Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Windows 10 Lean: Microsoft Developing a Minimalist Version of Windows

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Infected - unknown virus

Started by stukirwan , Jan 17 2011 01:52 PM

This topic is locked

12 replies to this topic

#1 stukirwan

Members
19 posts
OFFLINE

Local time:03:25 AM

Posted 17 January 2011 - 01:52 PM

Hi,

My computer has recently been having problems. When I boot up, I get the following error message (which appears about 4 times in a row):

Microsoft .NET Framework
'Unhandled exception has occured in your application'

I was also experiencing the following error messages, however, these seem to have disappeared lately for some reason:

"Windows cannt find 'C:\Documents'. Make sure you typed the name correctly, and then try again."

This error also appeared multiple times, only the 'C:\Documents' would change to 'and', 'Settings\Application' and 'Data\MSHelp32.exe'

I also experienced a new problem yesterday. My computer decided to automatically open my torrent application and proceeded to download 2 folders. One was called 'Au.Map 1.3.1 Binaries' and the other was 'D2 Map Reveal Maphack'.

I have ran the appropriate dds scan. However, when I tried running the gmer scan my computer would simply crash and reboot itself (I tried to scan multiple times but with the same result).

DDS (Ver_10-12-12.02) - NTFSx86
Run by STUART at 18:00:47.32 on 17/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1141 [GMT 0:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Documents and Settings\STUART\Local Settings\Temp\1CEG0R2WM0IruJFGHWrFveETHY.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AutoShutdown\autoshutdown2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\STUART\Application Data\Purchased.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\STUART\My Documents\CCleaner.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Documents and Settings\STUART\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\STUART\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell=Explorer.exe ""
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\stuart\local settings\temp\1CEG0R2WM0IruJFGHWrFveETHY.exe,
mWinlogon: Taskman=c:\documents and settings\stuart\application data\winmsgr102.exe
uWindows: Load=c:\documents and settings\stuart\local settings\application data\MSHelp32.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AutoShutdown] c:\program files\autoshutdown\autoshutdown2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\stuart\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DefaultSystem] c:\documents and settings\all users\application data\Sys32c.exe
uRun: [CCleaner.exe] c:\documents and settings\stuart\my documents\CCleaner.exe
uRun: [Java Update] c:\documents and settings\all users\application data\update\bot\1.0.0.0\jusched.exe
uRun: [Windows Defender] c:\documents and settings\stuart\application data\Purchased.exe
uRun: [Startup] c:\documents and settings\stuart\application data\microsoft\csrss.exe
uRun: [tht4545ttr] c:\documents and settings\stuart\application data\winmsgr102.exe
uRun: [Hkcu] c:\documents and settings\stuart\local settings\temp\1CEG0R2WM0IruJFGHWrFveETHY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [lsass.exe] c:\documents and settings\stuart\application data\microsoft\system\services\lsass.exe
mRun: [Java Update] c:\documents and settings\all users\application data\update\bot\1.0.0.0\jusched.exe
mRun: [MSWUpdate] "c:\documents and settings\stuart\application data\lsass.exe"
mRun: [Windows Defender] c:\documents and settings\stuart\application data\Purchased.exe
mRun: [Windows Live Guards] c:\program files\winlogon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uExplorerRun: [Java Update] c:\documents and settings\all users\application data\update\bot\1.0.0.0\jusched.exe
mExplorerRun: [Java Update] c:\documents and settings\all users\application data\update\bot\1.0.0.0\jusched.exe
mExplorerRun: [Windows Defender] c:\documents and settings\stuart\application data\Purchased.exe
StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\stuart\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
uPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8063C8AD-BE5A-F1DB-BB73-123BF9ECAF4D} - c:\documents and settings\stuart\application data\WinDefender.exe
mASetup: {BDAEB625-CBFF-A31F-7C97-D4F5ABC8CAD4} - c:\documents and settings\stuart\application data\startup.exe
mASetup: {C70D2ECE-FAA6-8FC0-FDC2-C6EFFF3BD1DE} - c:\documents and settings\stuart\application data\file3.exe
mASetup: {CCBA4461-CA1F-D46F-8A24-FB92DFBD6E77} - c:\documents and settings\stuart\application data\bot.exe
mASetup: {D4DE25DB-EDFD-AB39-B108-234D4DCCAEF5} - c:\documents and settings\stuart\application data\Purchased.exe
uASetup: {8063C8AD-BE5A-F1DB-BB73-123BF9ECAF4D} - c:\documents and settings\stuart\application data\WinDefender.exe
uASetup: {BDAEB625-CBFF-A31F-7C97-D4F5ABC8CAD4} - c:\documents and settings\stuart\application data\startup.exe
uASetup: {C70D2ECE-FAA6-8FC0-FDC2-C6EFFF3BD1DE} - c:\documents and settings\stuart\application data\file3.exe
uASetup: {CCBA4461-CA1F-D46F-8A24-FB92DFBD6E77} - c:\documents and settings\stuart\application data\bot.exe
uASetup: {D4DE25DB-EDFD-AB39-B108-234D4DCCAEF5} - c:\documents and settings\stuart\application data\Purchased.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stuart\applic~1\mozilla\firefox\profiles\0x6m2f27.default\
FF - plugin: c:\documents and settings\stuart\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2010-3-24 16640]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-24 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-24 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-24 243024]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/26 22:54:51];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-3-29 16400]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-12-8 5241448]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\digifilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2010-4-25 4224]
S3 cpuz132;cpuz132;\??\c:\docume~1\stuart\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\stuart\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]

=============== Created Last 30 ================

2011-01-16 23:25:18 238080 ----a-w- c:\docume~1\stuart\applic~1\Purchased.exe
2011-01-16 23:25:18 238080 ----a-w- c:\docume~1\stuart\applic~1\microsoft\Ru4n.exe
2011-01-16 22:09:12 45788 ----a-w- c:\docume~1\stuart\applic~1\microsoft\Runt5.exe
2011-01-14 00:24:10 392192 ---h--w- c:\docume~1\stuart\applic~1\microsoft\Run76.exe
2011-01-14 00:24:10 392192 ---h--w- c:\docume~1\stuart\applic~1\file3.exe
2011-01-13 02:41:41 67094 --sh--r- c:\docume~1\stuart\applic~1\winmsgr102.exe
2011-01-04 21:48:45 -------- d-----w- c:\program files\iPod
2011-01-03 20:54:12 -------- d-----w- C:\Back to the Future Episode 1 – It’s About Time
2010-12-27 00:36:59 15360 ---h--w- c:\docume~1\stuart\applic~1\GetProcAddress.dll
2010-12-23 17:07:50 217088 --sha-r- c:\docume~1\stuart\applic~1\microsoft\csrss.exe
2010-12-23 02:52:45 -------- d-----w- C:\test
2010-12-23 02:22:19 9 ----a-w- c:\docume~1\stuart\applic~1\google_dxl[s8_2]rh_h.tmp
2010-12-23 02:22:19 9 ----a-w- c:\docume~1\stuart\applic~1\google__dxl[s8_2]rh_h.tmp
2010-12-23 02:22:18 -------- d-----w- c:\program files\KAZAA
2010-12-23 02:22:18 -------- d-----w- C:\My Downloads
2010-12-21 01:04:47 217088 ----a-w- c:\docume~1\stuart\applic~1\microsoft\3e832hdnd.exe
2010-12-20 22:32:28 159744 ---ha-w- c:\docume~1\stuart\applic~1\startup.exe
2010-12-20 21:57:03 380928 ---ha-w- c:\docume~1\stuart\applic~1\WinDefender.exe
2010-12-20 11:24:07 -------- d-----w- C:\Metallica - FAN CAN 6 (Copenhagen, 2009)

==================== Find3M ====================

2010-12-18 00:45:01 1506527 ----a-w- c:\program files\WindowsCannotFindFixWizard.exe
2010-12-11 20:58:14 5387303 ----a-w- c:\program files\SetupImgBurn_2.5.3.0.exe
2010-12-06 21:52:52 409600 ---ha-r- c:\docume~1\alluse~1\applic~1\Sys32c.exe
2010-12-03 16:45:29 3171688 ----a-w- c:\program files\h264encoder_setup.exe
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-18 23:09:43 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe
2010-10-16 15:06:55 4236872 ----a-w- c:\program files\veetle-0.9.18.exe
2010-09-30 18:14:15 36868 ----a-w- c:\program files\uninst-shine.exe
2010-08-28 22:40:51 4198724 ----a-w- c:\program files\FileZilla_3.3.4.1_win32-setup.exe
2010-07-25 21:58:37 327984 ----a-w- c:\program files\utorrent.exe
2010-07-21 21:10:53 652794 ----a-w- c:\program files\Xvid-1.2.2-07062009.exe
2010-07-21 19:30:15 9591104 ----a-w- c:\program files\DTLite4356-0091.exe
2010-07-03 16:58:39 4182178 ----a-w- c:\program files\Avisynth_258.exe
2010-07-02 12:23:51 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-07-01 23:50:21 6110528 ----a-w- c:\program files\HitmanPro35.exe
2010-07-01 23:50:03 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-06-27 20:58:10 44640513 ----a-w- c:\program files\XviD4PSP_5.0.37.8_r132.exe
2010-06-27 20:51:59 2945816 ----a-w- c:\program files\dotnetfx3setup.exe
2010-06-27 19:15:25 562848 ----a-w- c:\program files\ChromeSetup.exe
2010-06-27 19:15:10 8412560 ----a-w- c:\program files\Firefox Setup 3.6.6.exe
2010-06-26 23:36:03 54822952 ----a-w- c:\program files\AVSVideoConverter.exe
2010-06-25 16:38:28 16420454 ----a-w- c:\program files\K-Lite_Codec_Pack_604_Full.exe
2010-06-25 16:33:00 5265686 ----a-w- c:\program files\ffdshow_rev3452_20100524.exe
2010-06-07 13:37:50 11873890 ----a-w- c:\program files\audacity-win-unicode-1.3.12.exe
2010-04-29 18:40:56 19231200 ----a-w- c:\program files\JDownloaderSetup.exe
2010-04-26 14:57:22 83214632 ----a-w- c:\program files\197.54_Quadro_winxp_32bit_international_whql.exe
2010-04-25 21:24:09 374064 ----a-w- c:\program files\GPU-Z.0.2.9.exe
2010-04-25 20:46:39 2841613 ----a-w- c:\program files\RivaTuner224c-[Guru3D.com].exe
2010-04-25 20:42:54 521568 ----a-w- c:\program files\GPU-Z.0.4.2.exe
2010-04-23 14:28:32 23510720 ----a-w- c:\program files\dotnetfx.exe
2010-04-23 14:27:01 4886870 ----a-w- c:\program files\HandBrake-0.9.4-Win_GUI.exe
2010-04-19 23:48:40 156904 ----a-w- c:\program files\RapportSetup.exe
2010-04-15 14:01:28 2394408 ----a-w- c:\program files\mp3tagv246asetup.exe
2010-04-13 00:06:00 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-04-12 18:46:33 11261295 ----a-w- c:\program files\total-video-converter.exe
2010-04-11 18:04:14 600680 ----a-w- c:\program files\nvudisp.exe
2010-04-11 18:04:14 535552 ----a-w- c:\program files\ISSetup.dll
2010-04-11 18:04:14 509 ----a-w- c:\program files\layout.bin
2010-04-11 18:04:14 4315496 ----a-w- c:\program files\PDsetup.exe
2010-04-11 18:04:14 148416 ----a-w- c:\program files\_setup.dll
2010-04-09 13:35:42 2668544 ----a-w- c:\program files\VirtualDub.exe
2010-04-09 13:35:18 8704 ----a-w- c:\program files\vdub.exe
2010-04-09 13:35:18 69632 ----a-w- c:\program files\auxsetup.exe
2010-04-09 13:35:16 73728 ----a-w- c:\program files\vdremote.dll
2010-04-09 13:35:16 69632 ----a-w- c:\program files\vdicmdrv.dll
2010-04-09 13:34:54 65536 ----a-w- c:\program files\vdsvrlnk.dll
2010-03-30 18:27:24 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe
2010-03-24 18:53:08 15590766 ----a-w- c:\program files\K-Lite_Codec_Pack_583_Full.exe
2010-03-24 18:50:08 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe
2009-06-06 15:27:46 5566192 ----a-w- c:\program files\DVDx_2_20_setup.exe
2008-04-24 17:01:54 1352 ----a-w- c:\program files\dvbuffers.bat
2004-04-25 10:57:24 210109 ----a-w- c:\program files\rpc412_setup.exe
2002-06-21 16:54:48 155648 ----a-w- c:\program files\DVD2AVI.vfp
2000-07-01 12:12:18 48640 ----a-w- c:\program files\DeinterlacePALMovie.vdf

============= FINISH: 18:01:02.09 ===============

Attached Files

Attach.txt 11.01KB 1 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:11:25 AM

Posted 18 January 2011 - 12:44 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:

Tools->Options->Main tab
Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#3 stukirwan

Topic Starter

Members
19 posts
OFFLINE

Local time:03:25 AM

Posted 19 January 2011 - 11:28 AM

Thank you for the reply.

I tried following the steps you gave, however, when I tried running ComboFix it failed because it said it cannot run when AVG is installed. I made sure I disabled my anti-virus and firewall before I tried so I don't know why it says that. I also tried to uninstall AVG with the intention of re-installing after the scan, however, I could not do that as it said that 'access is denied' when I tried running the uninstall.

#4 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:11:25 AM

Posted 19 January 2011 - 06:25 PM

Please uninstall AVG via below program..

http://www.appremover.com/

Below is the tutorial on how to use it..

http://www.appremover.com/about/using-appremover.html

Then after that, restart your computer and re-download a fresh copy of ComboFix and try to run it again.. If still fails, please run ComboFix in Safe Mode

Tell me more how it goes..

#5 stukirwan

Topic Starter

Members
19 posts
OFFLINE

Local time:03:25 AM

Posted 19 January 2011 - 10:07 PM

Thanks, that worked great. Here is my ComboFix log:

ComboFix 11-01-19.01 - STUART 20/01/2011 3:01.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1557 [GMT 0:00]
Running from: c:\documents and settings\STUART\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Sys32c.exe
c:\documents and settings\All Users\Application Data\update\bot
c:\documents and settings\All Users\Application Data\update\bot\1.0.0.0\jusched.exe
c:\documents and settings\STUART\Application Data\data.dat
c:\documents and settings\STUART\Application Data\File3.exe
c:\documents and settings\STUART\Application Data\google__c5[t9_1]mk-w.tmp
c:\documents and settings\STUART\Application Data\google__dxl[s8_2]rh_h.tmp
c:\documents and settings\STUART\Application Data\google_c5[t9_1]mk-w.tmp
c:\documents and settings\STUART\Application Data\google_dxl[s8_2]rh_h.tmp
c:\documents and settings\STUART\Application Data\Microsoft\3e832hdnd.exe
c:\documents and settings\STUART\Application Data\Microsoft\csrss.exe
c:\documents and settings\STUART\Application Data\Microsoft\Ru4n.exe
c:\documents and settings\STUART\Application Data\Microsoft\Run7.exe
c:\documents and settings\STUART\Application Data\Microsoft\Run76.exe
c:\documents and settings\STUART\Application Data\Microsoft\Run87.exe
c:\documents and settings\STUART\Application Data\Microsoft\Runt5.exe
c:\documents and settings\STUART\Application Data\microsoft\system\services\lsass.exe
c:\documents and settings\STUART\Application Data\Purchased.exe
c:\documents and settings\STUART\Application Data\vinsystem.exe
c:\documents and settings\STUART\Application Data\WinDefender.exe
c:\program files\winlogon.exe
c:\windows\system32\twunk_32.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.

2011-01-19 01:34 . 2011-01-19 01:35 88093 ----a-w- c:\windows\phqghumeaylnlfdxfirc.exe
2011-01-04 21:48 . 2011-01-04 21:48 -------- d-----w- c:\program files\iPod
2011-01-03 20:54 . 2011-01-03 20:57 -------- d-----w- C:\Back to the Future Episode 1 – It’s About Time
2010-12-27 00:36 . 2010-12-27 00:36 15360 ---h--w- c:\documents and settings\STUART\Application Data\GetProcAddress.dll
2010-12-23 02:52 . 2010-12-29 12:00 -------- d-----w- C:\test
2010-12-23 02:22 . 2010-12-23 02:22 -------- d-----w- c:\program files\KAZAA
2010-12-23 02:22 . 2010-12-23 02:22 -------- d-----w- C:\My Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 02:24 . 2010-12-20 22:32 159744 ---ha-w- c:\documents and settings\STUART\Application Data\startup.exe
2010-12-18 00:45 . 2010-12-18 00:45 1506527 ----a-w- c:\program files\WindowsCannotFindFixWizard.exe
2010-12-11 20:58 . 2010-12-11 20:56 5387303 ----a-w- c:\program files\SetupImgBurn_2.5.3.0.exe
2010-12-03 16:45 . 2010-12-03 16:45 3171688 ----a-w- c:\program files\h264encoder_setup.exe
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-03-24 14:26 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-14 04:42 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2008-04-14 04:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 04:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2008-04-13 23:07 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-13 23:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 04:39 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-14 00:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-18 23:09 . 2010-10-18 23:08 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe
2010-10-16 15:06 . 2010-10-16 15:06 4236872 ----a-w- c:\program files\veetle-0.9.18.exe
2010-09-30 18:14 . 2010-09-30 18:14 36868 ----a-w- c:\program files\uninst-shine.exe
2010-08-28 22:40 . 2010-08-28 22:40 4198724 ----a-w- c:\program files\FileZilla_3.3.4.1_win32-setup.exe
2010-07-25 21:58 . 2010-03-24 18:37 327984 ----a-w- c:\program files\utorrent.exe
2010-07-21 21:10 . 2010-07-21 21:10 652794 ----a-w- c:\program files\Xvid-1.2.2-07062009.exe
2010-07-21 19:30 . 2010-07-21 19:30 9591104 ----a-w- c:\program files\DTLite4356-0091.exe
2010-07-03 16:58 . 2010-07-03 16:58 4182178 ----a-w- c:\program files\Avisynth_258.exe
2010-07-02 12:23 . 2010-07-02 12:23 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-07-01 23:50 . 2010-07-01 23:50 6110528 ----a-w- c:\program files\HitmanPro35.exe
2010-07-01 23:50 . 2010-07-01 23:50 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-06-27 20:58 . 2010-06-27 20:52 44640513 ----a-w- c:\program files\XviD4PSP_5.0.37.8_r132.exe
2010-06-27 20:51 . 2010-06-27 20:51 2945816 ----a-w- c:\program files\dotnetfx3setup.exe
2010-06-27 19:15 . 2010-06-27 19:15 562848 ----a-w- c:\program files\ChromeSetup.exe
2010-06-27 19:15 . 2010-06-27 19:15 8412560 ----a-w- c:\program files\Firefox Setup 3.6.6.exe
2010-06-26 23:36 . 2010-06-26 23:27 54822952 ----a-w- c:\program files\AVSVideoConverter.exe
2010-06-25 16:38 . 2010-06-25 16:35 16420454 ----a-w- c:\program files\K-Lite_Codec_Pack_604_Full.exe
2010-06-25 16:33 . 2010-06-25 16:32 5265686 ----a-w- c:\program files\ffdshow_rev3452_20100524.exe
2010-06-07 13:37 . 2010-06-07 13:37 11873890 ----a-w- c:\program files\audacity-win-unicode-1.3.12.exe
2010-04-29 18:40 . 2010-04-29 18:34 19231200 ----a-w- c:\program files\JDownloaderSetup.exe
2010-04-26 14:57 . 2010-04-26 14:56 83214632 ----a-w- c:\program files\197.54_Quadro_winxp_32bit_international_whql.exe
2010-04-25 21:24 . 2010-04-25 21:24 374064 ----a-w- c:\program files\GPU-Z.0.2.9.exe
2010-04-25 20:46 . 2010-04-25 20:46 2841613 ----a-w- c:\program files\RivaTuner224c-[Guru3D.com].exe
2010-04-25 20:42 . 2010-04-25 20:42 521568 ----a-w- c:\program files\GPU-Z.0.4.2.exe
2010-04-23 14:28 . 2010-04-23 14:28 23510720 ----a-w- c:\program files\dotnetfx.exe
2010-04-23 14:27 . 2010-04-23 14:26 4886870 ----a-w- c:\program files\HandBrake-0.9.4-Win_GUI.exe
2010-04-19 23:48 . 2010-04-19 23:48 156904 ----a-w- c:\program files\RapportSetup.exe
2010-04-15 14:01 . 2010-04-15 14:01 2394408 ----a-w- c:\program files\mp3tagv246asetup.exe
2010-04-13 00:06 . 2010-04-13 00:05 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-04-12 18:46 . 2010-04-12 18:45 11261295 ----a-w- c:\program files\total-video-converter.exe
2010-04-11 18:04 . 2010-04-25 21:30 600680 ----a-w- c:\program files\nvudisp.exe
2010-04-11 18:04 . 2010-04-25 21:30 535552 ----a-w- c:\program files\ISSetup.dll
2010-04-11 18:04 . 2010-04-25 21:30 4315496 ----a-w- c:\program files\PDsetup.exe
2010-04-11 18:04 . 2010-04-25 21:30 148416 ----a-w- c:\program files\_setup.dll
2010-04-11 18:04 . 2010-04-25 21:30 509 ----a-w- c:\program files\layout.bin
2010-04-09 13:35 . 2010-04-12 18:43 2668544 ----a-w- c:\program files\VirtualDub.exe
2010-04-09 13:35 . 2010-04-12 18:43 8704 ----a-w- c:\program files\vdub.exe
2010-04-09 13:35 . 2010-04-12 18:43 69632 ----a-w- c:\program files\auxsetup.exe
2010-04-09 13:35 . 2010-04-12 18:43 73728 ----a-w- c:\program files\vdremote.dll
2010-04-09 13:35 . 2010-04-12 18:43 69632 ----a-w- c:\program files\vdicmdrv.dll
2010-04-09 13:34 . 2010-04-12 18:43 65536 ----a-w- c:\program files\vdsvrlnk.dll
2010-03-30 18:27 . 2010-03-30 18:27 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe
2010-03-24 18:53 . 2010-03-24 18:50 15590766 ----a-w- c:\program files\K-Lite_Codec_Pack_583_Full.exe
2010-03-24 18:50 . 2010-03-24 18:49 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe
2009-06-06 15:27 . 2010-04-23 13:59 5566192 ----a-w- c:\program files\DVDx_2_20_setup.exe
2008-04-24 17:01 . 2010-04-25 22:25 1352 ----a-w- c:\program files\dvbuffers.bat
2004-04-25 10:57 . 2010-04-28 21:41 210109 ----a-w- c:\program files\rpc412_setup.exe
2002-06-21 16:54 . 2010-04-12 18:46 155648 ----a-w- c:\program files\DVD2AVI.vfp
2000-07-01 12:12 . 2010-04-23 14:32 48640 ----a-w- c:\program files\DeinterlacePALMovie.vdf
.

<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoShutdown"="c:\program files\AutoShutdown\autoshutdown2.exe" [2001-05-15 572416]
"Google Update"="c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-24 136176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DefaultSystem"="c:\documents and settings\All Users\Application Data\Sys32c.exe" [N/A]
"CCleaner.exe"="c:\documents and settings\STUART\My Documents\CCleaner.exe" [2010-12-09 77824]
"Java Update"="c:\documents and settings\All Users\Application Data\update\Bot\1.0.0.0\jusched.exe" [N/A]
"Windows Live Guards"="c:\program files\winlogon.exe" [N/A]
"vinsystem"="c:\documents and settings\STUART\Application Data\vinsystem.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-11 13671016]
"lsass.exe"="c:\documents and settings\STUART\Application Data\Microsoft\System\Services\lsass.exe" [N/A]
"MSWUpdate"="c:\documents and settings\STUART\Application Data\lsass.exe" [N/A]
"Windows Live Guards"="c:\program files\winlogon.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Java Update"="c:\documents and settings\All Users\Application Data\update\Bot\1.0.0.0\jusched.exe" [N/A]

c:\documents and settings\STUART\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\STUART\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-12-11 2322432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI1"=diomidi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^STUART^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\STUART\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-24 18:20 136176 ----atw- c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\STUART\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\STUART\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\STUART\\Application Data\\startup.exe"=
"Windows Live Guards"= c:\program files\winlogon.exe
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [24/03/2010 15:00 16640]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/26 22:54];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13/03/2010 11:58 87536]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [29/03/2010 23:34 16400]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 13:13 38144]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [08/12/2009 06:14 5241448]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 15:02 287232]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [25/04/2010 21:20 4224]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 12:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 12:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 12:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 12:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 12:54 98568]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/03/2010 23:27 691696]
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1284227242-725345543-1003Core.job
- c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-24 18:20]

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1284227242-725345543-1003UA.job
- c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-24 18:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\STUART\Application Data\Mozilla\Firefox\Profiles\0x6m2f27.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-20 03:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,2c,2f,42,db,46,22,41,b1,a6,e5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,2c,2f,42,db,46,22,41,b1,a6,e5,\

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2455470:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{1A31BD10-982C-2EAC-8D06-40D4BDCF799A}\Version 1.1]
@DACL=
"dat"="806585365:{80C6EEB1-8D38-8964-B7F1-0987F8F4966B}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2455491:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{F58F1714-975B-665F-32F0-732C04CFEE3A}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516232149:{DED00951-421A-6979-81D7-907A400CCF2D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{1A31BD10-982C-2EAC-8D06-40D4BDCF799A}\Version 3.x]
@DACL=
"dat"="1767914624:{EA95ABB1-394B-ED1C-8412-6D6A8F00C22A}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923714858:{51082288-9B81-1CD4-6722-3BF34B2D521F}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{E1AD22BD-D0FB-0229-1EA5-50D91248E7CF}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234521854:{4E101126-56DF-3490-DAB0-FA8DAC23D224}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="8:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
Completion time: 2011-01-20 03:06:15
ComboFix-quarantined-files.txt 2011-01-20 03:06

Pre-Run: 278,857,789,440 bytes free
Post-Run: 279,372,746,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Avid 2.7GB" /3GB /userva=2700 /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D92E29CB0C88E5EE44965C602D5AF02F

#6 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:11:25 AM

Posted 20 January 2011 - 07:30 AM

1. Please open Notepad

If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.bleepingcomputer.com/forums/topic373970.html/page__view__findpost__p__2101265

KillAll::

Collect::
c:\documents and settings\STUART\Application Data\startup.exe
c:\windows\phqghumeaylnlfdxfirc.exe
c:\documents and settings\All Users\Application Data\Sys32c.exe
c:\documents and settings\STUART\Application Data\vinsystem.exe
c:\documents and settings\STUART\Application Data\Microsoft\System\Services\lsass.exe
c:\documents and settings\STUART\Application Data\lsass.exe
c:\program files\winlogon.exe

RenV::
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DefaultSystem"=-
"Java Update"=-
"Windows Live Guards"=-
"vinsystem"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lsass.exe"=-
"MSWUpdate"=-
"Windows Live Guards"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Java Update"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe/KittyFix.exe as depicted in the animation below. This will start ComboFix/KittyFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

**Note**

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.
Simply follow the instructions to copy/paste/send the requested file.

Note::
If Combofix fails to upload the file, please find C:\Qoobox\Quarantined Files\Submit(Time and date here).zip and upload it at this site

#7 stukirwan

Topic Starter

Members
19 posts
OFFLINE

Local time:03:25 AM

Posted 21 January 2011 - 09:30 PM

OK, here is my new ComboFix log. I also uploaded the required .zip file as ComboFix did not seem to upload the file.

ComboFix 11-01-19.01 - STUART 22/01/2011 1:20.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1601 [GMT 0:00]
Running from: c:\documents and settings\STUART\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\STUART\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
.

2011-01-20 13:33 . 2011-01-20 13:33 -------- d-----w- c:\documents and settings\STUART\Application Data\AVG10
2011-01-20 13:28 . 2011-01-20 13:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-20 13:27 . 2011-01-21 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-01-20 13:22 . 2011-01-20 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-20 02:58 . 2011-01-20 03:06 -------- d-----w- C:\Combo-Fix
2011-01-04 21:48 . 2011-01-04 21:48 -------- d-----w- c:\program files\iPod
2011-01-03 20:54 . 2011-01-03 20:57 -------- d-----w- C:\Back to the Future Episode 1 – It’s About Time
2010-12-27 00:36 . 2010-12-27 00:36 15360 ---h--w- c:\documents and settings\STUART\Application Data\GetProcAddress.dll
2010-12-23 02:52 . 2010-12-29 12:00 -------- d-----w- C:\test
2010-12-23 02:22 . 2010-12-23 02:22 -------- d-----w- c:\program files\KAZAA
2010-12-23 02:22 . 2010-12-23 02:22 -------- d-----w- C:\My Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 00:45 . 2010-12-18 00:45 1506527 ----a-w- c:\program files\WindowsCannotFindFixWizard.exe
2010-12-11 20:58 . 2010-12-11 20:56 5387303 ----a-w- c:\program files\SetupImgBurn_2.5.3.0.exe
2010-12-03 16:45 . 2010-12-03 16:45 3171688 ----a-w- c:\program files\h264encoder_setup.exe
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-03-24 14:26 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-14 04:42 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2008-04-14 04:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 04:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2008-04-13 23:07 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-13 23:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 04:39 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-14 00:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-18 23:09 . 2010-10-18 23:08 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe
2010-10-16 15:06 . 2010-10-16 15:06 4236872 ----a-w- c:\program files\veetle-0.9.18.exe
2010-09-30 18:14 . 2010-09-30 18:14 36868 ----a-w- c:\program files\uninst-shine.exe
2010-08-28 22:40 . 2010-08-28 22:40 4198724 ----a-w- c:\program files\FileZilla_3.3.4.1_win32-setup.exe
2010-07-25 21:58 . 2010-03-24 18:37 327984 ----a-w- c:\program files\utorrent.exe
2010-07-21 21:10 . 2010-07-21 21:10 652794 ----a-w- c:\program files\Xvid-1.2.2-07062009.exe
2010-07-21 19:30 . 2010-07-21 19:30 9591104 ----a-w- c:\program files\DTLite4356-0091.exe
2010-07-03 16:58 . 2010-07-03 16:58 4182178 ----a-w- c:\program files\Avisynth_258.exe
2010-07-02 12:23 . 2010-07-02 12:23 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-07-01 23:50 . 2010-07-01 23:50 6110528 ----a-w- c:\program files\HitmanPro35.exe
2010-07-01 23:50 . 2010-07-01 23:50 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-06-27 20:58 . 2010-06-27 20:52 44640513 ----a-w- c:\program files\XviD4PSP_5.0.37.8_r132.exe
2010-06-27 20:51 . 2010-06-27 20:51 2945816 ----a-w- c:\program files\dotnetfx3setup.exe
2010-06-27 19:15 . 2010-06-27 19:15 562848 ----a-w- c:\program files\ChromeSetup.exe
2010-06-27 19:15 . 2010-06-27 19:15 8412560 ----a-w- c:\program files\Firefox Setup 3.6.6.exe
2010-06-26 23:36 . 2010-06-26 23:27 54822952 ----a-w- c:\program files\AVSVideoConverter.exe
2010-06-25 16:38 . 2010-06-25 16:35 16420454 ----a-w- c:\program files\K-Lite_Codec_Pack_604_Full.exe
2010-06-25 16:33 . 2010-06-25 16:32 5265686 ----a-w- c:\program files\ffdshow_rev3452_20100524.exe
2010-06-07 13:37 . 2010-06-07 13:37 11873890 ----a-w- c:\program files\audacity-win-unicode-1.3.12.exe
2010-04-29 18:40 . 2010-04-29 18:34 19231200 ----a-w- c:\program files\JDownloaderSetup.exe
2010-04-26 14:57 . 2010-04-26 14:56 83214632 ----a-w- c:\program files\197.54_Quadro_winxp_32bit_international_whql.exe
2010-04-25 21:24 . 2010-04-25 21:24 374064 ----a-w- c:\program files\GPU-Z.0.2.9.exe
2010-04-25 20:46 . 2010-04-25 20:46 2841613 ----a-w- c:\program files\RivaTuner224c-[Guru3D.com].exe
2010-04-25 20:42 . 2010-04-25 20:42 521568 ----a-w- c:\program files\GPU-Z.0.4.2.exe
2010-04-23 14:28 . 2010-04-23 14:28 23510720 ----a-w- c:\program files\dotnetfx.exe
2010-04-23 14:27 . 2010-04-23 14:26 4886870 ----a-w- c:\program files\HandBrake-0.9.4-Win_GUI.exe
2010-04-19 23:48 . 2010-04-19 23:48 156904 ----a-w- c:\program files\RapportSetup.exe
2010-04-15 14:01 . 2010-04-15 14:01 2394408 ----a-w- c:\program files\mp3tagv246asetup.exe
2010-04-13 00:06 . 2010-04-13 00:05 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-04-12 18:46 . 2010-04-12 18:45 11261295 ----a-w- c:\program files\total-video-converter.exe
2010-04-11 18:04 . 2010-04-25 21:30 600680 ----a-w- c:\program files\nvudisp.exe
2010-04-11 18:04 . 2010-04-25 21:30 535552 ----a-w- c:\program files\ISSetup.dll
2010-04-11 18:04 . 2010-04-25 21:30 4315496 ----a-w- c:\program files\PDsetup.exe
2010-04-11 18:04 . 2010-04-25 21:30 148416 ----a-w- c:\program files\_setup.dll
2010-04-11 18:04 . 2010-04-25 21:30 509 ----a-w- c:\program files\layout.bin
2010-04-09 13:35 . 2010-04-12 18:43 2668544 ----a-w- c:\program files\VirtualDub.exe
2010-04-09 13:35 . 2010-04-12 18:43 8704 ----a-w- c:\program files\vdub.exe
2010-04-09 13:35 . 2010-04-12 18:43 69632 ----a-w- c:\program files\auxsetup.exe
2010-04-09 13:35 . 2010-04-12 18:43 73728 ----a-w- c:\program files\vdremote.dll
2010-04-09 13:35 . 2010-04-12 18:43 69632 ----a-w- c:\program files\vdicmdrv.dll
2010-04-09 13:34 . 2010-04-12 18:43 65536 ----a-w- c:\program files\vdsvrlnk.dll
2010-03-30 18:27 . 2010-03-30 18:27 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe
2010-03-24 18:53 . 2010-03-24 18:50 15590766 ----a-w- c:\program files\K-Lite_Codec_Pack_583_Full.exe
2010-03-24 18:50 . 2010-03-24 18:49 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe
2009-06-06 15:27 . 2010-04-23 13:59 5566192 ----a-w- c:\program files\DVDx_2_20_setup.exe
2008-04-24 17:01 . 2010-04-25 22:25 1352 ----a-w- c:\program files\dvbuffers.bat
2004-04-25 10:57 . 2010-04-28 21:41 210109 ----a-w- c:\program files\rpc412_setup.exe
2002-06-21 16:54 . 2010-04-12 18:46 155648 ----a-w- c:\program files\DVD2AVI.vfp
2000-07-01 12:12 . 2010-04-23 14:32 48640 ----a-w- c:\program files\DeinterlacePALMovie.vdf
.

((((((((((((((((((((((((((((( SnapShot@2011-01-20_03.04.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 00:02 . 2009-07-12 00:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-01-22 01:29 . 2011-01-22 01:29 16384 c:\windows\temp\Perflib_Perfdata_78c.dat
+ 2011-01-22 01:28 . 2011-01-22 01:28 16384 c:\windows\temp\Perflib_Perfdata_1b0.dat
+ 2009-07-12 00:02 . 2009-07-12 00:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-01-20 13:27 . 2011-01-20 13:27 219648 c:\windows\Installer\2ce9c1.msi
+ 2009-07-12 00:02 . 2009-07-12 00:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-01-20 13:28 . 2011-01-20 13:28 3141632 c:\windows\Installer\2ce9c9.msi
+ 2011-01-20 13:27 . 2011-01-20 13:27 1568768 c:\windows\Installer\2ce9c5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoShutdown"="c:\program files\AutoShutdown\autoshutdown2.exe" [2001-05-15 572416]
"Google Update"="c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-24 136176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-11 13671016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\documents and settings\STUART\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\STUART\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-12-11 2322432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI1"=diomidi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^STUART^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\STUART\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-24 18:20 136176 ----atw- c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\STUART\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\STUART\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"Windows Live Guards"= c:\program files\winlogon.exe
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [24/03/2010 15:00 16640]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/26 22:54];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13/03/2010 11:58 87536]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [29/03/2010 23:34 16400]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 13:13 38144]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [08/12/2009 06:14 5241448]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 15:02 287232]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [25/04/2010 21:20 4224]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 12:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 12:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 12:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 12:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 12:54 98568]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/03/2010 23:27 691696]
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1284227242-725345543-1003Core.job
- c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-24 18:20]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1284227242-725345543-1003UA.job
- c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-24 18:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\STUART\Application Data\Mozilla\Firefox\Profiles\0x6m2f27.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 01:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,2c,2f,42,db,46,22,41,b1,a6,e5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,2c,2f,42,db,46,22,41,b1,a6,e5,\

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2455470:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{1A31BD10-982C-2EAC-8D06-40D4BDCF799A}\Version 1.1]
@DACL=
"dat"="806585365:{80C6EEB1-8D38-8964-B7F1-0987F8F4966B}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2455491:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{F58F1714-975B-665F-32F0-732C04CFEE3A}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516232149:{DED00951-421A-6979-81D7-907A400CCF2D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{1A31BD10-982C-2EAC-8D06-40D4BDCF799A}\Version 3.x]
@DACL=
"dat"="1767914624:{EA95ABB1-394B-ED1C-8412-6D6A8F00C22A}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923714858:{51082288-9B81-1CD4-6722-3BF34B2D521F}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{E1AD22BD-D0FB-0229-1EA5-50D91248E7CF}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234521854:{4E101126-56DF-3490-DAB0-FA8DAC23D224}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="8:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2248)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Digidesign\Drivers\MMERefresh.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-01-22 01:33:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-22 01:33
ComboFix2.txt 2011-01-21 19:11
ComboFix3.txt 2011-01-20 03:06

Pre-Run: 279,252,119,552 bytes free
Post-Run: 279,235,604,480 bytes free

- - End Of File - - E95F4C42AB58EBC91FDB34E2CABC7142

#8 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:11:25 AM

Posted 21 January 2011 - 09:59 PM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

How's the computer now?

#9 stukirwan

Topic Starter

Members
19 posts
OFFLINE

Local time:03:25 AM

Posted 24 January 2011 - 02:39 PM

OK, I've run those scans and the computer seems to be working much better now. I'm not getting any of the error messages when I boot the computer and there doesn't seem to be many problems in general. Here is the MBAM report:

#10 stukirwan

Topic Starter

Members
19 posts
OFFLINE

Local time:03:25 AM

Posted 24 January 2011 - 03:30 PM

Forgot to post the log, here you go:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5590

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/01/2011 19:38:01
mbam-log-2011-01-24 (19-38-01).txt

Scan type: Full scan (C:\|D:\|J:\|)
Objects scanned: 356603
Time elapsed: 1 hour(s), 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\nero 7.10.1.0\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\program files\quicktime player pro v7.66.71\keygen-di.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\program files\guitar.pro 5.2\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\STUART\application data\file3.exe.vir (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\STUART\application data\purchased.exe.vir (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\STUART\application data\microsoft\ru4n.exe.vir (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\STUART\application data\microsoft\run76.exe.vir (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460388c6-c8f5-4998-811f-d82a784901e5}\RP1\A0000129.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460388c6-c8f5-4998-811f-d82a784901e5}\RP1\A0000132.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460388c6-c8f5-4998-811f-d82a784901e5}\RP1\A0000134.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460388c6-c8f5-4998-811f-d82a784901e5}\RP1\A0000138.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
d:\adobe.photoshop.cs5.extended.keygen.only.embrace\Keygen\keygen.exe (Spyware.Spyeyes) -> Quarantined and deleted successfully.

#11 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:11:25 AM

Posted 24 January 2011 - 10:45 PM

Looks good to me.. Lets do some cleanup...

Please download OTC and save it to Desktop.

Make sure you have internet connection..
Double-click OTC
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes

Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos

Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread

Have a safe and happy computing day!

Regards
fenzodahl512

#12 stukirwan

Topic Starter

Members
19 posts
OFFLINE

Local time:03:25 AM

Posted 31 January 2011 - 02:04 PM

Hi,

As far as I can tell my computer is working perfectly fine again, thank you so much for all of your help, it really is appreciated!

#13 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:11:25 AM

Posted 01 February 2011 - 10:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.