Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked/ Other possible problems


  • This topic is locked This topic is locked
11 replies to this topic

#1 Mamishe

Mamishe

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 26 September 2010 - 06:22 PM

I have something really weird messing up my computer. I had this AntiMalwareDoctor problem that I think I have gotten rid of... But now I'm having a browser HiJacking problem.. (Whenever looking something up on Google I get re-directed to some spam page.) And Also my AVG keeps popping up with Threat detected! Threat name: Trojan horse Generic19.MMP, Process name C:\WINDOWS\TEMP\Nsk.exe ID1508.

Also When I go to Task Manager I have 41 mshta.exe's and a bunch of svchost.exe's and one Nsk.exe. I also ran a Hijack This.....




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:01:08 PM, on 9/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\Nsj.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\TEMP\Nsk.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Mamishe\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kcudigejopevog] rundll32.exe "C:\WINDOWS\idicafojufanero.dll",Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cnelogapogaxeyuv] rundll32.exe "C:\WINDOWS\winsaut.dll",Startup
O4 - HKUS\S-1-5-18\..\Run: [YXE7DXCQ37] C:\WINDOWS\TEMP\Nsk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Cnelogapogaxeyuv] rundll32.exe "C:\WINDOWS\winsaut.dll",Startup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [YXE7DXCQ37] C:\WINDOWS\TEMP\Nsk.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MP4-Converter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MP4-Converter\YouTubeRipper.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1273644740328
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9376765-7BAA-4488-907D-66D390CA43A2}: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SMServer - SMServer - C:\WINDOWS\system32\snmvtsvc.exe

--
End of file - 9239 bytes


I am now also getting a notification from AVG that says. Threat detected! Trojan horsegeneric19.NGW

Process name: C:\WINDOWS\System32\svchost.exe
Process ID: 6044

And one that says Multiple threat detection
www.iisvc.com/tst/sst/16/?l=8dc10b3518c1511401347ba378c99386 | Exploit Rogue Scanner (type 1588) | Object blocked
www.iisvc.com/tst/sst/16/?l=e6ef199c8415c67ed6c15e24db6248bd | Exploit Rogue Scanner (type 1588) | Object blocked
Process name: C\WINDOWS\Sytem32\svchost.exe
Process ID: 6044


If anyone could help me it would be greatly appreciated. thumbup2.gif


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:02 PM

Posted 01 October 2010 - 12:51 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #3 Mamishe

    Mamishe
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:07:02 AM

    Posted 04 October 2010 - 10:55 AM

    Ok sorry I took so long to reply but I've posted on a couple forums, and nobody has answered so I thought that nobody would answer me again haha.

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Mamishe at 8:51:04.07 on Mon 10/04/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.492 [GMT -7:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Mamishe\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page =
    uSearch Bar =
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant =
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin
    mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Kcudigejopevog] rundll32.exe "c:\windows\idicafojufanero.dll",Startup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    StartupFolder: c:\docume~1\mamishe\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll/206
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\mp4-converter\YouTubeRipper.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273644740328
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mamishe\applic~1\mozilla\firefox\profiles\csnfxh7h.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?sid=62747&cuid=&userid=37011481&q=
    FF - component: c:\documents and settings\mamishe\application data\mozilla\firefox\profiles\csnfxh7h.default\extensions\{61969199-e42c-49bc-bf33-79e97a1732c5}\components\Engine.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: XULRunner: {E704C64E-DC2A-4752-977D-3421F3B1D03C} - c:\documents and settings\mamishe\local settings\application data\{E704C64E-DC2A-4752-977D-3421F3B1D03C}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-12 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-12 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-12 243024]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-20 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
    R3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [2010-9-9 23608]
    R3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\drivers\OVCA.sys [2010-5-11 25088]
    S2 Ias;Network Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\lavalys\everest home edition\kerneld.wnt --> c:\program files\lavalys\everest home edition\kerneld.wnt [?]
    S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-9-9 245760]

    =============== Created Last 30 ================

    2010-09-25 18:15:53 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-09-25 18:15:53 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2010-09-25 18:15:53 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-09-25 18:15:53 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2010-09-25 18:15:53 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-09-25 18:15:53 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2010-09-25 18:15:53 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-09-25 18:15:53 5632 ----a-w- c:\windows\system32\kbd103.dll
    2010-09-25 18:15:52 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-09-25 18:15:52 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2010-09-25 18:15:51 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-09-25 18:15:51 6144 ----a-w- c:\windows\system32\kbd106.dll
    2010-09-25 17:23:50 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-09-25 17:23:38 0 d-----w- C:\Microsoft
    2010-09-20 22:18:04 0 d-----w- c:\program files\common files\DivX Shared
    2010-09-20 22:17:31 0 d-----w- c:\program files\DivX
    2010-09-20 21:12:54 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-09-17 05:14:37 0 d-----w- c:\program files\iPod
    2010-09-17 05:14:10 0 d-----w- c:\program files\iTunes
    2010-09-17 05:08:27 0 d-----w- c:\program files\Bonjour
    2010-09-17 04:40:04 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-09-17 04:40:03 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-09-17 04:40:03 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-09-17 04:39:59 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-09-13 04:33:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-09 22:13:58 0 d-----w- c:\docume~1\mamishe\applic~1\Malwarebytes
    2010-09-09 22:12:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-09 22:12:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-09-09 22:12:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-09 22:12:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-09 21:52:18 38 ----a-w- c:\windows\avisplitter.ini
    2010-09-09 21:52:18 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-09-09 21:52:17 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-09-09 21:52:17 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-09-09 21:52:17 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2010-09-09 21:52:17 414 ----a-w- c:\windows\system32\lame_acm.xml
    2010-09-09 21:52:17 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-09-09 21:52:17 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-09-09 21:52:17 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-09-09 21:52:17 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-09-09 21:52:14 0 d-----w- c:\program files\K-Lite Codec Pack
    2010-09-09 21:48:21 245760 ----a-w- c:\windows\system32\snmvtsvc.exe
    2010-09-09 21:48:17 5688 ----a-w- c:\windows\system32\MP4ConverterVideo.sys
    2010-09-09 21:48:17 2905 ----a-w- c:\windows\system32\MP4ConverterVideo.inf
    2010-09-09 21:48:17 2603 ----a-w- c:\windows\system32\MP4ConverterVideo.cat
    2010-09-09 21:48:17 23608 ----a-w- c:\windows\system32\MP4ConverterAudio.sys
    2010-09-09 21:48:17 23608 ----a-w- c:\windows\system32\drivers\MP4ConverterAudio.sys
    2010-09-09 21:48:17 22019 ----a-w- c:\windows\system32\MP4ConverterAudio.inf
    2010-09-09 21:48:17 2148 ----a-w- c:\windows\system32\MP4ConverterAudio.cat
    2010-09-09 21:48:17 14392 ----a-w- c:\windows\system32\MP4ConverterVideo.dll
    2010-09-09 21:48:16 0 d-----w- c:\program files\MP4-Converter
    2010-09-08 03:08:59 2298 ----a-w- c:\windows\lsrslt.ini
    2010-09-06 23:19:23 120 ----a-w- c:\windows\Dhefop.dat
    2010-09-06 23:19:23 0 ----a-w- c:\windows\Jvatum.bin
    2010-09-06 23:16:49 0 d-----w- c:\docume~1\mamishe\applic~1\C19302CCDA1D9EE1545F67758D67A85B
    2010-09-06 22:57:50 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-09-06 22:44:15 0 d-----w- c:\docume~1\alluse~1\applic~1\vsosdk
    2010-09-06 22:16:56 87608 ----a-w- c:\docume~1\mamishe\applic~1\inst.exe
    2010-09-06 22:16:56 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-09-06 22:16:56 47360 ----a-w- c:\docume~1\mamishe\applic~1\pcouffin.sys
    2010-09-06 22:16:09 65602 ----a-w- c:\windows\system32\cook3260.dll
    2010-09-06 22:16:09 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-09-06 22:16:09 217127 ----a-w- c:\windows\system32\drv43260.dll
    2010-09-06 22:16:09 208935 ----a-w- c:\windows\system32\drv33260.dll
    2010-09-06 22:16:09 176165 ----a-w- c:\windows\system32\drv23260.dll
    2010-09-06 22:16:09 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2010-09-06 22:16:08 1645320 ----a-w- c:\windows\gdiplus.dll
    2010-09-06 22:16:03 0 d-----w- c:\program files\VSO

    ==================== Find3M ====================

    2010-08-31 23:07:23 13836 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-07-15 21:41:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    ============= FINISH: 8:52:40.12 ===============


    And I also have the Attatch which you asked for but I cannot attatch it... It says I'm not permitted to upload this type of file... (.rar)


    #4 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:02 PM

    Posted 04 October 2010 - 12:32 PM

    QUOTE
    I've posted on a couple forums, and nobody has answered

    Please let those other forums know that you're helped and those other topics can be closed.

    QUOTE
    And I also have the Attatch which you asked for but I cannot attatch it... It says I'm not permitted to upload this type of file... (.rar)

    Please post non archived attach.txt file contents.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #5 Mamishe

    Mamishe
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:07:02 AM

    Posted 05 October 2010 - 03:50 PM

    Ok will do.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/11/2010 4:51:24 PM
    System Uptime: 10/4/2010 8:48:02 AM (0 hours ago)

    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
    Processor: AMD Athlon™ XP 2800+ | Socket A | 2079/166mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 10.494 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: RAID Controller
    Device ID: PCI\VEN_105A&DEV_3376&SUBSYS_6620105A&REV_02\4&3B1D9AB8&0&5840
    Manufacturer:
    Name: RAID Controller
    PNP Device ID: PCI\VEN_105A&DEV_3376&SUBSYS_6620105A&REV_02\4&3B1D9AB8&0&5840
    Service:

    ==== System Restore Points ===================

    RP1: 9/6/2010 7:58:24 PM - System Checkpoint
    RP2: 9/6/2010 9:29:57 PM - today
    RP3: 9/6/2010 9:32:22 PM - Restore Operation
    RP4: 9/9/2010 4:20:54 PM - Removed Skype Toolbars
    RP5: 9/10/2010 5:03:14 PM - System Checkpoint
    RP6: 9/16/2010 11:21:47 PM - System Checkpoint
    RP7: 9/18/2010 4:02:36 PM - System Checkpoint
    RP8: 9/19/2010 4:43:39 PM - System Checkpoint
    RP9: 9/20/2010 5:10:04 PM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG Free 9.0
    BitComet 1.20
    Bonjour
    ConvertXtoDVD 3.0.0.1
    DivX Setup
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    iTunes
    Java Auto Updater
    Java™ 6 Update 18
    K-Lite Codec Pack 6.3.0 (Full)
    LimeWire 5.5.8
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.6.10)
    MP4-Converter 4.0.7
    MSVCRT
    NVIDIA Drivers
    NvMixer
    QuickTime
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976323)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Skype™ 4.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows XP Service Pack 3
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    10/4/2010 8:50:05 AM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
    10/4/2010 8:49:04 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    10/4/2010 8:49:04 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    10/4/2010 8:25:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
    10/4/2010 8:24:32 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.

    ==== End Of File ===========================

    #6 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:02 PM

    Posted 05 October 2010 - 11:39 PM

    Hi,
    • Please Download Rootkit Unhooker Save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report somewhere where you can find it. Click Close.
    Copy the entire contents of the report and paste it in a reply here.

    Note** you may get this warning it is ok, just ignore

    Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #7 Mamishe

    Mamishe
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:07:02 AM

    Posted 09 October 2010 - 05:29 PM

    Here you go,

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #1
    ==============================================
    >Drivers
    ==============================================
    0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4276224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 56.73 )
    0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2189952 bytes
    0x804D7000 RAW 2189952 bytes
    0x804D7000 WMIxWDM 2189952 bytes
    0xF334F000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 1900544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 )
    0xBF800000 Win32k 1855488 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xEEA27000 C:\WINDOWS\system32\drivers\nvmcp.sys 962560 bytes (NVIDIA Corporation, NVIDIAŽ nForce™ MCP APU Audio Library)
    0xF7488000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xEB49C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xEEB12000 C:\WINDOWS\system32\drivers\nvapu.sys 397312 bytes (NVIDIA Corporation, NVIDIAŽ nForce™ Audio Driver)
    0xF31AD000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xEB5BB000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xEBD53000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
    0xEB412000 C:\WINDOWS\system32\DRIVERS\OVCODEK2.sys 352256 bytes (Microsoft Corporation, Video Codec)
    0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xECCA5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xEB581000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0xEB468000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0xF320B000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xF75E0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xEB7BF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF745B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xEECE8000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xEB50C000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xEB559000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xF758A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xEBDFA000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xF3303000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF64C4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF351F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xEB537000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806EE000 ACPI_HAL 131840 bytes
    0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xF753E000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF75B0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xF7441000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xF7572000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xF7515000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF32EC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xF64AD000 C:\WINDOWS\system32\DRIVERS\NVENET.sys 94208 bytes (NVIDIA Corporation, NVIDIA nForce MCP Networking Driver.)
    0xEB119000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xF755E000 nvatabus.sys 81920 bytes (NVIDIA Corporation, NVIDIAŽ nForce™ IDE Performance Driver)
    0xF3327000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xF333B000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xEB614000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xF752C000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xEEA16000 C:\WINDOWS\system32\drivers\nvarm.sys 69632 bytes (NVIDIA Corporation, NVIDIAŽ nForce™ APU Resource Manager)
    0xF75CF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF323B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xEF8BA000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF785F000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF76BF000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xF763F000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xF6C4E000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xF266A000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xF77AF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF6C5E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xF1E4D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xEEF78000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xF764F000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xF768F000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF6C3E000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xF6C2E000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF371A000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
    0xF766F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF783F000 C:\WINDOWS\system32\drivers\nvax.sys 49152 bytes (NVIDIA Corporation, NVIDIAŽ nForce™ MCP Audio Enumerator)
    0xF375A000 C:\WINDOWS\system32\DRIVERS\OVCAM2.sys 49152 bytes (Microsoft Corporation, Video Driver)
    0xF77DF000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
    0xF6C1E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xF1E9D000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF784F000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF765F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF77BF000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xF782F000 C:\WINDOWS\system32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
    0xF762F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xF6C0E000 C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys 40960 bytes (Windows ® Codename Longhorn DDK provider, Support Device)
    0xEEF88000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xF775F000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xF767F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF77CF000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xF265A000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xF0F82000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xF267A000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF790F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xEF43F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF1B3E000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xF7937000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xF78F7000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xEEE13000 C:\WINDOWS\system32\DRIVERS\OVCA.sys 28672 bytes (Microsoft Corporation, Video Minidriver)
    0xF7977000 C:\WINDOWS\system32\drivers\OVSound2.sys 28672 bytes (Microsoft Corporation, Sound Driver)
    0xF78AF000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xEEE53000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xF1B46000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0xF78EF000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xF7907000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF78FF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF78BF000 nv_agp.sys 24576 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)
    0xEF44F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xEF45F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xEF447000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF78B7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF791F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF7927000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
    0xF7917000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xF792F000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0xEEE2B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xF7AB7000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xEED65000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xF7361000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xF7A3F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xF7B0F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xF735D000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF1C06000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF1AD3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xF7B33000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xF1AD5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF7B2F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF1AD1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF7BC1000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xF1ACF000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF7BBD000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
    0xF7BBF000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF7B39000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF7B31000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF7CCA000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF7C6A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xF1F67000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xF7BF7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    !!!!!!!!!!!Hidden driver: 0x86DD0AEA ?_empty_? 1302 bytes
    !!!!!!!!!!!Hidden driver: 0x86B63CA8 ?_empty_? 0 bytes
    ==============================================
    >Stealth
    ==============================================
    0xF755E000 WARNING: suspicious driver modification [nvatabus.sys::0x86DD0AEA]
    0xF785F000 WARNING: Virus alike driver modification [cdrom.sys], 65536 bytes
    ==============================================
    >Files
    ==============================================
    !-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\Chjw\c6097ee6097dd30\14071e77-424b-4526-a60e-cc9fb1cfa6f9
    !-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\Chjw\c6097ee6097dd30\2cff71c7-7163-4e9a-9bb9-f0c87b9eb26c
    !-->[Hidden] C:\Documents and Settings\Mamishe\Local Settings\Temporary Internet Files\Content.IE5\08Q7WKU3\911096%3BBnId%3D2%3Bitime%3D685926182%3Bkvmn%3D93306448%3Bkvtid%3D160imrl1nh5pkj%3Bkvseg%3D99999%3A50280%3Bkvag%3Dua20%3Bnodecode%3Dyes%3Blink%3D;ord=685926182[1]]
    !-->[Hidden] C:\Documents and Settings\Mamishe\Local Settings\Temporary Internet Files\Content.IE5\WGI7TFZK\BCPG169153.242884.289493%2fSZ%3d728X90A%2fV%3d2.3S%2f%2fST%3d0P9S0gcz0zCJ19x83uXqS22_3S033A%2fREDIRURL%3d&_salt=273630607&B=10&u=http%3A%2F%2Fedunewsonline[1].htmm
    !-->[Hidden] C:\Program Files\Diablo II\bncache.dat::$DATA
    ==============================================
    >Hooks
    ==============================================
    ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
    [1140]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
    [1140]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
    [1140]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
    [1140]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
    [1140]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
    [1140]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
    [1140]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
    [3724]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
    [3724]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
    [3724]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
    [3724]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
    [3724]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
    [3724]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
    [3724]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
    [3724]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
    [3724]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
    [3724]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
    [3724]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]


    #8 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:02 PM

    Posted 10 October 2010 - 02:32 AM

    BitComet
    LimeWire


    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #9 Mamishe

    Mamishe
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:07:02 AM

    Posted 16 October 2010 - 06:04 PM

    Sorry for the long delay.. But my computer was being so ridiculous that It didn't let me open the internet, my computer, my documents or anything but I got combofix onto it from a USB.. It seems to be running much smoother but here's the report.

    ComboFix 10-10-16.03 - Mamishe 10/16/2010 15:41:33.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.650 [GMT -7:00]
    Running from: c:\documents and settings\Mamishe\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Mamishe\Application Data\C19302CCDA1D9EE1545F67758D67A85B
    c:\documents and settings\Mamishe\Application Data\C19302CCDA1D9EE1545F67758D67A85B\enemies-names.txt
    c:\documents and settings\Mamishe\Application Data\C19302CCDA1D9EE1545F67758D67A85B\local.ini
    c:\documents and settings\Mamishe\Application Data\C19302CCDA1D9EE1545F67758D67A85B\lsrslt.ini
    c:\documents and settings\Mamishe\Application Data\download2
    c:\documents and settings\Mamishe\Application Data\download2\svcnost.exe
    c:\documents and settings\Mamishe\Application Data\hotfix.exe
    c:\documents and settings\Mamishe\Application Data\inst.exe
    c:\documents and settings\Mamishe\Local Settings\Application Data\{E704C64E-DC2A-4752-977D-3421F3B1D03C}
    c:\documents and settings\Mamishe\Local Settings\Application Data\{E704C64E-DC2A-4752-977D-3421F3B1D03C}\chrome.manifest
    c:\documents and settings\Mamishe\Local Settings\Application Data\{E704C64E-DC2A-4752-977D-3421F3B1D03C}\chrome\content\_cfg.js
    c:\documents and settings\Mamishe\Local Settings\Application Data\{E704C64E-DC2A-4752-977D-3421F3B1D03C}\chrome\content\overlay.xul
    c:\documents and settings\Mamishe\Local Settings\Application Data\{E704C64E-DC2A-4752-977D-3421F3B1D03C}\install.rdf
    c:\documents and settings\Mamishe\Local Settings\Application Data\Windows Server
    c:\documents and settings\Mamishe\Local Settings\Application Data\Windows Server\server.dat
    C:\Microsoft
    c:\windows\idicafojufanero.dll
    c:\windows\system32\Cache
    c:\windows\system32\qtplugin.exe
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At49.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At50.job
    c:\windows\Tasks\At51.job
    c:\windows\Tasks\At52.job
    c:\windows\Tasks\At53.job
    c:\windows\Tasks\At54.job
    c:\windows\Tasks\At55.job
    c:\windows\Tasks\At56.job
    c:\windows\Tasks\At57.job
    c:\windows\Tasks\At58.job
    c:\windows\Tasks\At59.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At60.job
    c:\windows\Tasks\At61.job
    c:\windows\Tasks\At62.job
    c:\windows\Tasks\At63.job
    c:\windows\Tasks\At64.job
    c:\windows\Tasks\At65.job
    c:\windows\Tasks\At66.job
    c:\windows\Tasks\At67.job
    c:\windows\Tasks\At68.job
    c:\windows\Tasks\At69.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At70.job
    c:\windows\Tasks\At71.job
    c:\windows\Tasks\At72.job
    c:\windows\Tasks\At73.job
    c:\windows\Tasks\At74.job
    c:\windows\Tasks\At75.job
    c:\windows\Tasks\At76.job
    c:\windows\Tasks\At77.job
    c:\windows\Tasks\At78.job
    c:\windows\Tasks\At79.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At80.job
    c:\windows\Tasks\At81.job
    c:\windows\Tasks\At82.job
    c:\windows\Tasks\At83.job
    c:\windows\Tasks\At84.job
    c:\windows\Tasks\At85.job
    c:\windows\Tasks\At86.job
    c:\windows\Tasks\At87.job
    c:\windows\Tasks\At88.job
    c:\windows\Tasks\At89.job
    c:\windows\Tasks\At9.job
    c:\windows\Tasks\At90.job
    c:\windows\Tasks\At91.job
    c:\windows\Tasks\At92.job
    c:\windows\Tasks\At93.job
    c:\windows\Tasks\At94.job
    c:\windows\Tasks\At95.job
    c:\windows\Tasks\At96.job

    Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
    Restored copy from - Kitty had a snack tongue.gif
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IAS
    -------\Service_Ias


    ((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 )))))))))))))))))))))))))))))))
    .

    2010-10-14 05:08 . 2010-10-14 05:08 202 ----a-w- c:\documents and settings\Mamishe\Application Data\jsfhjjsd.bat
    2010-10-13 01:33 . 2010-10-13 01:33 -------- d-----w- c:\program files\Common Files\Adobe
    2010-10-11 01:26 . 2010-10-13 01:42 -------- d-----w- c:\program files\StepMania
    2010-10-08 00:05 . 2010-10-14 05:06 -------- d-----w- c:\program files\Hero Editor
    2010-10-08 00:05 . 2010-10-08 00:05 249856 ------w- c:\windows\Setup1.exe
    2010-10-08 00:05 . 2010-10-08 00:05 73216 ----a-w- c:\windows\ST6UNST.EXE
    2010-10-07 23:42 . 2010-10-07 23:42 21840 ----a-w- c:\windows\system32\SIntfNT.dll
    2010-10-07 23:42 . 2010-10-07 23:42 17212 ----a-w- c:\windows\system32\SIntf32.dll
    2010-10-07 23:42 . 2010-10-07 23:42 12067 ----a-w- c:\windows\system32\SIntf16.dll
    2010-10-05 22:01 . 2010-10-05 22:01 -------- d-----w- c:\program files\Paint.NET
    2010-10-05 22:00 . 2010-10-05 22:19 -------- d-----w- c:\documents and settings\Mamishe\Local Settings\Application Data\Paint.NET
    2010-10-05 21:08 . 2010-10-05 21:08 -------- d-----w- c:\documents and settings\Mamishe\Local Settings\Application Data\Temp
    2010-10-05 21:08 . 2010-10-14 04:13 -------- d-----w- c:\documents and settings\Mamishe\Local Settings\Application Data\Google
    2010-10-04 16:45 . 2010-10-04 17:03 -------- d-----w- c:\program files\RocketDock
    2010-10-04 16:39 . 2010-10-04 16:39 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-10-04 16:39 . 2010-10-04 16:39 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-10-04 16:38 . 2010-10-04 16:39 -------- d-----w- c:\documents and settings\Mamishe\Application Data\Rainmeter
    2010-10-04 16:36 . 2010-10-04 16:36 -------- d-----w- c:\program files\Rainmeter
    2010-10-04 16:29 . 2010-10-16 20:54 -------- d-----w- c:\program files\Diablo II
    2010-09-25 18:15 . 2001-08-18 05:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-09-25 18:15 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2010-09-25 18:15 . 2001-08-18 05:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-09-25 18:15 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2010-09-25 18:15 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-09-25 18:15 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2010-09-25 18:15 . 2001-08-17 21:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-09-25 18:15 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll
    2010-09-25 18:15 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-09-25 18:15 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2010-09-25 18:15 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-09-25 18:15 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2010-09-22 13:10 . 2010-09-22 13:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-09-20 22:18 . 2010-09-20 22:18 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-09-20 22:17 . 2010-09-20 22:18 -------- d-----w- c:\program files\DivX
    2010-09-20 21:12 . 2010-09-20 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-09-17 05:14 . 2010-09-17 05:14 -------- d-----w- c:\program files\iPod
    2010-09-17 05:14 . 2010-09-17 05:15 -------- d-----w- c:\program files\iTunes
    2010-09-17 05:08 . 2010-09-17 05:08 -------- d-----w- c:\program files\Bonjour
    2010-09-17 04:40 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-09-17 04:40 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-09-17 04:40 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-09-17 04:39 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "1A:KkTrayServer"="c:\program files\RocketDock\Docklets\KkMenu\KkTrayServer.exe" [2006-03-28 108544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    c:\documents and settings\Mamishe\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-23 503808]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-15 21:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9851:TCP"= 9851:TCP:BitComet 9851 TCP
    "9851:UDP"= 9851:UDP:BitComet 9851 UDP

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/12/2010 8:59 AM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/12/2010 8:59 AM 243024]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/20/2010 3:50 PM 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 2:41 PM 308136]
    R3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [9/9/2010 2:48 PM 23608]
    R3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\drivers\OVCA.sys [5/11/2010 4:53 PM 25088]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [?]
    S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [9/9/2010 2:48 PM 245760]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    FF - ProfilePath - c:\documents and settings\Mamishe\Application Data\Mozilla\Firefox\Profiles\csnfxh7h.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Kcudigejopevog - c:\windows\idicafojufanero.dll
    HKLM-Run-download - c:\documents and settings\Mamishe\Application Data\download2\svcnost.exe
    AddRemove-KkMenu docklet for Stardock Object Dock_is1 - c:\program files\Stardock\ObjectDock\unins000.exe



    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3076)
    c:\windows\system32\WININET.dll
    c:\program files\RocketDock\RocketDock.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\System32\snmp.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-16 15:59:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-16 22:59

    Pre-Run: 7,633,653,760 bytes free
    Post-Run: 9,276,657,664 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

    - - End Of File - - 3E9BBB5D795586C7F55580802F235059


    AND The new DDS log:

    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Mamishe at 16:03:57.65 on Sat 10/16/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.442 [GMT -7:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\RocketDock\Docklets\KkMenu\KkTrayServer.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Mamishe\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [1A:KkTrayServer] c:\program files\rocketdock\docklets\kkmenu\KkTrayServer.exe
    mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\mamishe\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll/206
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\mp4-converter\YouTubeRipper.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273644740328
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mamishe\applic~1\mozilla\firefox\profiles\csnfxh7h.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-12 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-12 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-12 243024]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-20 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
    R3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [2010-9-9 23608]
    R3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\drivers\OVCA.sys [2010-5-11 25088]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\lavalys\everest home edition\kerneld.wnt --> c:\program files\lavalys\everest home edition\kerneld.wnt [?]
    S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-9-9 245760]

    =============== Created Last 30 ================

    2010-10-16 22:35:36 -------- d-sha-r- C:\cmdcons
    2010-10-16 22:31:26 98816 ----a-w- c:\windows\sed.exe
    2010-10-16 22:31:26 77312 ----a-w- c:\windows\MBR.exe
    2010-10-16 22:31:26 256512 ----a-w- c:\windows\PEV.exe
    2010-10-16 22:31:26 161792 ----a-w- c:\windows\SWREG.exe
    2010-10-14 05:08:50 202 ----a-w- c:\docume~1\mamishe\applic~1\jsfhjjsd.bat
    2010-10-11 01:26:27 -------- d-----w- c:\program files\StepMania
    2010-10-08 00:05:22 -------- d-----w- c:\program files\Hero Editor
    2010-10-08 00:05:17 249856 ------w- c:\windows\Setup1.exe
    2010-10-08 00:05:14 73216 ----a-w- c:\windows\ST6UNST.EXE
    2010-10-07 23:42:21 21840 ----a-w- c:\windows\system32\SIntfNT.dll
    2010-10-07 23:42:21 17212 ----a-w- c:\windows\system32\SIntf32.dll
    2010-10-07 23:42:21 12067 ----a-w- c:\windows\system32\SIntf16.dll
    2010-10-05 22:01:05 -------- d-----w- c:\program files\Paint.NET
    2010-10-05 22:00:59 -------- d-----w- c:\docume~1\mamishe\locals~1\applic~1\Paint.NET
    2010-10-05 21:08:04 -------- d-----w- c:\docume~1\mamishe\locals~1\applic~1\Temp
    2010-10-05 21:08:00 -------- d-----w- c:\docume~1\mamishe\locals~1\applic~1\Google
    2010-10-04 16:45:59 -------- d-----w- c:\program files\RocketDock
    2010-10-04 16:39:08 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-10-04 16:39:07 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-10-04 16:38:09 -------- d-----w- c:\docume~1\mamishe\applic~1\Rainmeter
    2010-10-04 16:36:10 -------- d-----w- c:\program files\Rainmeter
    2010-10-04 16:29:18 -------- d-----w- c:\program files\Diablo II
    2010-09-25 18:15:53 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-09-25 18:15:53 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2010-09-25 18:15:53 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-09-25 18:15:53 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2010-09-25 18:15:53 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-09-25 18:15:53 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2010-09-25 18:15:53 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-09-25 18:15:53 5632 ----a-w- c:\windows\system32\kbd103.dll
    2010-09-25 18:15:52 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-09-25 18:15:52 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2010-09-25 18:15:51 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-09-25 18:15:51 6144 ----a-w- c:\windows\system32\kbd106.dll
    2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-09-23 01:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2010-09-20 22:18:04 -------- d-----w- c:\program files\common files\DivX Shared
    2010-09-20 22:17:31 -------- d-----w- c:\program files\DivX
    2010-09-20 21:12:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-09-17 05:14:37 -------- d-----w- c:\program files\iPod
    2010-09-17 05:14:10 -------- d-----w- c:\program files\iTunes
    2010-09-17 05:08:27 -------- d-----w- c:\program files\Bonjour
    2010-09-17 04:40:04 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-09-17 04:40:03 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-09-17 04:40:03 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-09-17 04:39:59 159232 ----a-w- c:\windows\system32\ptpusd.dll

    ==================== Find3M ====================

    2010-10-16 22:27:02 0 ----a-w- c:\windows\Jvatum.bin
    2010-09-06 22:16:56 47360 ----a-w- c:\docume~1\mamishe\applic~1\pcouffin.sys
    2010-08-12 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-08-11 15:37:56 14392 ----a-w- c:\windows\system32\MP4ConverterVideo.dll
    2010-08-11 15:37:54 5688 ----a-w- c:\windows\system32\MP4ConverterVideo.sys
    2010-08-11 15:37:50 23608 ----a-w- c:\windows\system32\MP4ConverterAudio.sys
    2010-08-11 03:27:28 245760 ----a-w- c:\windows\system32\snmvtsvc.exe
    2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

    ============= FINISH: 16:05:02.50 ===============



    #10 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:02 PM

    Posted 17 October 2010 - 04:52 AM

    Hi again,

    Open notepad and copy/paste the text in the quotebox below into it:

    CODE
    File::
    c:\documents and settings\Mamishe\Application Data\jsfhjjsd.bat
    c:\windows\Jvatum.bin
    DDS::
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File



    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one (9.4) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 22.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



    Download ATF (Atribune Temp File) CleanerŠ by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.


    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #11 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:02 PM

    Posted 23 October 2010 - 04:22 AM

    Still there?

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #12 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:02 PM

    Posted 24 October 2010 - 03:14 AM

    Due to inactivity, this thread will now be closed. Should you have same or a new issue, please start a New Topic.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users