
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Creative Zen Nano Plus
Diablo II
DivX
DivX Player
DivX Web Player
Doom 3
DOOM 3: Resurrection of Evil
Dual-Core Optimizer
DVD Decrypter (Remove Only)
DVD Shrink 3.2
E.M. Total Video Player 1.31
EAX Unified
Eusing Free Registry Cleaner
Fraps
FrostWire 4.20.3
G-Force
GIMP 2.6.8
Grand Theft Auto IV
GTA San Andreas
GUN ™
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hyper Shutdown 1.3
InterActual Player
J2SE Runtime Environment 5.0 Update 10
Java Auto Updater
Java™ 6 Update 19
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Juice 2.2
LightScribe System Software 1.10.19.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Manhunt
Max Payne
McAfee Shredder
MechWarrior 4 Mercenaries
MechWarrior Black Knight
MechWarrior Vengeance
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Moyea FLV Downloader version 1.16.0.17
Moyea FLV Player version 1.5.2.7
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Essentials
neroxml
Neverwinter Nights
NVIDIA PhysX
NvMixer
Power Tab Editor 1.7
PowerDVD
PrintServer Utilities
Project Reality 0917 Full - Part 1 of 2
PunkBuster Services
QuickTime
RealPlayer
Rockstar Games Social Club
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sound Blaster PCI512
Star Wars Battlefront
Starcraft
Starcraft Brood War (RAZOR 1911)
Stronghold 2 Deluxe
SWAT 4
TeamSpeak 2 RC2
Thief - Deadly Shadows
Tom Clancy's Rainbow Six Vegas
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vampire - The Masquerade Bloodlines
Vietcong
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
X-Men™ Legends 2
XviD
YouTube Downloader 2.5.4

==== Event Viewer Messages From Past Week ========

7/17/2010 2:20:24 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
7/13/2010 9:21:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
7/13/2010 9:21:39 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/13/2010 9:21:39 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:25 AM

Posted 17 July 2010 - 05:16 PM

Hi again,

QUOTE
My my pc had finished there was a run dll error that I took a pciture of and have included.

I don't see the picture if you had it included.


BitTorrent
FrostWire


Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Open notepad and copy/paste the text in the quotebox below into it:

CODE
File::
c:\windows\Yvise.dat
c:\windows\Agavesikomejesu.bin
DDS::
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.


Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 ThisVirusSucks

ThisVirusSucks
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 18 July 2010 - 05:06 AM

Ok, here is the new combo fix report. It ran fine this time without the previous error. I uploaded that error into the forum, but I don't konw how to paste it into this post. It was a RUNDLL error that said: "Error loading c:\WINDOWS\isahifur.dll
The specified module could not be found"
I have uninstalled Frostwire and Bit torrent, though I hardly ever use this programs.
In control panel I uninstalled:
J2SE runtime environment 5.0 update 10
Java™ 6 Update 2, 3, 5, 7 and 19

I then ran kaperski scan, it took a long time 2 hours +, sorry for the delay.


ComboFix 10-07-16.01 - Casey 07/17/2010 16:22:11.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1503 [GMT -7:00]
Running from: c:\documents and settings\Casey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Casey\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\Agavesikomejesu.bin"
"c:\windows\Yvise.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Agavesikomejesu.bin
c:\windows\Yvise.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-09 05:25 . 2010-07-09 05:25 -------- d-----w- c:\program files\Trend Micro
2010-07-08 07:42 . 2010-07-08 07:42 -------- d-----w- C:\$AVG
2010-07-08 07:26 . 2010-07-08 07:29 -------- d-----w- c:\documents and settings\Casey\Application Data\avidemux
2010-07-08 07:25 . 2010-07-15 20:57 -------- d-----w- c:\program files\Avidemux 2.5
2010-07-08 06:37 . 2010-07-08 06:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-08 06:37 . 2010-07-08 06:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-08 06:37 . 2010-07-08 06:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 06:37 . 2010-07-08 06:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-08 06:37 . 2010-07-17 20:30 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-08 06:35 . 2010-07-08 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-07 06:31 . 2010-07-07 06:31 -------- d-----w- c:\documents and settings\Casey\Application Data\Malwarebytes
2010-07-07 06:31 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 06:31 . 2010-07-07 06:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 06:31 . 2010-07-07 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-07 06:31 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 06:12 . 2010-07-07 06:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-07 06:10 . 2010-07-07 06:10 -------- d-----w- c:\documents and settings\Casey\Local Settings\Application Data\Sunbelt Software
2010-06-23 01:33 . 2010-06-23 01:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-23 01:26 . 2010-06-24 04:41 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 23:17 . 2007-08-03 04:36 -------- d-----w- c:\program files\BitTorrent
2010-07-17 09:48 . 2008-12-07 23:27 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-17 09:45 . 2010-04-03 18:25 -------- d-----w- c:\documents and settings\Casey\Application Data\gtk-2.0
2010-07-08 10:04 . 2008-12-17 07:38 -------- d-----w- c:\program files\Total Video Player
2010-07-08 06:35 . 2008-12-30 02:28 -------- d-----w- c:\program files\AVG
2010-07-08 06:29 . 2007-08-06 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-04 18:11 . 2009-02-24 07:46 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-06-24 06:35 . 2007-08-29 04:02 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-24 06:35 . 2007-04-03 21:24 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-21 07:48 . 2008-12-13 03:01 -------- d-----w- c:\documents and settings\Casey\Application Data\FrostWire
2010-05-28 02:48 . 2005-08-11 04:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 01:55 . 2010-05-28 01:55 61440 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5b02fb2d-n\decora-sse.dll
2010-05-28 01:55 . 2010-05-28 01:55 503808 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48d200a4-n\msvcp71.dll
2010-05-28 01:55 . 2010-05-28 01:55 499712 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48d200a4-n\jmc.dll
2010-05-28 01:55 . 2010-05-28 01:55 348160 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48d200a4-n\msvcr71.dll
2010-05-28 01:55 . 2010-05-28 01:55 12800 ----a-w- c:\documents and settings\Casey\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5b02fb2d-n\decora-d3d.dll
2010-05-27 07:38 . 2008-02-07 05:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-27 07:38 . 2008-02-07 05:12 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-19 03:17 . 2005-08-16 06:00 -------- d-----w- c:\program files\Viewpoint
2010-05-19 03:17 . 2005-08-16 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-04 17:20 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-26 01:35 . 2007-08-26 01:35 6144 -csha-w- c:\program files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"Speed racer"="c:\program files\Creative\SBPCI512\PlayCenter\CTSRReg.exe" [1999-11-16 5632]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-09-28 155648]
"AudioHQ"="c:\program files\Creative\SBPCI512\AudioHQ\AHQTB.EXE" [1999-11-30 204800]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-08 131072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-08 2065760]

c:\documents and settings\Casey\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-3-9 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-08 06:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Games\\BF2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Games\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/7/2010 11:37 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/7/2010 11:37 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/7/2010 11:36 PM 308136]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Casey\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Casey\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/27/2006 5:36 PM 642560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 23:25 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 16:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-1708537768-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1715567821-1708537768-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,84,4e,34,14,af,90,c2,40,4c,a3,fb,bd,c1,d3,22,66,97,e0,89,b2,33,0a,
72,b7,4f,7d,2b,5e,5b,7c,1f,31,2a,83,68,a9,97,59,a2,09,19,a4,80,39,2c,fb,c1,\
"??"=hex:91,37,df,4b,4e,23,f9,a7,7c,0e,15,f9,d2,69,34,50

[HKEY_USERS\S-1-5-21-1715567821-1708537768-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:43,bc,bf,10,0e,d7,05,f9,a7,73,f6,de,ac,44,7f,49,e6,15,c6,c1,f8,
91,f3,57,0e,1b,f7,ee,a2,04,d7,51,0d,b7,f8,91,28,d0,67,42,c2,8e,71,10,a1,07,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-17 16:31:18
ComboFix-quarantined-files.txt 2010-07-17 23:31
ComboFix2.txt 2010-07-17 21:37

Pre-Run: 83,114,172,416 bytes free
Post-Run: 83,093,594,112 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - F8AEFE78ACD6E9667CEDB4BE82B72046


Kaperski San Log



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 18, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 17, 2010 17:27:03
Records in database: 4229306
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 132037
Threats found: 4
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 02:50:09


File name / Threat / Threats count
C:\Documents and Settings\Casey\My Documents\Downloads\Cryptload\CryptLoad_1.1.6\ocr\megaupload.com\AntiCaptcha\megafree.exe Infected: Trojan-Banker.Win32.Agent.awi 1
C:\Documents and Settings\Casey\My Documents\Downloads\Cryptload\CryptLoad_1.1.6.rar Infected: Trojan-Banker.Win32.Agent.awi 1
C:\Documents and Settings\Casey\My Documents\Downloads\Cryptload\CryptLoad_1.1.6.rar Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1
C:\Documents and Settings\Casey\My Documents\Downloads\Software Trials\Useful Programs\daemon403-x86.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{7E7D8263-30E6-4FCD-9F78-2A749D05AF27}\RP1\A0000034.sys Infected: Rootkit.Win32.TDSS.ap 1

Selected area has been scanned.









DDS Log










DDS (Ver_10-03-17.01) - NTFSx86
Run by Casey at 2:59:53.98 on Sun 07/18/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1701 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Casey\My Documents\Downloads\Software Trials\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {0ff527a4-6274-44ff-a14c-c2fb99e648c9} - Image Extractor
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Comcast Install 1.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.freewebarcade.com/game/paper-airplane-simulator/"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [Speed racer] c:\program files\creative\sbpci512\playcenter\CTSRReg.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AudioHQ] c:\program files\creative\sbpci512\audiohq\AHQTB.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\documents and settings\casey\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-7 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-7 308136]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\casey\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\casey\locals~1\temp\cpuz130\cpuz_x32.sys [?]

=============== Created Last 30 ================

2010-07-18 01:19:01 5604 ----a-w- c:\documents and settings\casey\.recently-used.xbel
2010-07-18 00:00:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-18 00:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 20:57:44 0 d-sha-r- C:\cmdcons
2010-07-17 20:53:59 98816 ----a-w- c:\windows\sed.exe
2010-07-17 20:53:59 77312 ----a-w- c:\windows\MBR.exe
2010-07-17 20:53:59 256512 ----a-w- c:\windows\PEV.exe
2010-07-17 20:53:59 161792 ----a-w- c:\windows\SWREG.exe
2010-07-11 21:34:45 160 ----a-w- c:\documents and settings\casey\defogger_reenable
2010-07-09 05:25:21 0 d-----w- c:\program files\Trend Micro
2010-07-08 07:42:53 0 d-----w- C:\$AVG
2010-07-08 07:26:35 0 d-----w- c:\docume~1\casey\applic~1\avidemux
2010-07-08 07:25:49 0 d-----w- c:\program files\Avidemux 2.5
2010-07-08 06:37:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-08 06:37:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-08 06:37:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 06:37:19 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-08 06:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-07 06:31:16 0 d-----w- c:\docume~1\casey\applic~1\Malwarebytes
2010-07-07 06:31:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 06:31:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 06:31:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 06:31:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-07 06:12:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

==================== Find3M ====================

2010-06-24 06:35:20 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-24 06:35:11 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-26 01:35:40 6144 -csha-w- c:\program files\Thumbs.db
2009-01-03 01:17:30 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010220090103\index.dat

============= FINISH: 3:00:33.92 ===============






Attached











UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/10/2005 9:15:28 PM
System Uptime: 7/17/2010 4:53:35 PM (11 hours ago)

Motherboard: DFI Corp,LTD | | LP NF4 Series
Processor: AMD Hammer Family processor - Model Unknown | Socket 939 | 2412/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 77.286 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2241E12920
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\2241E12920
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_100A15BD&REV_13\4&13699180&0&5048
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Service: NVENETFD

==== System Restore Points ===================

RP1: 7/17/2010 1:53:58 PM - System Checkpoint
RP2: 7/17/2010 2:54:57 PM - Software Distribution Service 3.0
RP3: 7/17/2010 4:45:01 PM - Removed Java™ 6 Update 12
RP4: 7/17/2010 4:45:39 PM - Removed J2SE Runtime Environment 5.0 Update 10
RP5: 7/17/2010 4:47:18 PM - Removed Java™ 6 Update 12
RP6: 7/17/2010 4:48:23 PM - Removed Java™ 6 Update 2
RP7: 7/17/2010 4:49:06 PM - Removed Java™ 6 Update 3
RP8: 7/17/2010 4:49:40 PM - Removed Java™ 6 Update 5
RP9: 7/17/2010 4:50:17 PM - Removed Java™ 6 Update 7
RP10: 7/17/2010 4:59:37 PM - Installed Java™ 6 Update 21

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11.5
AOL Instant Messenger
Assassin's Creed
ATI - Software Uninstall Utility
ATI Display Driver
ATI HYDRAVISION
AudibleManager
AutoUpdate
AVG Free 9.0
Avidemux 2.5
Battlefield 2™
Battlefield 2142
Call of Duty
CCleaner (remove only)
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Creative Zen Nano Plus
Diablo II
DivX
DivX Player
DivX Web Player
Doom 3
DOOM 3: Resurrection of Evil
Dual-Core Optimizer
DVD Decrypter (Remove Only)
DVD Shrink 3.2
E.M. Total Video Player 1.31
EAX Unified
Eusing Free Registry Cleaner
Fraps
G-Force
GIMP 2.6.8
Grand Theft Auto IV
GTA San Andreas
GUN ™
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hyper Shutdown 1.3
InterActual Player
Java Auto Updater
Java™ 6 Update 21
Juice 2.2
LightScribe System Software 1.10.19.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Manhunt
Max Payne
McAfee Shredder
MechWarrior 4 Mercenaries
MechWarrior Black Knight
MechWarrior Vengeance
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Moyea FLV Downloader version 1.16.0.17
Moyea FLV Player version 1.5.2.7
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Essentials
neroxml
Neverwinter Nights
NVIDIA PhysX
NvMixer
Power Tab Editor 1.7
PowerDVD
PrintServer Utilities
Project Reality 0917 Full - Part 1 of 2
PunkBuster Services
QuickTime
RealPlayer
Rockstar Games Social Club
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sound Blaster PCI512
Star Wars Battlefront
Starcraft
Starcraft Brood War (RAZOR 1911)
Stronghold 2 Deluxe
SWAT 4
TeamSpeak 2 RC2
Thief - Deadly Shadows
Tom Clancy's Rainbow Six Vegas
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vampire - The Masquerade Bloodlines
Vietcong
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
X-Men™ Legends 2
XviD
YouTube Downloader 2.5.4

==== Event Viewer Messages From Past Week ========

7/17/2010 4:48:02 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/17/2010 4:05:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
7/17/2010 4:05:46 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
7/17/2010 1:24:28 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/17/2010 1:24:28 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:25 AM

Posted 18 July 2010 - 05:14 AM

Hi,

Delete C:\Documents and Settings\Casey\My Documents\Downloads\Cryptload folder.

Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  • Run Secunia vulnerability check here and fix its findings.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.


  • Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade cool.gif

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #9 ThisVirusSucks

    ThisVirusSucks
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:08:25 PM

    Posted 19 July 2010 - 02:02 AM

    Hey Blade,
    I think you did it, my computer seems to be running much smoother now. I haven't had a redirect in a while, and my CPU is running at much less intensive levels now and more balanced too. Windows starts faster even. Plus I'm not seeing AVG tell me that some crazy thing that wanted to download (out of no where) was blocked. All super signs for me! smile.gif

    Can I ask exactly what it was that I had and is there a chance that it is still lurking on my PC?

    Oh also, is Windows XP firewall not enough, I had a router but I gave it away. I have been needing to get a new one.

    Also there was a windows XP security update that can't install (KB951978)

    Thank you guys for your great work. You really are awesome people to just donate your invaluable time to people like me who need professional help. It would have taken me a long time to try to learn Hijack this report logs. smile.gif

    Edited by ThisVirusSucks, 19 July 2010 - 02:13 AM.


    #10 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:06:25 AM

    Posted 19 July 2010 - 04:07 AM

    You're welcome smile.gif

    QUOTE
    Can I ask exactly what it was that I had and is there a chance that it is still lurking on my PC?

    You had a TDL infection there. It shouldn't be lurking there anymore.

    QUOTE
    Oh also, is Windows XP firewall not enough, I had a router but I gave it away. I have been needing to get a new one.

    I'd get a 3rd party one if you have XP own firewall only.

    QUOTE
    Also there was a windows XP security update that can't install (KB951978)

    Reboot and try installing again. If it fails you could try to get it manually here.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #11 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:06:25 AM

    Posted 26 July 2010 - 03:16 PM

    Since this malware issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users