Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sqlite/unknown emails in outbox


  • This topic is locked This topic is locked
2 replies to this topic

#1 Leonidas13

Leonidas13

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 18 July 2010 - 02:19 AM

Hi, sorry to trouble you, but I have this malware called sqlite which avg keeps catching whenever I open my web browser but deleting it doesn't work. I tried using malwarebytes antimalware, spybot: search and destroy as well as AVG but no luck. Also, hotmail keeps sending mail to my contacts without my permission, and its always weird links(which I never clicked of course). I am a pretty cautious guy, running Scans often and surfing safely, but this sqlite cookie or whatever it is won't go away. Help is greatly appreciated.

DDS (Ver_10-03-17.01) - NTFSX64
Run by Leonidas at 3:02:13.36 on 18/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.4095.1865 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Fraps\fraps.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Leonidas\Desktop\Tools\Core Temp.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Fraps\fraps64.dat
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Leonidas\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files (x86)\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files (x86)\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Core Temp] "c:\users\leonidas\desktop\tools\Core Temp.exe"
uRun: [Google Update] "c:\users\leonidas\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
mRun: [SoundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [<NO NAME>]
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\leonidas\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\users\leonidas\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files (x86)\xfire\Xfire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files (x86)\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
AppInit_DLLs: avgrssta.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [SoundMAX] c:\program files (x86)\analog devices\soundmax\soundmax.exe /tray
mRun-x64: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun-x64: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\leonidas\appdata\roaming\mozilla\firefox\profiles\78qpuhgk.default\
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\leonidas\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files (x86)\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\leonidas\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\leonidas\appdata\roaming\mozilla\firefox\profiles\78qpuhgk.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwa.sys [2010-4-30 27216]
R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2010-4-30 56008]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-5-15 52856]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6a.sys [2010-4-30 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-4-30 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-4-30 35536]
R1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-4-30 317520]
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-6-22 921440]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files (x86)\avg\avg9\avgfws9.exe [2010-6-22 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-3-15 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-5-21 240232]
R3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSDriver.sys [2010-4-30 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSFilter.sys [2010-4-30 35920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-07-18 06:47:14 0 d-----w- c:\program files (x86)\ESET
2010-07-16 04:41:02 0 d-----w- c:\program files (x86)\Rosetta Stone
2010-07-16 03:31:01 0 d-----w- c:\programdata\FLEXnet
2010-07-16 03:29:33 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2010-07-16 03:29:20 0 d-----w- c:\programdata\Rosetta Stone
2010-07-16 01:19:11 0 d-----w- c:\program files\Starcraft
2010-07-13 19:01:34 144384 ----a-w- c:\windows\system32\cdd.dll
2010-07-09 19:04:40 41872 ----a-w- c:\windows\syswow64\xfcodec.dll
2010-07-09 19:04:40 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2010-07-06 09:29:17 0 d-----w- c:\program files (x86)\G-Collections
2010-07-04 01:12:04 2444656 ----a-w- c:\windows\syswow64\pbsvc_apb.exe
2010-06-29 13:25:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-29 04:51:48 0 d-----w- c:\program files (x86)\Rockstar Games
2010-06-24 01:47:09 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-24 01:47:09 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-24 01:47:09 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 01:47:09 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 01:47:09 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 01:47:09 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-24 01:47:09 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-24 01:47:09 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 01:47:09 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-24 01:47:09 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 21:54:08 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 21:54:08 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
2010-06-23 21:54:05 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 21:54:05 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-06-23 21:54:05 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-23 21:54:03 552960 ----a-w- c:\windows\system32\msdri.dll
2010-06-23 21:54:03 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-06-23 21:54:03 204288 ----a-w- c:\windows\syswow64\MSNP.ax
2010-06-23 21:54:03 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-06-23 17:26:38 0 d-----w- c:\program files (x86)\Ai1
2010-06-23 16:24:45 0 d-----w- c:\programdata\McAfee
2010-06-22 13:57:34 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-06-21 16:46:45 0 d-----w- c:\program files (x86)\Combined Community Codec Pack
2010-06-21 04:43:45 0 d-----w- c:\program files (x86)\CoreCodec

==================== Find3M ====================

2010-07-18 00:50:29 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-07-12 15:03:23 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-04 01:12:04 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-06-22 13:57:35 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-06-22 13:57:25 27216 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys
2010-06-22 13:57:01 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-05-31 20:04:53 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 22:52:32 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-05-21 22:52:32 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-05-21 22:52:32 15282280 ----a-w- c:\windows\system32\nvcpl.dll
2010-05-21 22:52:32 1448040 ----a-w- c:\windows\system32\nvsvc64.dll
2010-05-21 22:52:32 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-05-21 19:37:12 659048 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-21 18:28:15 794408 ----a-w- c:\windows\syswow64\pbsvc.exe
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 22:27:32 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2010-04-27 18:45:56 72856 ----a-w- c:\windows\syswow64\xliveinstallhost.exe
2010-04-27 18:45:56 187544 ----a-w- c:\windows\syswow64\xliveinstall.dll
2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 00:47:42 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 15:46:03 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-22 15:46:03 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-22 15:46:03 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-22 15:46:03 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 3:03:52.17 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2009 4:44:34 AM
System Uptime: 17/07/2010 8:16:58 PM (7 hours ago)

Motherboard: ASUSTeK Computer INC. | | STRIKER II FORMULA
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1716/289mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 300 GiB total, 26.114 GiB free.
D: is FIXED (NTFS) - 166 GiB total, 32.98 GiB free.
E: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A3\3&2411E6FE&1&88
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A3\3&2411E6FE&1&88
Service: NVENETFD

==== System Restore Points ===================

RP260: 07/07/2010 3:10:05 PM - Scheduled Checkpoint
RP261: 13/07/2010 5:00:14 PM - Windows Update
RP262: 15/07/2010 11:28:53 PM - Installed Rosetta Stone Version 3
RP263: 16/07/2010 12:01:56 AM - Removed Rosetta Stone Version 3
RP264: 16/07/2010 12:05:43 AM - Installed Rosetta Stone Version 3
RP265: 16/07/2010 12:39:25 AM - Removed Rosetta Stone Version 3
RP266: 16/07/2010 12:40:41 AM - Installed Rosetta Stone Version 3

==== Installed Programs ======================

3DMark06
7-Zip 4.60 beta
AA2Deploy
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
All Points Bulletin
America's Army 3
Apple Application Support
Apple Software Update
µTorrent
AVG 9.0
AviSynth 2.5
Battlefield 2™
Battlefield: Bad Company 2
BioShock 2
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Blur ™
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner
Combined Community Codec Pack 2009-09-09
Company of Heroes
Company of Heroes - FAKEMSI
DivX Player
DivX Setup
DivX Version Checker
eReg
erLT
ESET Online Scanner v3
EVEREST Ultimate Edition v5.30
Fallout 3
Fraps (remove only)
Google Chrome
Google Update Helper
Grand Theft Auto: Episodes From Liberty City
Host OpenAL (ADI)
Internet Download Manager
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
Killing Floor
Left 4 Dead
Machinarium
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing Platinum 20
Metro 2033
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Portal
PunkBuster Services
QuickTime
Rosetta Stone Version 3
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
SoundMAX
Split/Second
Spybot - Search & Destroy
Steam
Toy Story 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
VC80CRTRedist - 8.0.50727.4053
Videora iPhone Converter 5.04
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.0.3
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Media Player Firefox Plugin
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

17/07/2010 8:49:59 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
17/07/2010 8:17:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
17/07/2010 12:37:02 AM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
13/07/2010 9:28:03 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

==== End Of File ===========================



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:46 PM

Posted 25 July 2010 - 08:08 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:46 PM

Posted 06 August 2010 - 04:27 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users