Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my virus scanner has neutralized a virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 snouk

snouk

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 28 December 2010 - 01:10 PM

Hello, I have had a virus neutralized it was called icm.exe and icl.exe. I am wondering if I could still be infected. Here is DDS scan. The GMER will run but when I click scan my whole system freezes.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Clown at 11:51:28.76 on Tue 12/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.574 [GMT -5:00]

AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Clown\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.1.0.2016
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\clown\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clown\applic~1\mozilla\firefox\profiles\jio6guhl.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-6-17 129992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-12 363344]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-8-9 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-7-21 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-7-21 112456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-12 20952]
R3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2010-11-29 899980]
S0 PsBoot;Panda boot driver;c:\windows\system32\drivers\psboot.sys --> c:\windows\system32\drivers\PsBoot.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-28 01:02:11 634880 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iKernel.dll
2010-12-28 01:02:11 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\ctor.dll
2010-12-28 01:02:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\DotNetInstaller.exe
2010-12-28 01:02:11 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iscript.dll
2010-12-28 01:02:11 151552 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iuser.dll
2010-12-28 01:02:06 159876 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\IGdi.dll
2010-12-28 01:02:05 270468 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\Setup.dll
2010-12-27 22:42:12 -------- d-----w- c:\docume~1\clown\applic~1\Save-EE
2010-12-27 22:35:10 -------- d-----w- C:\Sierra
2010-12-27 21:55:35 -------- d-----w- c:\docume~1\clown\locals~1\applic~1\Save-EE
2010-12-16 00:15:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Backup
2010-12-15 23:14:53 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-12-15 23:14:52 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-12-15 23:14:52 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-12-15 23:14:52 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-12-15 23:14:51 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-12-15 23:14:43 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-12-15 23:14:42 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-12-15 22:47:11 378880 ----a-w- c:\windows\Ifowia.exe
2010-12-10 19:27:56 -------- d-----w- c:\program files\ClubWPT
2010-12-03 18:26:42 -------- d-----w- c:\program files\FinalWire
2010-12-03 16:16:42 -------- d-----w- c:\program files\PicPick
2010-12-02 02:53:55 -------- d-----w- c:\program files\Windows Media Connect 2
2010-11-30 23:00:07 170979 ----a-w- c:\windows\IceOp Uninstaller.exe
2010-11-30 23:00:04 -------- d-----w- c:\program files\IceOp5
2010-11-30 02:08:50 -------- d-----w- c:\program files\VideoLAN
2010-11-29 17:00:14 20992 ----a-w- c:\windows\system32\dshowext.ax

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:27:10 1862272 ----a-w- c:\windows\system32\win32k.sys
2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-21 20:06:45 4208208 ----a-w- c:\windows\system32\GameMon.des

============= FINISH: 11:53:44.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 PM

Posted 03 January 2011 - 04:15 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



If the system has been used after topic creation time we need to take a look at fresh logs. So, please post fresh copies of dds.txt & attach.txt logs.


Regards,
Georgi :hello:

cXfZ4wS.png


#3 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 04 January 2011 - 02:44 PM

Hello, Right now I am away from the PC right now so I can't do any scans as of yet I hope to be back home in a couple days. I will have the scans for you then.

#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 PM

Posted 04 January 2011 - 02:57 PM

Hi snouk, :)

Not a problem ! I'll keep an eye on the topic.


Regards,
Georgi

cXfZ4wS.png


#5 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 06 January 2011 - 11:45 PM

I just wanted to give you an update. I will be home Sat. afternoon so I will get the scans done then. Should have the log's up by Sat. night for you. Sorry about this.

#6 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 09 January 2011 - 09:37 AM

Sorry for the small wait. I had left the gmer scan over night but it was still frozen at the same place I left it when I went to bed. Before I have had a virus neutralized it was called icm.exe and icl.exe. I am wondering if I could still be infected. Here is DDS scan.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Clown at 18:40:41.31 on Sat 01/08/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.635 [GMT -5:00]

AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Documents and Settings\Clown\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.1.0.2016
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\clown\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clown\applic~1\mozilla\firefox\profiles\jio6guhl.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-6-17 129992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-12 363344]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-8-9 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-7-21 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-7-21 112456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-12 20952]
R3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2010-11-29 899980]
S0 PsBoot;Panda boot driver;c:\windows\system32\drivers\psboot.sys --> c:\windows\system32\drivers\PsBoot.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-30 19:07:37 -------- d-----w- c:\program files\Raptr
2010-12-30 19:07:37 -------- d-----w- c:\docume~1\clown\applic~1\Raptr
2010-12-28 01:02:11 634880 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iKernel.dll
2010-12-28 01:02:11 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\ctor.dll
2010-12-28 01:02:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\DotNetInstaller.exe
2010-12-28 01:02:11 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iscript.dll
2010-12-28 01:02:11 151552 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iuser.dll
2010-12-28 01:02:06 159876 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\IGdi.dll
2010-12-28 01:02:05 270468 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\Setup.dll
2010-12-27 22:42:12 -------- d-----w- c:\docume~1\clown\applic~1\Save-EE
2010-12-27 22:35:10 -------- d-----w- C:\Sierra
2010-12-27 21:55:35 -------- d-----w- c:\docume~1\clown\locals~1\applic~1\Save-EE
2010-12-16 00:15:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Backup
2010-12-15 23:14:53 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-12-15 23:14:52 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-12-15 23:14:52 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-12-15 23:14:52 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-12-15 23:14:51 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-12-15 23:14:43 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-12-15 23:14:42 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-12-15 22:47:11 378880 ----a-w- c:\windows\Ifowia.exe
2010-12-10 19:27:56 -------- d-----w- c:\program files\ClubWPT

==================== Find3M ====================

2010-11-30 23:00:08 170979 ----a-w- c:\windows\IceOp Uninstaller.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:27:10 1862272 ----a-w- c:\windows\system32\win32k.sys
2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-21 20:06:45 4208208 ----a-w- c:\windows\system32\GameMon.des

============= FINISH: 18:42:49.39 ===============

Attached Files


Edited by snouk, 09 January 2011 - 09:38 AM.


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 PM

Posted 09 January 2011 - 05:27 PM

Hello snouk ! Welcome to BleepingComputer Forums! :welcome:


My name is Georgi and and I will be helping you with your computer problems.


Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



STEP 1



Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



STEP 2



Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\Ifowia.exe

Repeat the steps for this file too:

C:\WINDOWS\system32\devldr32.exe

If Virustotal is busy, try the same at Virscan: http://virscan.org/.

Please post back the results of the scan for these two files in your next post.



STEP 3



Since your attached file is damaged you will need to run DDS again to provide fresh attach.txt log.

Copy/paste the content of the Attach.txt report in your next reply.



Regards,
Georgi

cXfZ4wS.png


#8 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 09 January 2011 - 07:24 PM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF0F78000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6557696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.19 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6111232 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 175.19 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2190080 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2190080 bytes
0x804D7000 RAW 2190080 bytes
0x804D7000 WMIxWDM 2190080 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xEB3F3000 C:\WINDOWS\system32\drivers\nvmcp.sys 962560 bytes (NVIDIA Corporation, NVIDIA® nForce™ MCP APU Audio Library)
0xECD5D000 C:\WINDOWS\system32\DRIVERS\ucdnt.sys 614400 bytes (Xirlink, Inc, Xirlink USB Camera Driver)
0xF7688000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEB099000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xEB13A000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEB4DE000 C:\WINDOWS\system32\drivers\nvapu.sys 397312 bytes (NVIDIA Corporation, NVIDIA® nForce™ Audio Driver)
0xEE5C9000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEB23E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBA44C000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF442A000 C:\WINDOWS\system32\drivers\emu10k1m.sys 286720 bytes (Creative Technology Ltd., Creative SB Live! Adapter Driver)
0xB9EBB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEE677000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF77E0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBA64F000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF765B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB934C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEB1C9000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEB216000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF778A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xEB114000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF4406000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6A7C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF43E3000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEB1F4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBA7DF000 C:\WINDOWS\system32\DRIVERS\PSINAflt.sys 135168 bytes (Panda Security, S.L., PSINAflt Filter Driver for XP32)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF773E000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77B0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEB1AA000 C:\WINDOWS\system32\DRIVERS\psinknc.sys 126976 bytes (Panda Security, S.L., PSINKNC Kernel Controller for XP32)
0xF7641000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xBA794000 C:\WINDOWS\system32\DRIVERS\PSINProc.sys 106496 bytes (Panda Security, S.L., PSINProc Filter Driver for XP32)
0xBA7C5000 C:\WINDOWS\system32\DRIVERS\PSINProt.sys 106496 bytes (Panda Security, S.L., PSINProt for XP32)
0xF7772000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7715000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xEE6B8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA7AE000 C:\WINDOWS\system32\DRIVERS\PSINFile.sys 94208 bytes (Panda Security, S.L., PSINFile Filter Driver for XP32)
0xBA612000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEB085000 C:\WINDOWS\System32\Drivers\dump_nvatabus.sys 81920 bytes
0xF775E000 nvatabus.sys 81920 bytes (NVIDIA Corporation, NVIDIA® nForce™ IDE Performance Driver)
0xF0F28000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF0F64000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEB297000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF772C000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xEB3E2000 C:\WINDOWS\system32\drivers\nvarm.sys 69632 bytes (NVIDIA Corporation, NVIDIA® nForce™ APU Resource Manager)
0xF77CF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xEE6A7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF076F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF36E9000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF36C9000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF78FF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF36D9000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF0E38000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF071F000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xEE781000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF786F000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF333A000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF332A000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF072F000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF784F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF073F000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF79EF000 C:\WINDOWS\system32\drivers\nvax.sys 49152 bytes (NVIDIA Corporation, NVIDIA® nForce™ MCP Audio Enumerator)
0xF32FA000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF0ABF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF36F9000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF783F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF331A000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF79CF000 C:\WINDOWS\system32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF782F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xEE71F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF32EA000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF5646000 C:\WINDOWS\system32\DRIVERS\AN983.sys 36864 bytes (ADMtek Incorporated., ADMtek AN983/AN985/ADM951X NDIS5 Driver)
0xF785F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF075F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB9F5C000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF074F000 C:\WINDOWS\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xF330A000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF0ACF000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA3CC000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF790F000 C:\WINDOWS\system32\drivers\sfmanm.sys 36864 bytes (Creative Technology Ltd., SoundFont® Manager)
0xF0AAF000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF0811000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEE62F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7B17000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7BBF000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF0809000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xEE627000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xF7AAF000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF315D000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF4165000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF312D000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xEE200000 C:\WINDOWS\system32\npptNT2.sys 24576 bytes (INCA Internet Co., Ltd., nProtect NPSC Kernel Mode Driver for NT)
0xF7ABF000 nv_agp.sys 24576 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)
0xF0821000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF0831000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF0819000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AB7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF313D000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF3135000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF3145000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B0F000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF314D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7282000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF5223000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEB563000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7CD7000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7D13000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C3F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7D2B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7CCB000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7D0B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7D0F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF523B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEDDFF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D51000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D87000 C:\WINDOWS\system32\drivers\ctlfacem.sys 8192 bytes (Creative Technology Ltd., Creative SB Live! Interface Driver)
0xF7D33000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7D5B000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D4F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D2F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D53000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D59000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D55000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7DDB000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D7B000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D31000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E99000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7EE4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7EFF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DF7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Ifowia.exe
Submission date:
2011-01-10 00:16:08 (UTC)
Current status:
queued queued analysing finished
Result:
37/ 42 (88.1%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.10.00 2011.01.09 Win-Trojan/Fakeav.347648.B
AntiVir 7.11.1.58 2011.01.09 TR/Crypt.XPACK.Gen2
Antiy-AVL 2.0.3.7 2011.01.09 Trojan/Win32.CodecPack.gen
Avast 4.8.1351.0 2011.01.09 Win32:Dropper-EOQ
Avast5 5.0.677.0 2011.01.09 Win32:Dropper-EOQ
AVG 9.0.0.851 2011.01.09 Downloader.Generic10.BBZQ
BitDefender 7.2 2011.01.10 Trojan.Generic.KDV.88629
CAT-QuickHeal 11.00 2011.01.09 Win32.Trojan-Downloader.CodecPack.zks.6.a
ClamAV 0.96.4.0 2011.01.09 Trojan.Downloader-99986
Command 5.2.11.5 2011.01.09 W32/FakeAlert.IZ.gen!Eldorado
Comodo 7343 2011.01.09 -
DrWeb 5.0.2.03300 2011.01.10 Trojan.DownLoader1.42928
eSafe 7.0.17.0 2011.01.06 -
eTrust-Vet 36.1.8087 2011.01.07 Win32/Renos.BXI
F-Prot 4.6.2.117 2011.01.09 W32/FakeAlert.IZ.gen!Eldorado
F-Secure 9.0.16160.0 2011.01.09 Trojan-Downloader:W32/Renos.GTB
Fortinet 4.2.254.0 2011.01.09 W32/CodecPack.GX!tr.dldr
GData 21 2011.01.10 Trojan.Generic.KDV.88629
Ikarus T3.1.1.90.0 2011.01.09 Trojan-Downloader.Win32.Renos
Jiangmin 13.0.900 2011.01.09 -
K7AntiVirus 9.75.3472 2011.01.07 Riskware
Kaspersky 7.0.0.125 2011.01.10 Trojan-Downloader.Win32.CodecPack.zks
McAfee 5.400.0.1158 2011.01.10 Downloader-CEW.r
McAfee-GW-Edition 2010.1C 2011.01.09 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.6402 2011.01.09 TrojanDownloader:Win32/Renos.NX
NOD32 5772 2011.01.09 a variant of Win32/Kryptik.IYA
Norman 6.06.12 2011.01.09 W32/Suspicious_Gen2.FJQTT
nProtect 2011-01-09.01 2011.01.09 Trojan-Downloader/W32.CodecPack.378880.B
Panda 10.0.2.7 2011.01.09 Trj/Zlob.XT
PCTools 7.0.3.5 2011.01.09 Trojan.Gen
Prevx 3.0 2011.01.10 High Risk Cloaked Malware
Rising 22.81.05.00 2011.01.08 -
Sophos 4.61.0 2011.01.10 Mal/FakeAV-GX
SUPERAntiSpyware 4.40.0.1006 2011.01.09 Trojan.Agent/Gen-FakeAlert[PWS]
Symantec 20101.3.0.103 2011.01.10 Trojan.Gen.2
TheHacker 6.7.0.1.112 2011.01.09 Trojan/Downloader.CodecPack.zks
TrendMicro 9.120.0.1004 2011.01.09 TROJ_FAKEAV.SM3
TrendMicro-HouseCall 9.120.0.1004 2011.01.09 TROJ_FAKEAV.SM3
VBA32 3.12.14.2 2011.01.06 TrojanDownloader.CodecPack.zks
VIPRE 8011 2011.01.10 Trojan.Win32.Generic.pak!cobra
ViRobot 2011.1.8.4244 2011.01.09 -
VirusBuster 13.6.136.0 2011.01.09 Trojan.Fakealert.Gen!Pac.14
Additional information
Show all
MD5 : b476780cc2f840e9c453035f5426e78b
SHA1 : abd3c901fbc5431990c3bc6fc095e501ecda70d8
SHA256: 2f2b0332a4f484e5b834b1eef48de2aacec9c432f0e38142fe1cfce694340b31
ssdeep: 6144:uE62LlGWkZ/NseONK3Dp801hS/wj3vmnWUd00c:uIBLH8DpZHK4vmWU+/
File size : 378880 bytes
First seen: 2011-01-10 00:16:08
Last seen : 2011-01-10 00:16:08
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....:
copyright....:
product......:
description..:
original name:
internal name:
file version.: 8.3.7.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3D20
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x2E04, 0x3000, 6.80, 8abec49ab6ec79a40f95953f3d4a9304
DATA, 0x4000, 0x56210, 0x56400, 5.01, b1819027095461d2d632dfb7306a8e72
BSS, 0x5B000, 0x9, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x5C000, 0x254, 0x400, 3.03, daeba146954fd11fb62527f4682653bf
.reloc, 0x5D000, 0xA8, 0x200, 2.31, 7d6439d4b2f7dad551f5260f4a29bf56
.rsrc, 0x5E000, 0x2A00, 0x2A00, 5.19, 8dd3039aa0da922b737d44df6a295ffa

[[ 4 import(s) ]]
kernel32.dll: lstrlenA, VirtualAlloc, SetLocaleInfoW, GlobalAlloc, GetSystemTime, GetProcAddress, GetModuleHandleA, GetCurrentThreadId, ExitThread, ExitProcess, CreateThread, ConvertDefaultLocale, CloseHandle
mpr.dll: WNetDisconnectDialog
user32.dll: PostMessageW, GetComboBoxInfo, DestroyMenu, ChangeDisplaySettingsExW
winspool.drv: FindClosePrinterChangeNotification
Prevx Info:
http://info.prevx.com/aboutprogramtext.asp?PX5=BC4E8E5400A09D09C83605329DA8E400BF2A7AD0
ExifTool:
file metadata
CharacterSet: Windows, Cyrillic
CodeSize: 12288
CompanyName:
EntryPoint: 0x3d20
FileDescription:
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 370 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 8.3.7.0
FileVersionNumber: 9.0.1.0
ImageVersion: 0.0
InitializedDataSize: 365568
InternalName:
LanguageCode: Russian
LegalCopyright:
LegalTrademarks:
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename:
PEType: PE32
ProductName:
ProductVersion: 8.0.0.0
ProductVersionNumber: 9.0.1.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 0


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
devldr32.exe
Submission date:
2011-01-10 00:12:33 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.10.00 2011.01.09 -
AntiVir 7.11.1.58 2011.01.09 -
Antiy-AVL 2.0.3.7 2011.01.09 -
Avast 4.8.1351.0 2011.01.09 -
Avast5 5.0.677.0 2011.01.09 -
AVG 9.0.0.851 2011.01.09 -
BitDefender 7.2 2011.01.10 -
CAT-QuickHeal 11.00 2011.01.09 -
ClamAV 0.96.4.0 2011.01.09 -
Command 5.2.11.5 2011.01.09 -
Comodo 7343 2011.01.09 -
DrWeb 5.0.2.03300 2011.01.10 -
Emsisoft 5.1.0.1 2011.01.09 -
eTrust-Vet 36.1.8087 2011.01.07 -
F-Prot 4.6.2.117 2011.01.09 -
F-Secure 9.0.16160.0 2011.01.09 -
Fortinet 4.2.254.0 2011.01.09 -
GData 21 2011.01.10 -
Ikarus T3.1.1.90.0 2011.01.09 -
Jiangmin 13.0.900 2011.01.09 -
K7AntiVirus 9.75.3472 2011.01.07 -
Kaspersky 7.0.0.125 2011.01.10 -
McAfee 5.400.0.1158 2011.01.10 -
McAfee-GW-Edition 2010.1C 2011.01.09 -
Microsoft 1.6402 2011.01.09 -
NOD32 5772 2011.01.09 -
Norman 6.06.12 2011.01.09 -
nProtect 2011-01-09.01 2011.01.09 -
Panda 10.0.2.7 2011.01.09 -
PCTools 7.0.3.5 2011.01.09 -
Prevx 3.0 2011.01.10 -
Rising 22.81.05.00 2011.01.08 -
Sophos 4.61.0 2011.01.10 -
SUPERAntiSpyware 4.40.0.1006 2011.01.09 -
Symantec 20101.3.0.103 2011.01.10 -
TheHacker 6.7.0.1.112 2011.01.09 -
TrendMicro 9.120.0.1004 2011.01.09 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.09 -
VBA32 3.12.14.2 2011.01.06 -
VIPRE 8011 2011.01.10 -
ViRobot 2011.1.8.4244 2011.01.09 -
VirusBuster 13.6.136.0 2011.01.09 -
Additional information
Show all
MD5 : e96b10537eb5024273480554bfffe23d
SHA1 : 30c7164c1d92a0675590fc8276b4715fc90e1ea2
SHA256: fa9f01b05b6ab731acbdda11b271abc7e02a70dfa0659bc9e0bb2e3ade36c610
ssdeep: 384:HccQA7fIcUAN6DzCefOSIvvtHK3b23v/vP4AYZ0jqT2I/ugncDU:FUrMqLiK36//34BhMsc
DU
File size : 24064 bytes
First seen: 2009-02-13 19:14:29
Last seen : 2011-01-10 00:12:33
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Creative Technology Ltd.
copyright....: Copyright © Creative Technology Ltd. 1998-2001
product......: Creative Ring3 NT Inteface
description..: DevLdr32
original name: DevLdr32.exe
internal name: DevLdr
file version.: 1, 0, 0, 17
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x2BCF
timedatestamp....: 0x3B6B5FB2 (Sat Aug 04 02:36:34 2001)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5022, 0x5200, 6.36, 58e031c515cfedf5fa83cd2edcdbbb4d
.data, 0x7000, 0x898, 0x400, 2.20, 53771d9ef84c8a95fb7decdc559a5412
.rsrc, 0x8000, 0x398, 0x400, 3.02, ef3dd986480a4d1b5bbe2766178272af

[[ 4 import(s) ]]
ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, RegCloseKey, RegSetValueExW, RegOpenKeyExW, RegQueryValueExW, RegEnumKeyExW, GetUserNameW
KERNEL32.dll: GetLastError, GetVersion, CloseHandle, CreateMutexW, GetVersionExW, DeviceIoControl, CreateFileW, WaitForSingleObject, ExitThread, SetEvent, CreateEventW, WinExec, SetThreadPriority, CreateThread, FreeLibrary, GetProcAddress, LoadLibraryW, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersionExA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, GetACP, GetOEMCP, GetCPInfo, HeapAlloc, VirtualAlloc, HeapReAlloc, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, RtlUnwind, GetLocaleInfoA, VirtualProtect, GetSystemInfo, VirtualQuery
USER32.dll: DestroyWindow, EndPaint, BeginPaint, DefWindowProcW, SetForegroundWindow, ShowWindow, IsIconic, CreateWindowExW, PostMessageW, KillTimer, DispatchMessageW, TranslateMessage, PostQuitMessage, GetMessageW, SetTimer, FindWindowW, RegisterClassW
SHELL32.dll: ShellExecuteW



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/12/2010 11:32:26 PM
System Uptime: 1/9/2011 7:25:37 PM (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon™ | Socket A | 1094/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 36.248 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 229.335 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_570C1462&REV_A1\3&13C0B0C5&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_570C1462&REV_A1\3&13C0B0C5&0&20
Service: NVENET

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&3B1D9AB8&0&3840
Manufacturer: Linksys
Name: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&3B1D9AB8&0&3840
Service: AN983

==== System Restore Points ===================

RP1: 10/12/2010 11:37:40 PM - System Checkpoint
RP2: 10/13/2010 3:00:17 AM - Software Distribution Service 3.0
RP3: 10/13/2010 4:14:22 AM - Installed %1 %2.
RP4: 10/13/2010 4:14:26 AM - Printer Driver Microsoft XPS Document Writer Installed
RP5: 10/13/2010 9:54:02 PM - Software Distribution Service 3.0
RP6: 10/13/2010 10:23:18 PM - Software Distribution Service 3.0
RP7: 10/13/2010 10:40:54 PM - Installed Windows XP WgaNotify.
RP8: 10/13/2010 10:48:38 PM - Software Distribution Service 3.0
RP9: 12/31/2001 11:32:44 PM - System Checkpoint
RP10: 1/19/2002 11:07:34 PM - System Checkpoint
RP11: 1/20/2002 3:24:52 AM - Installed Java™ 6 Update 22
RP12: 1/21/2002 5:31:42 AM - Installed Ghost Recon
RP13: 1/21/2002 5:36:44 AM - Installed ubi.com
RP14: 1/21/2002 3:31:46 PM - Removed Ghost Recon
RP15: 1/21/2002 3:57:29 PM - Installed ubi.com
RP16: 1/21/2002 4:12:54 PM - Installed Ghost Recon
RP17: 1/21/2002 10:16:39 PM - Installed AGEIA PhysX v7.05.17
RP18: 1/23/2002 3:03:05 PM - System Checkpoint
RP19: 1/24/2002 4:31:21 PM - System Checkpoint
RP20: 1/25/2002 8:10:03 PM - System Checkpoint
RP21: 1/26/2002 8:13:39 PM - System Checkpoint
RP22: 1/27/2002 8:53:56 PM - Removed Ghost Recon
RP23: 11/10/2010 3:00:21 AM - Software Distribution Service 3.0
RP24: 11/10/2010 9:10:00 PM - Installed ABBYY FineReader 6.0 Sprint
RP25: 11/11/2010 8:18:08 AM - Installed WorldWinner Games
RP26: 11/11/2010 4:39:57 PM - Software Distribution Service 3.0
RP27: 11/11/2010 5:42:19 PM - Printer Driver Microsoft XPS Document Writer Installed
RP28: 11/11/2010 7:41:41 PM - Software Distribution Service 3.0
RP29: 11/12/2010 3:02:37 AM - Software Distribution Service 3.0
RP30: 11/12/2010 9:19:45 PM - Removed ABBYY FineReader 6.0 Sprint
RP31: 11/13/2010 9:25:40 PM - System Checkpoint
RP32: 11/14/2010 2:40:14 AM - Software Distribution Service 3.0
RP33: 11/15/2010 3:16:47 AM - System Checkpoint
RP34: 11/16/2010 4:10:55 AM - System Checkpoint
RP35: 11/17/2010 8:09:57 PM - System Checkpoint
RP36: 11/18/2010 6:44:57 PM - Logitech Camera Driver Install
RP37: 11/19/2010 8:45:18 PM - System Checkpoint
RP38: 11/20/2010 11:44:45 PM - Installed Logitech QuickCam
RP39: 11/22/2010 12:41:17 AM - System Checkpoint
RP40: 11/23/2010 1:44:05 AM - System Checkpoint
RP41: 11/24/2010 1:57:07 AM - System Checkpoint
RP42: 11/25/2010 4:01:39 AM - System Checkpoint
RP43: 11/25/2010 7:25:20 AM - Installed REACTOR
RP44: 11/26/2010 8:11:29 AM - System Checkpoint
RP45: 11/27/2010 10:16:19 PM - System Checkpoint
RP46: 11/28/2010 9:15:48 AM - Installed RS2Bot
RP47: 11/28/2010 9:29:57 AM - Installed Java™ SE Development Kit 6 Update 22
RP48: 11/28/2010 9:56:12 AM - Removed Ask Toolbar.
RP49: 11/28/2010 9:57:25 AM - Removed RS2Bot
RP50: 12/1/2010 9:39:11 PM - Installed Windows Media Player 11
RP51: 12/1/2010 9:41:34 PM - Software Distribution Service 3.0
RP52: 12/2/2010 11:25:07 AM - Software Distribution Service 3.0
RP53: 12/4/2010 2:31:51 AM - System Checkpoint
RP54: 12/5/2010 11:34:34 AM - System Checkpoint
RP55: 12/6/2010 12:06:17 PM - System Checkpoint
RP56: 12/7/2010 3:30:05 PM - System Checkpoint
RP57: 12/8/2010 4:23:31 PM - System Checkpoint
RP58: 12/9/2010 11:01:26 PM - System Checkpoint
RP59: 12/11/2010 10:13:32 PM - System Checkpoint
RP60: 12/12/2010 10:16:09 PM - System Checkpoint
RP61: 12/13/2010 10:42:17 PM - System Checkpoint
RP62: 12/15/2010 7:49:24 PM - Software Distribution Service 3.0
RP63: 12/17/2010 4:50:32 PM - System Checkpoint
RP64: 12/22/2010 7:05:01 PM - Removed WorldWinner Games
RP65: 12/23/2010 7:26:19 PM - System Checkpoint
RP66: 12/25/2010 11:50:12 AM - System Checkpoint
RP67: 12/25/2010 3:31:23 PM - Installed Java™ 6 Update 23
RP68: 12/27/2010 5:23:19 PM - System Checkpoint
RP69: 12/27/2010 5:35:09 PM - Installed Empire Earth
RP70: 12/27/2010 5:39:39 PM - Installed Empire Earth - The Art of Conquest
RP71: 12/27/2010 5:43:10 PM - Installed Empire Earth Patch 1.0.4.0
RP72: 12/27/2010 8:03:40 PM - Installed Empire Earth Difficulty Setting and Multiplayer Lobby 
RP73: 12/28/2010 9:34:32 PM - System Checkpoint
RP74: 12/30/2010 11:40:42 AM - System Checkpoint
RP75: 12/31/2010 11:11:54 PM - System Checkpoint
RP76: 1/2/2011 12:55:18 PM - System Checkpoint
RP77: 1/9/2011 5:11:23 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AGEIA PhysX v7.05.17
AIDA64 Extreme Edition v1.20
Camfrog Video Chat 5.5
CCleaner
ClubWPT
Empire Earth
Empire Earth - The Art of Conquest
Epson Easy Photo Print 2
EPSON NX300 Series Printer Uninstall
EPSON Scan
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
IceOp
ijji - Gunz
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 23
Java™ SE Development Kit 6 Update 22
Logitech QuickCam
Logitech® Camera Driver
Malwarebytes' Anti-Malware
ManyCam 2.6.1 (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.13)
MVision
Panda Cloud Antivirus
PicPick
Raptr
REACTOR
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veo Advanced Connect
VLC media player 1.1.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

1/9/2011 7:22:43 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
1/8/2011 7:12:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/8/2011 7:04:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/8/2011 7:04:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT PsBoot PSINKNC RasAcd Rdbss Tcpip
1/8/2011 7:04:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/8/2011 7:04:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/8/2011 7:04:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/8/2011 7:04:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/8/2011 7:03:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/8/2011 6:19:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.
1/8/2011 6:19:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/8/2011 6:19:01 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/8/2011 6:18:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PsBoot
1/8/2011 2:10:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/8/2011 2:10:36 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/8/2011 1:56:40 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/8/2011 1:42:23 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

==== End Of File ===========================




My panda antivirus neutralized the Ifowia.exe file.

Edited by snouk, 09 January 2011 - 07:32 PM.


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 PM

Posted 10 January 2011 - 05:23 AM

Hi snouk, :)



The following is referring to CCleaner.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


Please visit the link below to find more details about that.
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html





STEP 1



  • I see you have Malwarebytes' Anti-Malware installed on your computer.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.





STEP 2



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image





STEP 3



You will need to run DDS again to provide fresh dds.txt log.
I want to be sure that nothing reappeared.
Copy/paste both DDS.txt and Attach.txt reports in your next reply.



Please reply back to let me know how things are going.
Do you still experience any issues ?




Regards,
Georgi

cXfZ4wS.png


#10 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 10 January 2011 - 01:00 PM

The system seems to be running a little better. Thanks.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5496

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/10/2011 11:25:31 AM
mbam-log-2011-01-10 (11-25-31).txt

Scan type: Quick scan
Objects scanned: 138564
Time elapsed: 13 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\H3O8CABBPI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


ESETScan

C:\Documents and Settings\Clown\Local Settings\Application Data\Mozilla\Firefox\Profiles\jio6guhl.default\Cache\71F9988Dd01 a variant of Win32/Kryptik.JNM trojan deleted - quarantined
C:\Documents and Settings\Clown\My Documents\Vuze Downloads\empire earth\EE-AOC-ByHK\EE-AOC-ByHK.iso NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
C:\Documents and Settings\Clown\My Documents\Vuze Downloads\empire earth\EE_Original_ByHK\LobbyClient.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
C:\Program Files\Panda Security\Panda Cloud Antivirus\LostandFound\Master Of The Voice Reborn.exe a variant of Win32/Packed.Themida application cleaned by deleting (after the next restart) - quarantined
F:\Bot Maker\Fast ID Maker 13_cracked_by_kracker-gg-packed.rar probably a variant of Win32/Agent.FNLWEOI trojan deleted - quarantined
F:\Program Installers\Unlocker1[1].9.0.exe Win32/Adware.ADON application deleted - quarantined
F:\YahVoice\VCCharger 01.Cracked.by.kracker-gg.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
F:\YahVoice\VCCharger 01.Cracked.by.kracker-gg\VCCharger 01.Cracked.by.kracker-gg\VCCharger 01.Cracked.by.kracker-gg.EXE a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined


C:\Documents and Settings\Clown\Local Settings\Application Data\Mozilla\Firefox\Profiles\jio6guhl.default\Cache\71F9988Dd01 a variant of Win32/Kryptik.JNM trojan deleted - quarantined
C:\Documents and Settings\Clown\My Documents\Vuze Downloads\empire earth\EE-AOC-ByHK\EE-AOC-ByHK.iso NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
C:\Documents and Settings\Clown\My Documents\Vuze Downloads\empire earth\EE_Original_ByHK\LobbyClient.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
C:\Program Files\Panda Security\Panda Cloud Antivirus\LostandFound\Master Of The Voice Reborn.exe a variant of Win32/Packed.Themida application cleaned by deleting (after the next restart) - quarantined
F:\Bot Maker\Fast ID Maker 13_cracked_by_kracker-gg-packed.rar probably a variant of Win32/Agent.FNLWEOI trojan deleted - quarantined
F:\Program Installers\Unlocker1[1].9.0.exe Win32/Adware.ADON application deleted - quarantined
F:\YahVoice\VCCharger 01.Cracked.by.kracker-gg.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
F:\YahVoice\VCCharger 01.Cracked.by.kracker-gg\VCCharger 01.Cracked.by.kracker-gg\VCCharger 01.Cracked.by.kracker-gg.EXE a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined

Attached Files


Edited by snouk, 10 January 2011 - 01:01 PM.


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 PM

Posted 10 January 2011 - 07:50 PM

Hi snouk, :)


No wonder your computer was so severly infected. You use a lot of cracks. This is playing with fire though. :nono:


Please provide a fresh log from DDS too. You attached only the report from Attach.txt. I need to see the DDS.txt as well.



Thanks !


Regards,
Georgi

cXfZ4wS.png


#12 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 11 January 2011 - 12:04 AM

here you go thanks for your help :)


DDS (Ver_10-12-12.02) - NTFSx86
Run by Clown at 0:00:58.51 on Tue 01/11/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.449 [GMT -5:00]

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Clown\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {B771FEA3-2A05-4C21-B1E2-55551A97D520} - No File
TB: {719D74AB-1AF9-43A1-8C62-D8750628D93E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.1.0.2016
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\clown\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clown\applic~1\mozilla\firefox\profiles\jio6guhl.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-6-17 129992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-12 363344]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-8-9 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-7-21 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-7-21 112456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-12 20952]
R3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2010-11-29 899980]
S0 PsBoot;Panda boot driver;c:\windows\system32\drivers\psboot.sys --> c:\windows\system32\drivers\PsBoot.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
UnknownUnknown dump_wmimmc;dump_wmimmc; [x]

=============== Created Last 30 ================

2011-01-10 18:16:57 15256 ----a-w- c:\docume~1\clown\applic~1\microsoft\identitycrl\production\ppcrlconfig.dll
2011-01-10 18:16:57 -------- d-----w- c:\docume~1\clown\locals~1\applic~1\Club Bing Toolbar
2011-01-10 16:13:15 -------- d-----w- c:\program files\ESET
2010-12-28 01:02:11 634880 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iKernel.dll
2010-12-28 01:02:11 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\ctor.dll
2010-12-28 01:02:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\DotNetInstaller.exe
2010-12-28 01:02:11 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iscript.dll
2010-12-28 01:02:11 151552 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iuser.dll
2010-12-28 01:02:06 159876 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\IGdi.dll
2010-12-28 01:02:05 270468 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\Setup.dll
2010-12-27 22:42:12 -------- d-----w- c:\docume~1\clown\applic~1\Save-EE
2010-12-27 22:35:10 -------- d-----w- C:\Sierra
2010-12-27 21:55:35 -------- d-----w- c:\docume~1\clown\locals~1\applic~1\Save-EE
2010-12-16 00:15:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Backup
2010-12-15 23:14:53 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-12-15 23:14:52 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-12-15 23:14:52 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-12-15 23:14:52 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-12-15 23:14:51 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-12-15 23:14:43 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-12-15 23:14:42 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll

==================== Find3M ====================

2010-11-30 23:00:08 170979 ----a-w- c:\windows\IceOp Uninstaller.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:27:10 1862272 ----a-w- c:\windows\system32\win32k.sys
2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-21 20:06:45 4208208 ----a-w- c:\windows\system32\GameMon.des

============= FINISH: 0:02:15.01 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/12/2010 11:32:26 PM
System Uptime: 1/10/2011 1:00:25 PM (11 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon™ XP | Socket A | 1094/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 36.04 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 229.328 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_570C1462&REV_A1\3&13C0B0C5&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_570C1462&REV_A1\3&13C0B0C5&0&20
Service: NVENET

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&3B1D9AB8&0&3840
Manufacturer: Linksys
Name: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&3B1D9AB8&0&3840
Service: AN983

==== System Restore Points ===================

RP1: 10/12/2010 11:37:40 PM - System Checkpoint
RP2: 10/13/2010 3:00:17 AM - Software Distribution Service 3.0
RP3: 10/13/2010 4:14:22 AM - Installed %1 %2.
RP4: 10/13/2010 4:14:26 AM - Printer Driver Microsoft XPS Document Writer Installed
RP5: 10/13/2010 9:54:02 PM - Software Distribution Service 3.0
RP6: 10/13/2010 10:23:18 PM - Software Distribution Service 3.0
RP7: 10/13/2010 10:40:54 PM - Installed Windows XP WgaNotify.
RP8: 10/13/2010 10:48:38 PM - Software Distribution Service 3.0
RP9: 12/31/2001 11:32:44 PM - System Checkpoint
RP10: 1/19/2002 11:07:34 PM - System Checkpoint
RP11: 1/20/2002 3:24:52 AM - Installed Java™ 6 Update 22
RP12: 1/21/2002 5:31:42 AM - Installed Ghost Recon
RP13: 1/21/2002 5:36:44 AM - Installed ubi.com
RP14: 1/21/2002 3:31:46 PM - Removed Ghost Recon
RP15: 1/21/2002 3:57:29 PM - Installed ubi.com
RP16: 1/21/2002 4:12:54 PM - Installed Ghost Recon
RP17: 1/21/2002 10:16:39 PM - Installed AGEIA PhysX v7.05.17
RP18: 1/23/2002 3:03:05 PM - System Checkpoint
RP19: 1/24/2002 4:31:21 PM - System Checkpoint
RP20: 1/25/2002 8:10:03 PM - System Checkpoint
RP21: 1/26/2002 8:13:39 PM - System Checkpoint
RP22: 1/27/2002 8:53:56 PM - Removed Ghost Recon
RP23: 11/10/2010 3:00:21 AM - Software Distribution Service 3.0
RP24: 11/10/2010 9:10:00 PM - Installed ABBYY FineReader 6.0 Sprint
RP25: 11/11/2010 8:18:08 AM - Installed WorldWinner Games
RP26: 11/11/2010 4:39:57 PM - Software Distribution Service 3.0
RP27: 11/11/2010 5:42:19 PM - Printer Driver Microsoft XPS Document Writer Installed
RP28: 11/11/2010 7:41:41 PM - Software Distribution Service 3.0
RP29: 11/12/2010 3:02:37 AM - Software Distribution Service 3.0
RP30: 11/12/2010 9:19:45 PM - Removed ABBYY FineReader 6.0 Sprint
RP31: 11/13/2010 9:25:40 PM - System Checkpoint
RP32: 11/14/2010 2:40:14 AM - Software Distribution Service 3.0
RP33: 11/15/2010 3:16:47 AM - System Checkpoint
RP34: 11/16/2010 4:10:55 AM - System Checkpoint
RP35: 11/17/2010 8:09:57 PM - System Checkpoint
RP36: 11/18/2010 6:44:57 PM - Logitech Camera Driver Install
RP37: 11/19/2010 8:45:18 PM - System Checkpoint
RP38: 11/20/2010 11:44:45 PM - Installed Logitech QuickCam
RP39: 11/22/2010 12:41:17 AM - System Checkpoint
RP40: 11/23/2010 1:44:05 AM - System Checkpoint
RP41: 11/24/2010 1:57:07 AM - System Checkpoint
RP42: 11/25/2010 4:01:39 AM - System Checkpoint
RP43: 11/25/2010 7:25:20 AM - Installed REACTOR
RP44: 11/26/2010 8:11:29 AM - System Checkpoint
RP45: 11/27/2010 10:16:19 PM - System Checkpoint
RP46: 11/28/2010 9:15:48 AM - Installed RS2Bot
RP47: 11/28/2010 9:29:57 AM - Installed Java™ SE Development Kit 6 Update 22
RP48: 11/28/2010 9:56:12 AM - Removed Ask Toolbar.
RP49: 11/28/2010 9:57:25 AM - Removed RS2Bot
RP50: 12/1/2010 9:39:11 PM - Installed Windows Media Player 11
RP51: 12/1/2010 9:41:34 PM - Software Distribution Service 3.0
RP52: 12/2/2010 11:25:07 AM - Software Distribution Service 3.0
RP53: 12/4/2010 2:31:51 AM - System Checkpoint
RP54: 12/5/2010 11:34:34 AM - System Checkpoint
RP55: 12/6/2010 12:06:17 PM - System Checkpoint
RP56: 12/7/2010 3:30:05 PM - System Checkpoint
RP57: 12/8/2010 4:23:31 PM - System Checkpoint
RP58: 12/9/2010 11:01:26 PM - System Checkpoint
RP59: 12/11/2010 10:13:32 PM - System Checkpoint
RP60: 12/12/2010 10:16:09 PM - System Checkpoint
RP61: 12/13/2010 10:42:17 PM - System Checkpoint
RP62: 12/15/2010 7:49:24 PM - Software Distribution Service 3.0
RP63: 12/17/2010 4:50:32 PM - System Checkpoint
RP64: 12/22/2010 7:05:01 PM - Removed WorldWinner Games
RP65: 12/23/2010 7:26:19 PM - System Checkpoint
RP66: 12/25/2010 11:50:12 AM - System Checkpoint
RP67: 12/25/2010 3:31:23 PM - Installed Java™ 6 Update 23
RP68: 12/27/2010 5:23:19 PM - System Checkpoint
RP69: 12/27/2010 5:35:09 PM - Installed Empire Earth
RP70: 12/27/2010 5:39:39 PM - Installed Empire Earth - The Art of Conquest
RP71: 12/27/2010 5:43:10 PM - Installed Empire Earth Patch 1.0.4.0
RP72: 12/27/2010 8:03:40 PM - Installed Empire Earth Difficulty Setting and Multiplayer Lobby 
RP73: 12/28/2010 9:34:32 PM - System Checkpoint
RP74: 12/30/2010 11:40:42 AM - System Checkpoint
RP75: 12/31/2010 11:11:54 PM - System Checkpoint
RP76: 1/2/2011 12:55:18 PM - System Checkpoint
RP77: 1/9/2011 5:11:23 PM - System Checkpoint
RP78: 1/10/2011 1:15:50 PM - Installed Club Bing Toolbar
RP79: 1/10/2011 11:59:19 PM - Removed Club Bing Toolbar

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AGEIA PhysX v7.05.17
AIDA64 Extreme Edition v1.20
Camfrog Video Chat 5.5
CCleaner
ClubWPT
Empire Earth
Empire Earth - The Art of Conquest
Epson Easy Photo Print 2
EPSON NX300 Series Printer Uninstall
EPSON Scan
ESET Online Scanner v3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
IceOp
ijji - Gunz
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 23
Java™ SE Development Kit 6 Update 22
Logitech QuickCam
Logitech® Camera Driver
Malwarebytes' Anti-Malware
ManyCam 2.6.1 (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.13)
MVision
Panda Cloud Antivirus
PicPick
REACTOR
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veo Advanced Connect
VLC media player 1.1.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Y!Caddy
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

1/9/2011 7:22:43 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
1/8/2011 7:12:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/8/2011 7:04:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/8/2011 7:04:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT PsBoot PSINKNC RasAcd Rdbss Tcpip
1/8/2011 7:04:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/8/2011 7:04:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/8/2011 7:04:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/8/2011 7:04:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/8/2011 7:03:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/8/2011 2:10:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/8/2011 2:10:36 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/8/2011 2:09:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.
1/8/2011 2:09:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/8/2011 2:09:18 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/8/2011 2:08:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PsBoot
1/8/2011 1:56:40 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/8/2011 1:42:23 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
1/10/2011 12:45:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi nv_agp PCIIde PsBoot
1/10/2011 12:45:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 PM

Posted 11 January 2011 - 07:43 PM

Hi snouk, :)



I have some final words for you.



All Clean :thumbsup:



Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean :)



Cleanup


=> To remove all of the tools we used and the files and folders they created, please do the following:

Please download OTC.exe by OldTimer.

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp ! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.



Update your AntiVirus Software


  • Make sure that you keep your antivirus updated.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


Visit Microsoft's Windows Update Site Frequently


It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Personally I use PrivateFirewall.

However it can be a bit complicated if you are newbie in firewall configuration...


Install an AntiSpyware Program


An effective scanner that you already have is Malwarebytes Anti-Malware.

Other highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software. Be sure to check for and download any definition updates prior to performing a scan.


Install SpywareBlaster

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware



Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.
Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems, so my advice is; Stay away from them!




Follow this list and your potential for being infected again will reduce dramatically.


Regards,
Georgi

cXfZ4wS.png


#14 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 11 January 2011 - 10:08 PM

thank you much

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 AM

Posted 12 January 2011 - 12:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users