Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is running slow, possible rootkit infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 Psyho

Psyho

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 27 February 2011 - 10:56 AM

Hi,


My computer is running slow, and it's became boring, I have to wait for each operation for 1 minut. Scanned computer with ComboFix and I think it removed rootkit, but it's back again, and I don't know how to get rid of it
Here is a DDS logs, but when I run GMER computer restart!
Here is DDS.txt log


DDS (Ver_10-12-12.02) - NTFSx86
Run by PsYhO at 16:20:50.15 on Sun 02/27/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.132 [GMT 1:00]

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled*
FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Documents and Settings\PsYhO\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=;ftp=;https=;
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\psyho\applic~1\mozilla\firefox\profiles\7n9kt4tt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-2-26 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-2-26 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-2-26 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-26 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-26 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-26 40384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-25 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-25 20952]
S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-2-26 119200]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-26 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-26 40384]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [2011-2-24 616064]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2011-2-24 158720]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2011-2-24 5248]

=============== Created Last 30 ================

2011-02-27 15:18:37 -------- d-----w- c:\windows\pss
2011-02-27 01:43:52 -------- d-----w- c:\program files\directx
2011-02-27 01:43:50 385100 ------w- c:\windows\system32\MSVCRTD.DLL
2011-02-27 01:43:49 516173 ------w- c:\windows\system32\MSVCP60D.DLL
2011-02-27 01:43:48 798773 ------w- c:\windows\system32\MFCO42D.DLL
2011-02-27 01:43:47 929844 ------w- c:\windows\system32\MFC42D.DLL
2011-02-27 00:57:15 -------- d-----w- c:\docume~1\psyho\applic~1\PriceGong
2011-02-27 00:53:44 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\AskToolbar
2011-02-26 23:28:45 -------- d-----w- c:\program files\ESET
2011-02-26 23:16:50 -------- d-----w- c:\program files\SIW
2011-02-26 22:33:30 98816 ----a-w- c:\windows\sed.exe
2011-02-26 22:33:30 89088 ----a-w- c:\windows\MBR.exe
2011-02-26 22:33:30 256512 ----a-w- c:\windows\PEV.exe
2011-02-26 22:33:30 161792 ----a-w- c:\windows\SWREG.exe
2011-02-26 22:33:20 -------- d-----w- C:\ComboFix
2011-02-26 21:34:06 -------- d-sha-r- C:\cmdcons
2011-02-26 20:59:33 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\Conduit
2011-02-26 20:59:29 -------- d-----w- c:\program files\Conduit
2011-02-26 20:59:09 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\uTorrentBar
2011-02-26 20:58:29 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\ConduitEngine
2011-02-26 20:58:08 -------- d-----w- c:\program files\ConduitEngine
2011-02-26 20:57:35 -------- d-----w- c:\program files\uTorrentBar
2011-02-26 20:57:35 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\Temp
2011-02-26 20:56:32 -------- d-----w- c:\program files\uTorrent
2011-02-26 19:56:36 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-26 19:56:34 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-02-26 19:55:22 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-02-26 19:53:07 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-02-26 19:53:06 38848 ----a-w- c:\windows\avastSS.scr
2011-02-26 19:52:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-26 19:43:09 -------- d-----w- c:\program files\Computerbrains
2011-02-26 19:41:44 306688 ----a-w- c:\windows\IsUninst.exe
2011-02-26 19:41:41 -------- d-----w- c:\documents and settings\psyho\WINDOWS
2011-02-26 19:26:07 -------- d-----w- c:\docume~1\psyho\applic~1\URSoft
2011-02-26 19:25:51 -------- d-----w- C:\$AVG
2011-02-26 18:49:30 -------- d-----w- C:\oldgames
2011-02-26 18:32:02 -------- d-----w- c:\program files\DOSBox-0.72
2011-02-26 13:29:10 215920 ----a-w- c:\windows\system32\muweb.dll
2011-02-26 13:29:10 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-02-26 13:29:09 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-25 23:43:38 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\Native Instruments
2011-02-25 23:32:20 -------- d-----w- c:\program files\common files\Digidesign
2011-02-25 23:29:26 -------- d-----w- c:\program files\common files\Native Instruments
2011-02-25 23:29:25 -------- d-----w- c:\program files\Native Instruments
2011-02-25 23:28:34 17408 ------w- c:\windows\system32\minimp3.exe
2011-02-25 23:27:27 -------- d-----w- c:\program files\Cakewalk
2011-02-25 23:27:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cakewalk
2011-02-25 23:25:17 -------- d-----w- c:\program files\ASIO4ALL v2
2011-02-25 23:24:53 225280 ----a-w- c:\windows\system32\rewire.dll
2011-02-25 23:19:03 -------- d-----w- c:\program files\VstPlugins
2011-02-25 23:18:44 -------- d-----w- c:\program files\Outsim
2011-02-25 23:07:10 -------- d-----w- c:\program files\Image-Line
2011-02-25 21:39:06 -------- d-----w- c:\docume~1\psyho\applic~1\AutoHideIP
2011-02-25 21:39:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\AutoHideIP
2011-02-25 21:38:11 -------- d-----w- c:\program files\Ask.com
2011-02-25 21:37:00 -------- d-----w- c:\program files\AutoHideIP
2011-02-25 21:28:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-25 21:28:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-25 21:28:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-25 21:06:31 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-02-25 19:06:12 -------- d-----w- c:\documents and settings\psyho\Tracing
2011-02-25 18:56:20 -------- d-----w- c:\program files\Microsoft
2011-02-25 18:55:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-25 18:49:39 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc2B.tmp
2011-02-25 01:57:59 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-02-25 00:22:04 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-25 00:22:04 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-02-25 00:18:27 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-25 00:05:20 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-24 23:45:39 -------- d-----w- c:\docume~1\psyho\applic~1\AVG10
2011-02-24 22:58:47 -------- d-----w- c:\program files\common files\Windows Live
2011-02-24 22:58:34 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-02-24 22:58:34 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-02-24 22:58:09 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-24 22:58:07 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-24 22:58:06 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2011-02-24 22:58:06 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-02-24 22:58:02 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-24 22:58:00 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-02-24 22:57:53 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-02-24 22:57:53 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2011-02-24 22:57:53 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-02-24 22:57:47 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-02-24 22:57:47 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-02-24 22:57:39 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-02-24 22:57:39 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-02-24 22:57:30 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2011-02-24 22:57:30 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-02-24 22:57:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2011-02-24 22:57:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-02-24 22:57:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-24 22:56:03 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-02-24 22:56:03 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-02-24 22:55:58 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-02-24 22:55:45 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-02-24 22:55:45 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-02-24 22:55:43 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-02-24 22:54:13 -------- d-----w- c:\program files\AVG
2011-02-24 22:52:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-24 22:46:52 -------- d-----w- c:\windows\system32\PreInstall
2011-02-24 22:46:50 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-02-24 22:46:48 -------- d--h--w- c:\windows\$hf_mig$
2011-02-24 22:43:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-24 22:43:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-24 22:33:37 -------- d-----r- c:\program files\Skype
2011-02-24 22:31:37 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\Mozilla
2011-02-24 22:31:31 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2011-02-24 22:31:31 158720 ----a-w- c:\windows\system32\drivers\a347bus.sys
2011-02-24 22:31:22 -------- d-----w- c:\program files\Alcohol Soft
2011-02-24 22:30:29 -------- d-----w- c:\program files\Garena
2011-02-24 22:30:21 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 11
2011-02-24 22:30:15 -------- d-----w- c:\program files\Your Uninstaller! 2006 PRO
2011-02-24 22:27:08 -------- d-----w- c:\docume~1\psyho\applic~1\Malwarebytes
2011-02-24 22:26:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-24 22:26:09 -------- d-----w- c:\program files\VistaCodecPack
2011-02-24 22:24:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-24 22:23:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\GRETECH
2011-02-24 22:21:05 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-02-24 22:20:40 -------- d-----w- c:\program files\GRETECH

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15:52 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:15:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 15:30:29 369664 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 16:23:31.68 ===============

Here is Attach.txt log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2011 10:08:56 PM
System Uptime: 2/27/2011 3:53:56 PM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-K8N Ultra-9
Processor: AMD Athlon™ 64 Processor 3000+ | Socket 939 | 1809/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 14.8 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 51.654 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_B0041458&REV_02\4&13699180&0&4848
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_B0041458&REV_02\4&13699180&0&4848
Service:

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: a347bus

==== System Restore Points ===================

RP1: 2/24/2011 10:13:27 PM - System Checkpoint
RP2: 2/24/2011 10:26:32 PM - Installed Marvell Miniport Driver
RP3: 2/24/2011 10:29:24 PM - Installed Realtek AC'97 Audio
RP4: 2/24/2011 10:33:24 PM - Installed e-Messenger 112
RP5: 2/24/2011 10:36:35 PM - Update to an unsigned driver
RP6: 2/24/2011 11:26:04 PM - Installed Vista Codec Package.
RP7: 2/24/2011 11:31:21 PM - Installed Alcohol 120% Corporate
RP8: 2/24/2011 11:40:19 PM - Installed MSN Messenger 7.5
RP9: 2/24/2011 11:42:44 PM - Installed Java™ 6 Update 24
RP10: 2/24/2011 11:46:39 PM - Software Distribution Service 3.0
RP11: 2/24/2011 11:53:40 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP12: 2/24/2011 11:54:12 PM - Installed AVG 2011
RP13: 2/24/2011 11:55:28 PM - Installed AVG 2011
RP14: 2/25/2011 2:51:49 AM - Software Distribution Service 3.0
RP15: 2/25/2011 7:41:40 PM - Software Distribution Service 3.0
RP16: 2/26/2011 8:09:05 PM - Installed SPORE™ Creature Creator Trial Edition
RP17: 2/26/2011 8:34:39 PM - Removed AVG 2011
RP18: 2/26/2011 8:39:06 PM - Removed AVG 2011
RP19: 2/26/2011 8:45:33 PM - Removed SPORE™ Creature Creator Trial Edition
RP20: 2/26/2011 8:52:05 PM - avast! Internet Security Setup
RP21: 2/27/2011 3:00:33 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Alcohol 120% Corporate
ASIO4ALL
Ask Toolbar
Auto Hide IP
CCS64 V3.4
Conduit Engine
e-Messenger 112
ESET Online Scanner v3
FL Studio 9
Garena 2010
GOM Player
Hardcore
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
IL Download Manager
Java Auto Updater
Java™ 6 Update 24
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0b12 (x86 en-US)
MSVCRT
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
NVIDIA Drivers
PoiZone
Realtek AC'97 Audio
rgc:audio z3ta+ 1.5
Sawer
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
SIW version 2009-09-09
Skype Toolbars
Skype™ 5.1
Toxic Biohazard
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uTorrentBar Toolbar
Vista Codec Package
WebFldrs XP
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRar 3.70 Beta 4
Your Uninstaller! 2006 PRO_Vista Ready

==== Event Viewer Messages From Past Week ========

2/26/2011 9:51:27 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5DBC7EFF-942E-41E0-AAE5-59C7681A8CDA} because another computer on the network has the same name. The server could not start.
2/26/2011 9:44:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
2/26/2011 9:44:39 PM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/26/2011 4:51:43 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer GEORGE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5DBC7EFF-942E-41E0. The master browser is stopping or an election is being forced.
2/26/2011 4:51:43 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer GEORGE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0BDADFEF-D5C8-4FED. The master browser is stopping or an election is being forced.
2/26/2011 4:45:21 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.0.2. The machine with the IP address 192.168.0.1 did not allow the name to be claimed by this machine.
2/26/2011 4:43:14 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not allow the name to be claimed by this machine.
2/25/2011 8:13:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
2/25/2011 12:40:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/25/2011 12:40:03 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2011 1:33:27 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgfws service.
2/25/2011 1:10:08 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
2/24/2011 11:19:32 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:28 PM

Posted 06 March 2011 - 05:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 Psyho

Psyho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 06 March 2011 - 09:33 AM

Hello, and thank you for your time...

1. I have Windows XP Professional Version 2002 Service Pack 3
2. Yes, I have my installation CD

DDS log


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by PsYhO at 14:08:49.78 on Sun 03/06/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.382 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\Documents and Settings\PsYhO\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\psyho\applic~1\mozilla\firefox\profiles\7n9kt4tt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsle9845ffb;MpKsle9845ffb;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f38ef666-7f11-4da1-bd11-10d51203bf15}\MpKsle9845ffb.sys [2011-3-6 28752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-25 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-25 20952]
S1 MpKsl18242b75;MpKsl18242b75;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{868990c2-cfbb-4d23-91dd-14a6183df1d1}\mpksl18242b75.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{868990c2-cfbb-4d23-91dd-14a6183df1d1}\MpKsl18242b75.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [2011-2-24 616064]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2011-3-3 158720]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2011-3-3 5248]
.
=============== Created Last 30 ================
.
2011-03-06 13:03:37 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{f38ef666-7f11-4da1-bd11-10d51203bf15}\MpKsle9845ffb.sys
2011-03-06 12:55:02 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{f38ef666-7f11-4da1-bd11-10d51203bf15}\mpengine.dll
2011-03-04 23:31:24 -------- d-----w- c:\program files\JDownloader
2011-03-04 21:58:14 -------- d-----w- c:\program files\Hero Editor
2011-03-04 21:57:17 249856 ------w- c:\windows\Setup1.exe
2011-03-04 21:57:06 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-04 19:29:33 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-03-04 18:48:50 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-03-04 18:48:50 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-03-04 18:48:50 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-03-04 18:48:49 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-03-04 18:48:47 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-03-04 18:48:43 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-03-03 21:16:36 -------- d-----w- c:\program files\VirtualDJ
2011-03-03 11:28:13 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2011-03-03 11:28:13 158720 ----a-w- c:\windows\system32\drivers\a347bus.sys
2011-03-03 11:11:52 -------- d-----w- c:\program files\Alcohol Soft
2011-03-01 21:03:59 -------- d-----w- c:\program files\OCCT
2011-03-01 10:14:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks
2011-02-28 02:02:36 -------- d-----w- c:\windows\ie8updates
2011-02-27 22:50:33 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-27 22:50:29 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-27 22:50:29 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-27 22:50:22 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-27 22:50:12 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-27 22:50:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-27 21:07:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2011-02-27 21:07:03 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-02-27 21:06:31 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-27 21:06:12 -------- d-----w- c:\docume~1\psyho\applic~1\DAEMON Tools Lite
2011-02-27 21:00:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2011-02-27 21:00:12 -------- d-----w- c:\program files\DAEMON Tools Pro
2011-02-27 20:49:27 -------- d-----w- c:\docume~1\psyho\applic~1\DAEMON Tools Pro
2011-02-27 19:22:38 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-02-27 19:14:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-27 18:45:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-27 18:31:11 -------- d-----w- c:\windows\system32\appmgmt
2011-02-27 18:19:33 -------- d-----w- c:\program files\Trend Micro
2011-02-27 18:00:39 -------- d-----w- c:\program files\CCleaner
2011-02-27 16:16:54 -------- d-sh--w- c:\documents and settings\psyho\IETldCache
2011-02-27 16:07:24 -------- dc-h--w- c:\windows\ie8
2011-02-27 15:18:37 -------- d-----w- c:\windows\pss
2011-02-27 01:43:52 -------- d-----w- c:\program files\directx
2011-02-27 01:43:50 385100 ------w- c:\windows\system32\MSVCRTD.DLL
2011-02-27 01:43:49 516173 ------w- c:\windows\system32\MSVCP60D.DLL
2011-02-27 01:43:48 798773 ------w- c:\windows\system32\MFCO42D.DLL
2011-02-27 01:43:47 929844 ------w- c:\windows\system32\MFC42D.DLL
2011-02-27 00:57:15 -------- d-----w- c:\docume~1\psyho\applic~1\PriceGong
2011-02-27 00:53:44 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\AskToolbar
2011-02-26 23:28:45 -------- d-----w- c:\program files\ESET
2011-02-26 23:16:50 -------- d-----w- c:\program files\SIW
2011-02-26 22:33:30 98816 ----a-w- c:\windows\sed.exe
2011-02-26 22:33:30 89088 ----a-w- c:\windows\MBR.exe
2011-02-26 22:33:30 256512 ----a-w- c:\windows\PEV.exe
2011-02-26 22:33:30 161792 ----a-w- c:\windows\SWREG.exe
2011-02-26 21:34:06 -------- d-sha-r- C:\cmdcons
2011-02-26 20:59:33 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\Conduit
2011-02-26 20:59:29 -------- d-----w- c:\program files\Conduit
2011-02-26 20:59:09 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\uTorrentBar
2011-02-26 20:58:29 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\ConduitEngine
2011-02-26 20:58:08 -------- d-----w- c:\program files\ConduitEngine
2011-02-26 20:57:35 -------- d-----w- c:\program files\uTorrentBar
2011-02-26 20:57:35 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\Temp
2011-02-26 20:56:32 -------- d-----w- c:\program files\uTorrent
2011-02-26 19:53:06 38848 ----a-w- c:\windows\avastSS.scr
2011-02-26 19:52:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-26 19:43:09 -------- d-----w- c:\program files\Computerbrains
2011-02-26 19:41:44 306688 ----a-w- c:\windows\IsUninst.exe
2011-02-26 19:41:41 -------- d-----w- c:\documents and settings\psyho\WINDOWS
2011-02-26 19:26:07 -------- d-----w- c:\docume~1\psyho\applic~1\URSoft
2011-02-26 18:49:30 -------- d-----w- C:\oldgames
2011-02-26 18:32:02 -------- d-----w- c:\program files\DOSBox-0.72
2011-02-26 13:29:10 215920 ----a-w- c:\windows\system32\muweb.dll
2011-02-26 13:29:10 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-02-26 13:29:09 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-25 23:43:38 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\Native Instruments
2011-02-25 23:32:20 -------- d-----w- c:\program files\common files\Digidesign
2011-02-25 23:29:26 -------- d-----w- c:\program files\common files\Native Instruments
2011-02-25 23:29:25 -------- d-----w- c:\program files\Native Instruments
2011-02-25 23:28:34 17408 ------w- c:\windows\system32\minimp3.exe
2011-02-25 23:27:27 -------- d-----w- c:\program files\Cakewalk
2011-02-25 23:27:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cakewalk
2011-02-25 23:25:17 -------- d-----w- c:\program files\ASIO4ALL v2
2011-02-25 23:24:53 225280 ----a-w- c:\windows\system32\rewire.dll
2011-02-25 23:19:03 -------- d-----w- c:\program files\VstPlugins
2011-02-25 23:18:44 -------- d-----w- c:\program files\Outsim
2011-02-25 23:07:10 -------- d-----w- c:\program files\Image-Line
2011-02-25 21:39:06 -------- d-----w- c:\docume~1\psyho\applic~1\AutoHideIP
2011-02-25 21:39:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\AutoHideIP
2011-02-25 21:37:00 -------- d-----w- c:\program files\AutoHideIP
2011-02-25 21:28:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-25 21:28:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-25 21:28:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-25 21:06:31 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-02-25 19:06:12 -------- d-----w- c:\documents and settings\psyho\Tracing
2011-02-25 18:56:20 -------- d-----w- c:\program files\Microsoft
2011-02-25 18:55:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-25 18:49:39 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc2B.tmp
2011-02-25 01:57:59 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-02-25 00:22:04 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-25 00:22:04 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-02-25 00:18:27 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-25 00:05:20 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-24 22:58:47 -------- d-----w- c:\program files\common files\Windows Live
2011-02-24 22:58:34 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-02-24 22:58:34 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-02-24 22:58:09 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-24 22:58:07 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-24 22:58:06 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2011-02-24 22:58:06 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-02-24 22:58:02 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-24 22:58:00 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-02-24 22:57:53 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-02-24 22:57:53 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2011-02-24 22:57:53 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-02-24 22:57:47 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-02-24 22:57:47 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-02-24 22:57:39 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-02-24 22:57:39 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-02-24 22:57:30 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2011-02-24 22:57:30 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-02-24 22:57:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2011-02-24 22:57:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-02-24 22:56:03 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-02-24 22:56:03 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-02-24 22:55:58 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-02-24 22:55:45 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-02-24 22:55:45 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-02-24 22:55:43 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-02-24 22:52:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-24 22:46:52 -------- d-----w- c:\windows\system32\PreInstall
2011-02-24 22:46:50 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-02-24 22:46:48 -------- d--h--w- c:\windows\$hf_mig$
2011-02-24 22:43:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-24 22:43:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-24 22:33:37 -------- d-----r- c:\program files\Skype
2011-02-24 22:31:37 -------- d-----w- c:\docume~1\psyho\locals~1\applic~1\Mozilla
2011-02-24 22:30:29 -------- d-----w- c:\program files\Garena
2011-02-24 22:30:21 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 11
2011-02-24 22:30:15 -------- d-----w- c:\program files\Your Uninstaller! 2006 PRO
2011-02-24 22:27:08 -------- d-----w- c:\docume~1\psyho\applic~1\Malwarebytes
2011-02-24 22:26:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-24 22:26:09 -------- d-----w- c:\program files\VistaCodecPack
2011-02-24 22:24:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-24 22:23:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\GRETECH
2011-02-24 22:21:05 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-02-24 22:20:40 -------- d-----w- c:\program files\GRETECH
.
==================== Find3M ====================
.
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 14:10:49.48 ===============

Attach log


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2011 10:08:56 PM
System Uptime: 3/6/2011 2:00:07 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-K8N Ultra-9
Processor: AMD Athlon™ 64 Processor 3000+ | Socket 939 | 2070/230mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 17.997 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 19.901 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_B0041458&REV_02\4&13699180&0&4848
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_B0041458&REV_02\4&13699180&0&4848
Service:
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: a347bus
.
==== System Restore Points ===================
.
RP1: 2/24/2011 10:13:27 PM - System Checkpoint
RP2: 2/24/2011 10:26:32 PM - Installed Marvell Miniport Driver
RP3: 2/24/2011 10:29:24 PM - Installed Realtek AC'97 Audio
RP4: 2/24/2011 10:33:24 PM - Installed e-Messenger 112
RP5: 2/24/2011 10:36:35 PM - Update to an unsigned driver
RP6: 2/24/2011 11:26:04 PM - Installed Vista Codec Package.
RP7: 2/24/2011 11:31:21 PM - Installed Alcohol 120% Corporate
RP8: 2/24/2011 11:40:19 PM - Installed MSN Messenger 7.5
RP9: 2/24/2011 11:42:44 PM - Installed Java™ 6 Update 24
RP10: 2/24/2011 11:46:39 PM - Software Distribution Service 3.0
RP11: 2/24/2011 11:53:40 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP12: 2/24/2011 11:54:12 PM - Installed AVG 2011
RP13: 2/24/2011 11:55:28 PM - Installed AVG 2011
RP14: 2/25/2011 2:51:49 AM - Software Distribution Service 3.0
RP15: 2/25/2011 7:41:40 PM - Software Distribution Service 3.0
RP16: 2/26/2011 8:09:05 PM - Installed SPORE™ Creature Creator Trial Edition
RP17: 2/26/2011 8:34:39 PM - Removed AVG 2011
RP18: 2/26/2011 8:39:06 PM - Removed AVG 2011
RP19: 2/26/2011 8:45:33 PM - Removed SPORE™ Creature Creator Trial Edition
RP20: 2/26/2011 8:52:05 PM - avast! Internet Security Setup
RP21: 2/27/2011 3:00:33 AM - Software Distribution Service 3.0
RP22: 2/27/2011 4:44:29 PM - Software Distribution Service 3.0
RP23: 2/27/2011 7:19:31 PM - Installed HiJackThis
RP24: 2/27/2011 7:31:03 PM - Removed HiJackThis
RP25: 2/27/2011 7:34:24 PM - Software Distribution Service 3.0
RP26: 2/27/2011 8:14:06 PM - Software Distribution Service 3.0
RP27: 2/27/2011 9:24:44 PM - Removed Alcohol 120% Corporate
RP28: 2/27/2011 9:49:42 PM - SPTD setup V1.58
RP29: 2/28/2011 3:00:42 AM - Software Distribution Service 3.0
RP30: 2/28/2011 8:39:33 PM - Software Distribution Service 3.0
RP31: 3/1/2011 9:57:05 PM - Software Distribution Service 3.0
RP32: 3/2/2011 1:47:36 PM - Software Distribution Service 3.0
RP33: 3/3/2011 12:11:48 PM - Installed Alcohol 120%
RP34: 3/3/2011 12:22:28 PM - Removed Alcohol 120%
RP35: 3/3/2011 12:27:53 PM - Installed Alcohol 120% Corporate
RP36: 3/3/2011 10:28:22 PM - Software Distribution Service 3.0
RP37: 3/4/2011 8:04:33 PM - Installed FEAR
RP38: 3/4/2011 8:32:27 PM - Installed FEAR
RP39: 3/4/2011 8:38:51 PM - Installed DirectX 9.0
RP40: 3/4/2011 10:27:43 PM - Software Distribution Service 3.0
RP41: 3/6/2011 1:34:51 PM - Software Distribution Service 3.0
RP42: 3/6/2011 1:54:05 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Alcohol 120% Corporate
ASIO4ALL
Ask Toolbar
Auto Hide IP
CCleaner
CCS64 V3.4
Conduit Engine
DAEMON Tools Toolbar
e-Messenger 112
ESET Online Scanner v3
FEAR
FL Studio 9
Garena 2010
GOM Player
Half-Life 2 Ultimate Edition (build 7000)
Hardcore
Hero Editor V1.04
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
IL Download Manager
Java Auto Updater
Java™ 6 Update 24
JDownloader
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0b12 (x86 en-US)
MSVCRT
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
NVIDIA Drivers
OCCT Perestroika 3.1.0
PoiZone
Realtek AC'97 Audio
rgc:audio z3ta+ 1.5
Sawer
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
SIW version 2009-09-09
Skype Toolbars
Skype™ 5.1
Toxic Biohazard
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uTorrentBar Toolbar
Virtual DJ - Atomix Productions
Vista Codec Package
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRar 3.70 Beta 4
Your Uninstaller! 2006 PRO_Vista Ready
.
==== End Of File ===========================

Gmer

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-06 15:32:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 QUANTUM_FIREBALLlct20_30 rev.APL.0900
Running: gmer.exe; Driver: C:\DOCUME~1\PsYhO\LOCALS~1\Temp\ugtiypoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF64DD380, 0x346307, 0xE8000020]
? C:\DOCUME~1\PsYhO\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe[2276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe[4036] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10698A3E C:\Program Files\Mozilla Firefox 4.0 Beta 11\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe[4036] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106989D0 C:\Program Files\Mozilla Firefox 4.0 Beta 11\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe[4036] USER32.dll!GetWindowInfo 7E42C49C 2 Bytes JMP 104C2D69 C:\Program Files\Mozilla Firefox 4.0 Beta 11\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe[4036] USER32.dll!GetWindowInfo + 3 7E42C49F 2 Bytes [09, 92]
.text C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe[4036] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C3375 C:\Program Files\Mozilla Firefox 4.0 Beta 11\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Psyho

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:28 PM

Posted 06 March 2011 - 01:39 PM

Hi,

My name is Casey and I will be helping you with your malware problems.

As you may have noticed, I am currently in training which means that all of my responses will first be verified by a malware removal coach. As such, there may be a little delay in my responses to you. On the plus side, there will be two sets of eyes looking over your logs.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:28 PM

Posted 06 March 2011 - 03:33 PM

Hi,

Running ComboFix unsupervised is a very bad idea. It is an extremely powerful tool and can cause serious damage to your PC if used incorrectly. For more information about why we ask users not to run ComboFix by themselves, please see here.

However, since you have ran it, I would like to see the log it produced. Please find the log located at C:\ComboFix.txt and post it here for my review.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 Psyho

Psyho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 07 March 2011 - 02:01 PM

Here is Combofix log:

ComboFix 11-03-05.02 - PsYhO 03/07/2011 13:49:27.4.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.813 [GMT 1:00]
Running from: c:\documents and settings\PsYhO\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))
.
.
2011-02-26 18:49 . 2011-02-26 18:59 -------- d-----w- C:\oldgames
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 14:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 14:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-04-14 14:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 14:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2008-04-14 14:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2008-04-14 14:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2008-04-14 14:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2008-04-14 14:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 14:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 14:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-04-14 14:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2008-04-14 14:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2008-04-14 00:01 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-03-06_17.58.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-06 22:06 . 2011-03-06 22:06 49152 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe
- 2011-03-03 11:28 . 2011-03-03 11:28 49152 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe
+ 2011-03-06 22:06 . 2004-04-30 08:33 5248 c:\windows\system32\drivers\a347scsi.sys
- 2011-03-03 11:28 . 2004-04-30 08:33 5248 c:\windows\system32\drivers\a347scsi.sys
+ 2011-03-06 22:06 . 2011-03-06 22:06 5120 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe
- 2011-03-03 11:28 . 2011-03-03 11:28 5120 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe
+ 2011-03-06 22:06 . 2004-08-23 12:20 158720 c:\windows\system32\drivers\a347bus.sys
- 2011-03-03 11:28 . 2004-08-23 12:20 158720 c:\windows\system32\drivers\a347bus.sys
+ 2011-03-06 22:06 . 2011-03-06 22:06 962560 c:\windows\Installer\323e52.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Hide IP]
2011-02-25 21:38 3737840 ----a-w- c:\program files\AutoHideIP\AutoHideIP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 00:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\CS 1.6 v42 FULL\\hl.exe"=
"d:\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Half-Life 2 Ultimate Edition 7\\Engine3\\hl2.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3/6/2011 11:06 PM 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3/6/2011 11:06 PM 5248]
S1 MpKsl18242b75;MpKsl18242b75;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{868990C2-CFBB-4D23-91DD-14A6183DF1D1}\MpKsl18242b75.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{868990C2-CFBB-4D23-91DD-14A6183DF1D1}\MpKsl18242b75.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/25/2011 10:28 PM 363344]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/25/2011 10:28 PM 20952]
S3 Normandy;Normandy SR2; [x]
S3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [2/24/2011 10:33 PM 616064]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
FF - ProfilePath - c:\documents and settings\PsYhO\Application Data\Mozilla\Firefox\Profiles\7n9kt4tt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-07 13:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(988)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-03-07 13:58:50
ComboFix-quarantined-files.txt 2011-03-07 12:58
ComboFix2.txt 2011-03-06 18:03
ComboFix3.txt 2011-02-26 22:21
.
Pre-Run: 19,875,332,096 bytes free
Post-Run: 19,867,381,760 bytes free
.
- - End Of File - - F5962BF1E1642A65382444BE9FBC46A0

#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:28 PM

Posted 10 March 2011 - 03:44 AM

Hi,

From your logs there appears to be no serious problems - ComboFix didn't remove anything either.

There are some programs of concern which I will suggest you uninstall via Add/Remove programs, but other than that your PC seems fine.

:step1:Uninstall programs
Ask Toolbar
Conduit Engine
uTorrentBar Toolbar


  • Ask Toolbar is considered as foistware rather than malware since it is often installed without users approval but doesn't spy or do anything "bad". This changed from what we know as stated in the following articles:

    http://www.benedelman.org/spyware/ask-toolbars/
    http://vil.nai.com/vil/content/v_185490.htm
  • Conduit Engine. The Conduit family of toolbars are reputed to have a certain trackware functionality and it is therefore recommended that you uninstall this program.
  • uTorrentBar Toolbar. Your log(s) show that you are using so called peer-to-peer or file-sharing program(s) (in your case uTorrentBar Toolbar). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

    It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    I strongly recommend that you uninstall these programs, however, should you decide to keep this program please refrain from using it until we get your computer clean and always show caution in any files you download.


:step2: Run an online scan
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


:step3: Run a scan with Malware Byte's Anti-Malware
Please update and then run a Quick Scan with MBAM. Then post me the resultant log.


Other than your speed issues, are you noticing any other problems?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:28 PM

Posted 13 March 2011 - 12:11 PM

Hi,

This is a 3 day bump.

Hopefully you're still with us but please be aware that if there is no reply within two days, then this topic will be closed as stale.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 Psyho

Psyho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 14 March 2011 - 02:16 PM

Hello, sorry for late... :wink:

MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6046

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/14/2011 2:39:56 PM
mbam-log-2011-03-14 (14-39-56).txt

Scan type: Quick scan
Objects scanned: 144656
Time elapsed: 15 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=79211a985e08a44991f3275ac1280839
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-27 01:56:49
# local_time=2011-02-27 02:56:49 (+0100, Central Europe Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=770 16774141 100 100 13680 75470207 0 0
# compatibility_mode=1024 16777215 100 0 179482 179482 0 0
# compatibility_mode=8192 67108863 100 0 4610 4610 0 0
# scanned=65139
# found=17
# cleaned=17
# scan_time=7875
C:\Program Files\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{38A2009D-B987-4F0D-89F7-C886E342DDEB}\RP20\A0007240.exe a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{38A2009D-B987-4F0D-89F7-C886E342DDEB}\RP20\A0007241.dll a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{38A2009D-B987-4F0D-89F7-C886E342DDEB}\RP20\A0007242.sys a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{38A2009D-B987-4F0D-89F7-C886E342DDEB}\RP20\A0007243.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{38A2009D-B987-4F0D-89F7-C886E342DDEB}\RP20\A0007244.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\desktop\Wazuup!!!!!!!!!!!!\Install\acid pro 7\faXcooL - First Aid.exe a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\desktop\Wazuup!!!!!!!!!!!!\Install\acid pro 7\Sony.ACIDPRO.7.0.By.Uploader.rar a variant of Win32/Keygen.AR application (deleted - quarantined) 00000000000000000000000000000000 C
D:\desktop\Wazuup!!!!!!!!!!!!\Install\CheatEngine561\CheatEngine561.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\desktop\Wazuup!!!!!!!!!!!!\Install\Network Magic\patch\Patch.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\FL Studio 9 XXL Producer Edition\FL Studio 9 XXL Producer Edition.rar Win32/BadJoke.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\FL Studio 9 XXL Producer Edition\FL9_patch_UNiON.exe Win32/BadJoke.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\vin\!Crack!\WPA Kill\WPA_Kill.exe a variant of Win32/HackTool.Patcher.O application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=79211a985e08a44991f3275ac1280839
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-14 06:10:58
# local_time=2011-03-14 07:10:58 (+0100, Central Europe Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1283603 1283603 0 0
# compatibility_mode=768 16777215 100 0 1282374 1282374 0 0
# compatibility_mode=5891 16776533 42 87 9723 12158838 0 0
# compatibility_mode=8192 67108863 100 0 1351451 1351451 0 0
# scanned=70569
# found=1
# cleaned=1
# scan_time=15494
C:\System Volume Information\_restore{38A2009D-B987-4F0D-89F7-C886E342DDEB}\RP65\A0051124.exe a variant of Win32/Keygen.AQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Psyho

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:28 PM

Posted 15 March 2011 - 10:42 AM

Hi,

As you can see your MBAM log came back clean :thumbsup: However, your ESET scan has brought something to my attention.

BleepingComputer's Policy on Cracks/Keygens/Warez

BleepingComputer's Board Rules explicitly forbid the use of Cracks/Keygens/Warez on any user's PC.

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.



In your case, the last sentence specifically applies. In addition to being illegal, cracked software and/or keygens often bundle malware into their installers. I must therefore ask you to uninstall and remove all cracked software and any keygens or warez you may have on your PC.


The ESET log also shows that your system restore points have been infected - though they are not an active threat, it will be best to clean them out. If you wish to continue with the cleaning process then please remove the offending software and let me know.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 Psyho

Psyho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 16 March 2011 - 03:02 PM

Problem solved, I reinstalled my system, thanks for your help!!!!!!

Edited by Psyho, 16 March 2011 - 03:23 PM.


#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 18 March 2011 - 11:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users