Gala

Members

View Profile See their activity

Posts
8
Joined
August 26, 2009
Last visited
August 15, 2011

Reputation

0 Neutral

Malwarebytes and other scanners getting blocked by virus.

Gala replied to Gala's topic in Resolved Malware Removal Logs

Thanks for the help Katana! Everything is good now.
- September 2, 2009
- 13 replies
Malwarebytes and other scanners getting blocked by virus.

Gala replied to Gala's topic in Resolved Malware Removal Logs

Combofix Log ComboFix 09-08-31.03 - Owen 2009/08/31 16:11.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.2046.1496 [GMT -7:00] Running from: c:\documents and settings\Owen\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owen\Desktop\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\system32\dllcache\eventlog.dll --> c:\windows\system32\eventlog.dll . ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 ))))))))))))))))))))))))))))))) . 2009-08-29 23:30 . 2009-08-29 23:30 -------- d-----w- C:\rsit 2009-08-29 23:30 . 2009-08-29 23:30 -------- d-----w- c:\program files\trend micro 2009-08-26 21:15 . 2009-08-26 21:15 -------- d-----w- c:\program files\Apple Pie 2009-08-26 20:58 . 2009-08-26 20:58 -------- d-----w- c:\windows\system32\wbem\Repository 2009-08-26 20:08 . 2009-08-26 20:57 -------- d-----w- c:\documents and settings\Owen\.housecall6.6 2009-08-26 19:04 . 2009-08-27 02:03 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-08-26 19:04 . 2009-08-26 19:04 -------- d-----w- c:\program files\AV Vcs 5.0 DIAMOND 2009-08-26 10:27 . 2009-08-26 19:04 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND(2) 2009-08-26 07:26 . 2009-08-26 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-26 07:26 . 2009-08-26 07:26 -------- d-----w- c:\documents and settings\Owen\Application Data\SUPERAntiSpyware.com 2009-08-26 07:22 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-08-26 07:22 . 2009-08-26 07:22 -------- d-----w- c:\program files\Panda Security 2009-08-26 02:40 . 2009-08-29 21:56 -------- d-----w- c:\windows\svhost 2009-08-25 01:19 . 2009-08-31 04:51 -------- d-----w- C:\vcs5BGEffects 2009-08-25 01:19 . 2009-08-25 01:19 -------- d-----w- C:\vcs5core 2009-08-25 01:19 . 2009-08-25 01:19 -------- d-----w- C:\AV_LOGS 2009-08-24 07:24 . 2009-08-24 07:25 -------- d-----w- c:\documents and settings\Owen\Application Data\Ventrilo 2009-08-24 07:22 . 2009-08-24 07:22 -------- d-----w- c:\program files\Ventrilo 2009-08-16 19:42 . 2009-08-16 19:42 -------- d-----w- c:\program files\THQICE 2009-08-16 17:58 . 2009-08-16 17:58 -------- d-----w- c:\program files\CiB Net Station 2009-08-11 19:38 . 2009-08-11 19:38 82774 ----a-w- c:\windows\Uninstall Jade Empire.exe 2009-08-11 19:09 . 2009-08-11 20:09 -------- d-----w- c:\program files\Jade Empire 2009-08-11 01:05 . 2009-08-16 19:35 -------- d-----w- c:\program files\Activision 2009-08-06 18:13 . 2009-08-06 18:13 -------- d-----w- c:\program files\FLV Player 2009-08-06 17:21 . 2009-08-06 17:38 -------- d-s---w- C:\Combo-Fix 2009-08-06 17:01 . 2009-08-06 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-06 17:00 . 2009-08-06 17:00 152576 ----a-w- c:\documents and settings\Owen\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-06 01:21 . 2009-08-06 01:21 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-06 01:17 . 2009-08-06 01:17 -------- d-----w- c:\program files\Common Files\xing shared 2009-08-06 01:17 . 2009-08-06 08:31 -------- d-----w- c:\program files\Common Files\Real 2009-08-06 01:17 . 2009-08-06 01:17 -------- d-----w- c:\program files\Real . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-31 23:13 . 2008-09-10 22:07 -------- d-----w- c:\documents and settings\Owen\Application Data\DNA 2009-08-31 05:00 . 2008-09-10 22:07 -------- d-----w- c:\documents and settings\Owen\Application Data\BitTorrent 2009-08-29 23:28 . 2008-07-03 19:19 -------- d-----w- c:\program files\Steam 2009-08-29 23:28 . 2008-09-10 22:07 -------- d-----w- c:\program files\DNA 2009-08-29 21:46 . 2009-03-22 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-29 19:34 . 2009-03-22 02:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-26 19:21 . 2009-02-12 04:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-26 19:09 . 2008-06-26 23:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-26 05:24 . 2008-09-20 00:08 -------- d-----w- c:\documents and settings\Owen\Application Data\GetRightToGo 2009-08-16 19:35 . 2008-06-26 22:42 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-14 00:38 . 2008-07-01 00:36 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2009-08-14 00:38 . 2008-07-01 00:36 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2009-08-14 00:38 . 2008-07-01 00:36 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2009-08-14 00:38 . 2008-07-01 00:36 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2009-08-14 00:38 . 2008-07-01 00:36 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2009-08-14 00:38 . 2008-07-01 00:36 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2009-08-14 00:19 . 2008-12-21 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-08-06 17:00 . 2008-07-10 03:07 -------- d-----w- c:\program files\Java 2009-08-06 01:25 . 2009-05-07 01:03 -------- d-----w- c:\program files\Persona 2009-08-06 01:17 . 2008-07-14 02:24 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-06 01:17 . 2003-08-28 11:43 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-08-05 03:21 . 2008-10-12 04:07 -------- d-----w- c:\program files\PeerGuardian2 2009-08-03 20:36 . 2009-02-12 04:19 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2009-02-12 04:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-28 07:54 . 2009-07-28 07:54 -------- d-----w- c:\documents and settings\Owen\Application Data\RenPy 2009-07-25 00:52 . 2009-07-25 00:52 -------- d-----w- c:\documents and settings\Owen\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 2009-07-24 22:05 . 2009-07-24 22:05 56 --sh--r- c:\windows\system32\787CE2ABF3.sys 2009-07-24 22:05 . 2009-07-24 22:05 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-07-24 15:26 . 2009-07-24 15:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-24 15:25 . 2008-07-19 19:55 38208 ----a-w- c:\documents and settings\Owen\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-07-20 07:17 . 2009-07-20 07:17 -------- d-----w- c:\program files\Eushully 2009-07-13 03:39 . 2009-07-13 03:39 -------- d-----w- c:\program files\Enterbrain 2009-07-13 03:38 . 2009-07-13 03:38 -------- d-----w- c:\program files\Common Files\Enterbrain 2009-06-27 18:55 . 2009-06-05 08:01 25 ----a-w- c:\windows\popcinfot.dat 2009-06-23 01:49 . 2009-06-23 01:49 2238 ----a-r- c:\documents and settings\Owen\Application Data\Microsoft\Installer\{F1757132-F436-4FCB-8A4A-3438CE333A7D}\_4FD69CC5689BDA0580DB6A.exe 2009-06-23 01:49 . 2009-06-23 01:49 2238 ----a-r- c:\documents and settings\Owen\Application Data\Microsoft\Installer\{F1757132-F436-4FCB-8A4A-3438CE333A7D}\_21F066876BD0F768612CBC.exe 2009-05-31 14:25 . 2009-05-31 13:03 19104 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2009-05-31 14:25 . 2009-05-31 13:03 105632 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2009-05-31 13:51 . 2009-05-31 13:03 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2009-05-31 13:03 . 2009-05-31 13:03 99216 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\svhost ---- ((((((((((((((((((((((((((((( SnapShot@2009-08-06_17.36.50 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-04 08:56 . 2004-08-04 08:56 55808 c:\windows\system32\logevent.dll + 2009-08-26 07:11 . 2009-08-26 20:58 149092 c:\windows\system32\Restore\rstrlog.dat + 2009-08-25 11:12 . 2009-08-25 11:12 253952 c:\windows\system32\config\systemprofile\ntuser.dat + 2009-08-24 07:22 . 2009-08-24 07:22 683520 c:\windows\Installer\5a870242.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2009-06-12 1217784] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-05 307200] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-26 16264192] c:\documents and settings\Owen\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-2-15 575488] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-17 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [bU] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Steam\\SteamApps\\owenlin0\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56252:TCP"= 56252:TCP:Pando Media Booster "56252:UDP"= 56252:UDP:Pando Media Booster "<NO NAME>"= "57268:TCP"= 57268:TCP:Pando Media Booster "57268:UDP"= 57268:UDP:Pando Media Booster "56110:TCP"= 56110:TCP:Pando Media Booster "56110:UDP"= 56110:UDP:Pando Media Booster "8395:TCP"= 8395:TCP:League of Legends Launcher "8395:UDP"= 8395:UDP:League of Legends Launcher "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8399:TCP"= 8399:TCP:League of Legends Launcher "8399:UDP"= 8399:UDP:League of Legends Launcher "57618:TCP"= 57618:TCP:Pando Media Booster "57618:UDP"= 57618:UDP:Pando Media Booster S3 cpuz130;cpuz130;\??\c:\docume~1\Owen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Owen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?] S3 HookProtect;HookProtect;\??\c:\steps\element\HookProtect.sys --> c:\steps\element\HookProtect.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007/11/06 13:22 34064] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?] S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-08-29 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 02:35] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab FF - ProfilePath - c:\documents and settings\Owen\Application Data\Mozilla\Firefox\Profiles\hp1d7d8c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Owen\Application Data\Mozilla\Firefox\Profiles\hp1d7d8c.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMXENG.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: browser.sessionstore.resume_from_crash - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-31 16:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-1292428093-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\q0・`0`0・q0\T嶐l\sYM0・・h0U0・・F*E*] "Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,80,00, 00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\ [HKEY_USERS\S-1-5-21-299502267-1292428093-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "?慴"=hex:a9,93,2a,e4,5d,a6,c2,59,0d,a5,5c,65,4c,2e,e2,bb,72,57,ae,d5,96,03,68, 82,07,48,1f,77,f3,2a,47,6f,0c,87,4c,66,67,72,ba,b0,1a,94,55,e9,e3,58,7d,45,\ "?祥"=hex:19,3c,84,c5,24,52,dd,2b,e5,7b,5e,f4,e3,b2,65,18 [HKEY_USERS\S-1-5-21-299502267-1292428093-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:9e,11,bc,0f,c1,3b,25,56,cb,57,2c,91,c4,5c,53,52,56,4d,2f,42,83, 01,d6,96,dd,55,fe,e4,59,07,61,f8,70,6f,ea,df,e0,87,48,da,c1,31,37,39,7f,5b,\ "rkeysecu"=hex:d0,3d,a8,04,05,f6,b6,6e,4a,da,2a,eb,88,43,cd,b2 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3868) c:\program files\Pure Networks\Network Magic\nmrsrc.dll . Completion time: 2009-08-31 16:20 ComboFix-quarantined-files.txt 2009-08-31 23:20 ComboFix2.txt 2009-08-29 22:05 ComboFix3.txt 2009-08-28 22:05 ComboFix4.txt 2009-08-06 17:38 Pre-Run: 1,425,444,864 bytes free Post-Run: 1,394,647,040 bytes free 267 --- E O F --- 2008-12-13 18:13 +++++++++++++++++++++++++++++++++++++ Kaspersky Scan Report -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, August 31, 2009 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, September 01, 2009 01:13:20 Records in database: 2732840 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ O:\ Scan statistics: Objects scanned: 150700 Threats found: 4 Infected objects found: 4 Suspicious objects found: 0 Scan duration: 03:21:07 File name / Threat / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hjgruimwmuqiyp.sys.vir Infected: Trojan.Win32.TDSS.aowv 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruicjskbaom.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\I\resycled\boot.com.vir Infected: Packed.Win32.Tdss.c 1 C:\Qoobox\Quarantine\[4]-Submit_2009-08-29_14.49.10.zip Infected: Trojan-PSW.Win32.Multi.w 1 Selected area has been scanned.
- September 1, 2009
- 13 replies
Malwarebytes and other scanners getting blocked by virus.

Gala replied to Gala's topic in Resolved Malware Removal Logs

RSIT "log" Logfile of random's system information tool 1.06 (written by random/random) Run by Owen at 2009-08-29 16:30:46 Microsoft Windows XP Professional Service Pack 2 System drive C: has 2 GB (2%) free of 114 GB Total RAM: 2046 MB (76% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:30:51, on 2009/08/29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\DNA\btdna.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Nexon\Mabinogi\npkcmsvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Owen\Desktop\RSIT.exe C:\Program Files\trend micro\Owen.exe R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - http://ll.g.gametap.com/static/cab_headles...pWebUpdater.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8850 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Click Maintenance.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}] AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2008-10-21 111400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}] AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688] {61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-26 16264192] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048] "EPSON Stylus Photo R320 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE [2004-04-26 98304] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2007-03-14 321088] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440] "ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2007-10-04 307200] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=C:\Program Files\Steam\Steam.exe [2009-06-12 1217784] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] "Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-18 49968] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032] "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216] "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-15 342848] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE C:\Documents and Settings\Owen\Start Menu\Programs\Startup MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "C:\Program Files\Steam\SteamApps\owenlin0\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\owenlin0\team fortress 2\hl2.exe:*:Enabled:hl2" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services" "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe" "C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services" "C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application" "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services" "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" ======List of files/folders created in the last 1 months====== 2009-08-29 16:30:46 ----D---- C:\rsit 2009-08-29 16:30:46 ----D---- C:\Program Files\trend micro 2009-08-29 15:05:17 ----A---- C:\ComboFix.txt 2009-08-29 14:56:55 ----D---- C:\WINDOWS\temp 2009-08-29 14:48:22 ----A---- C:\WINDOWS\zip.exe 2009-08-29 14:48:22 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-29 14:48:22 ----A---- C:\WINDOWS\SWSC.exe 2009-08-29 14:48:22 ----A---- C:\WINDOWS\SWREG.exe 2009-08-29 14:48:22 ----A---- C:\WINDOWS\sed.exe 2009-08-29 14:48:22 ----A---- C:\WINDOWS\PEV.exe 2009-08-29 14:48:22 ----A---- C:\WINDOWS\grep.exe 2009-08-28 14:40:25 ----A---- C:\avenger log.txt 2009-08-26 14:15:48 ----D---- C:\Program Files\Apple Pie 2009-08-26 12:04:31 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND 2009-08-26 12:04:26 ----D---- C:\Program Files\AV Vcs 5.0 DIAMOND 2009-08-26 11:26:11 ----SHD---- C:\Config.Msi 2009-08-26 03:27:37 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND(2) 2009-08-26 00:26:29 ----D---- C:\Program Files\SUPERAntiSpyware 2009-08-26 00:26:29 ----D---- C:\Documents and Settings\Owen\Application Data\SUPERAntiSpyware.com 2009-08-26 00:22:25 ----D---- C:\Program Files\Panda Security 2009-08-25 19:40:37 ----D---- C:\WINDOWS\svhost 2009-08-24 18:19:07 ----D---- C:\vcs5BGEffects 2009-08-24 18:19:04 ----D---- C:\vcs5core 2009-08-24 18:19:04 ----D---- C:\AV_LOGS 2009-08-24 00:24:06 ----D---- C:\Documents and Settings\Owen\Application Data\Ventrilo 2009-08-24 00:22:31 ----D---- C:\Program Files\Ventrilo 2009-08-24 00:22:29 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2009-08-16 12:42:21 ----D---- C:\Program Files\THQICE 2009-08-16 10:58:41 ----D---- C:\Program Files\CiB Net Station 2009-08-11 12:38:04 ----A---- C:\WINDOWS\Uninstall Jade Empire.exe 2009-08-11 12:09:56 ----D---- C:\Program Files\Jade Empire 2009-08-10 18:05:30 ----D---- C:\Program Files\Activision 2009-08-06 11:13:11 ----D---- C:\Program Files\FLV Player 2009-08-06 10:21:30 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-06 10:21:16 ----SD---- C:\Combo-Fix 2009-08-06 10:20:37 ----D---- C:\WINDOWS\ERDNT 2009-08-06 10:20:22 ----AD---- C:\Qoobox 2009-08-06 10:01:12 ----A---- C:\WINDOWS\system32\javaws.exe 2009-08-06 10:01:12 ----A---- C:\WINDOWS\system32\javaw.exe 2009-08-06 10:01:12 ----A---- C:\WINDOWS\system32\java.exe 2009-08-06 10:01:12 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-08-05 18:17:25 ----D---- C:\Program Files\Common Files\xing shared 2009-08-05 18:17:08 ----D---- C:\Program Files\Real 2009-08-05 18:17:08 ----D---- C:\Program Files\Common Files\Real ======List of files/folders modified in the last 1 months====== 2009-08-29 16:30:46 ----RD---- C:\Program Files 2009-08-29 16:29:17 ----D---- C:\Program Files\Mozilla Firefox 2009-08-29 16:28:36 ----D---- C:\Program Files\Steam 2009-08-29 16:28:35 ----D---- C:\Program Files\DNA 2009-08-29 16:28:35 ----D---- C:\Documents and Settings\Owen\Application Data\DNA 2009-08-29 16:27:59 ----D---- C:\WINDOWS\system32\drivers 2009-08-29 16:27:17 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-29 15:05:19 ----D---- C:\WINDOWS\system32 2009-08-29 15:04:16 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-29 14:59:44 ----D---- C:\WINDOWS 2009-08-29 14:59:44 ----A---- C:\WINDOWS\system.ini 2009-08-29 14:57:13 ----D---- C:\WINDOWS\system32\config 2009-08-29 14:54:11 ----D---- C:\WINDOWS\AppPatch 2009-08-29 14:53:53 ----D---- C:\Program Files\Common Files 2009-08-29 14:46:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-29 12:34:33 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-08-29 12:30:17 ----D---- C:\WINDOWS\Prefetch 2009-08-28 15:04:54 ----SD---- C:\WINDOWS\Tasks 2009-08-28 14:57:06 ----SHD---- C:\WINDOWS\Installer 2009-08-28 14:46:36 ----D---- C:\WINDOWS\system32\xircom 2009-08-28 14:46:36 ----D---- C:\WINDOWS\system32\wins 2009-08-28 14:46:36 ----D---- C:\WINDOWS\system32\Temp 2009-08-28 14:46:36 ----D---- C:\WINDOWS\system32\ShellExt 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\Lang 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\inetsrv 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\export 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\dhcp 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\CatRoot_bak 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\3com_dmi 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\3076 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\2052 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\1054 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\1042 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\1041 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\1037 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\1031 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\1028 2009-08-28 14:46:35 ----D---- C:\WINDOWS\system32\1025 2009-08-28 14:44:00 ----HD---- C:\WINDOWS\msdownld.tmp 2009-08-28 14:43:52 ----SHD---- C:\WINDOWS\ftpcache 2009-08-28 14:43:50 ----D---- C:\WINDOWS\Connection Wizard 2009-08-28 14:43:50 ----D---- C:\WINDOWS\Config 2009-08-28 14:43:48 ----D---- C:\WINDOWS\addins 2009-08-26 13:58:21 ----D---- C:\WINDOWS\system32\wbem 2009-08-26 13:58:20 ----D---- C:\WINDOWS\Registration 2009-08-26 12:58:08 ----D---- C:\Documents and Settings\Owen\Application Data\BitTorrent 2009-08-26 12:21:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-26 12:09:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-08-26 00:22:38 ----HD---- C:\WINDOWS\inf 2009-08-26 00:11:54 ----D---- C:\WINDOWS\system32\Restore 2009-08-25 22:24:57 ----D---- C:\Documents and Settings\Owen\Application Data\GetRightToGo 2009-08-24 23:54:22 ----D---- C:\WINDOWS\Help 2009-08-22 04:16:47 ----A---- C:\WINDOWS\NeroDigital.ini 2009-08-18 16:36:30 ----A---- C:\WINDOWS\kgt2k.INI 2009-08-16 12:35:43 ----HD---- C:\Program Files\InstallShield Installation Information 2009-08-16 11:15:10 ----SD---- C:\Documents and Settings\Owen\Application Data\Microsoft 2009-08-13 18:38:14 ----D---- C:\Nexon 2009-08-13 17:19:48 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files 2009-08-06 10:37:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-06 10:35:38 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-08-06 10:00:23 ----D---- C:\Program Files\Java 2009-08-06 01:31:26 ----D---- C:\Documents and Settings\Owen\Application Data\Real 2009-08-05 18:25:14 ----D---- C:\Program Files\Persona 2009-08-05 18:17:10 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-08-05 18:17:10 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-08-04 20:21:04 ----D---- C:\Program Files\PeerGuardian2 2009-07-31 20:15:52 ----D---- C:\David ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2002-08-29 12160] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292] R2 pnarp;Network Magic Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2007-03-23 25792] R2 purendis;Network Magic Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2007-03-23 26944] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568] R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2009-02-03 170496] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2002-08-29 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-26 4381184] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-08-29 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] S2 npkcrypt;npkcrypt; \??\C:\Nexon\Mabinogi\npkcrypt.sys [] S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128] S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912] S3 awck15e1;awck15e1; C:\WINDOWS\system32\drivers\awck15e1.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Owen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 HookProtect;HookProtect; \??\C:\STEPS\element\HookProtect.sys [] S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 npkcusb;npkcusb; \??\C:\Nexon\Mabinogi\npkcusb.sys [] S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys [] S3 XDva208;XDva208; \??\C:\WINDOWS\system32\XDva208.sys [] S3 XDva215;XDva215; \??\C:\WINDOWS\system32\XDva215.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-06 153376] R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088] R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-14 66872] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152] R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-14 655624] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-04-19 2784285] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- ++++++++++++++++++++++++++++++++++++++++++++++++ RSIT "info" info.txt logfile of random's system information tool 1.06 2009-08-29 16:30:53 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe" Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07} Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} AGEIA PhysX v7.05.17-->MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D} AIM 6-->C:\Program Files\AIM6\uninst.exe AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe" Any Video Converter 2.6.5-->"C:\Program Files\Any Video Converter\unins000.exe" Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6946 ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AV Voice Changer Software DIAMOND 6.0-->C:\PROGRA~1\AVVCS6~2.0D~\UNWISE.EXE C:\PROGRA~1\AVVCS6~2.0D~\INSTALL.LOG AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Blaze Media Pro-->"C:\Documents and Settings\All Users\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE Blaze Media Pro-->C:\Documents and Settings\All Users\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}\setup_blazemp.exe Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C} Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Debut Video Capture Software-->C:\Program Files\NCH Software\Debut\uninst.exe Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe Dragonica Online - Open Beta Test-->"C:\Program Files\THQICE\Dragonica Online - Open Beta Test\unins000.exe" dvdSanta 4.50-->"C:\Program Files\dvdSanta\unins000.exe" EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R Finale NotePad 2008-->C:\Program Files\Finale NotePad 2008\uninstallNP.exe FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe Fraps-->"C:\Fraps\uninstall.exe" FrostWire 4.13.5-->C:\Program Files\FrostWire\Uninstall.exe Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe" iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0} Jade Empire-->C:\WINDOWS\Uninstall Jade Empire.exe Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG K-Lite Mega Codec Pack 3.6.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lightning Warrior Raidy-->C:\WINDOWS\unvise32.exe C:\Program Files\G-Collections\uninstal.log Magic DVD Ripper V4.2.4-->"C:\Program Files\MagicDVDRipper\unins000.exe" Magic ISO Maker v5.4 (build 0247)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~2\UNWISE.EXE C:\PROGRA~1\MAGICD~2\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Apple Pie\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6} Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7} Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MPlugin-->"C:\Program Files\InstallShield Installation Information\{6102D63A-9387-4FC8-98E4-181121F8C0BA}\setup.exe" -runfromtemp -l0x0009 -removeonly MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Nero 6 Demo-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Network Magic-->MsiExec.exe /X{D5773BFA-5967-4A1C-AD0F-FFFD0D13FC36} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe" PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3} PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly RGSS-RTP Standard-->"C:\Program Files\Common Files\Enterbrain\RGSS\Standard\unins000.exe" RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7} Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A} Rosetta Stone Version 3-->MsiExec.exe /X{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD} RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C} RPGツクール2000 ランタイムパッケージ-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33F7A957-A66D-45A1-BADF-6576083B14E2}\setup.exe" S4 League-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}\setup.exe" -l0x9 Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Sonocaddie-->MsiExec.exe /I{B79AA6EB-103F-4426-8BD2-2BD18F75F1B0} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} Ulead VideoStudio 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9 Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" UTAU 歌声合成ツール-->MsiExec.exe /I{F1757132-F436-4FCB-8A4A-3438CE333A7D} Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Video Capture USB-->MsiExec.exe /I{D5D52242-0767-4A6E-8A8A-B5CB8015E9BF} VideoPad Video Editor-->C:\Program Files\NCH Software\VideoPad\uninst.exe Videora iPod Converter 4.02-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe WinAce Archiver 2.0-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (03/23/2007 4.1.7082.0)-->rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pnarp_5F686DCD97D2EA9F74BD89FAA7E73B89CD47B120\pnarp.inf Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (03/23/2007 4.1.7082.0)-->rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\purendis_9DF8D460DEEF667AF7B1AA85404140673EC025C2\purendis.inf Windows Driver Package - Roxio Technology (USB28xxBGA) Media (11/14/2008 5.8.0912.1114)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\embda_1A7788FE663BC9769EC470AD8D57DE8E85CC69FB\embda.inf Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe Wireshark 1.0.8-->"C:\Program Files\Wireshark\uninstall.exe" Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE YouTube Downloader App 1.01-->C:\Program Files\Red Kawa\Downloader App\uninstaller.exe ヒロインズナイトメア 1plus2-->MsiExec.exe /I{B28A7A3C-49AD-43C2-AE92-0278B34931D8} ======System event log====== Computer Name: CENTURION Event Code: 10010 Message: The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout. Record Number: 59 Source Name: DCOM Time Written: 20090826021135.000000-420 Event Type: error User: CENTURION\Owen Computer Name: CENTURION Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 48 Source Name: Tcpip Time Written: 20090826002556.000000-420 Event Type: warning User: Computer Name: CENTURION Event Code: 7000 Message: The npkcrypt service failed to start due to the following error: The system cannot find the file specified. Record Number: 30 Source Name: Service Control Manager Time Written: 20090826001427.000000-420 Event Type: error User: Computer Name: CENTURION Event Code: 7000 Message: The npkcrypt service failed to start due to the following error: The system cannot find the file specified. Record Number: 9 Source Name: Service Control Manager Time Written: 20090825233530.000000-420 Event Type: error User: Computer Name: CENTURION Event Code: 7034 Message: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Record Number: 2 Source Name: Service Control Manager Time Written: 20090825222149.000000-420 Event Type: error User: =====Application event log===== Computer Name: CENTURION Event Code: 1000 Message: Faulting application teatimer.exe, version 1.6.4.26, faulting module teatimer.exe, version 1.6.4.26, fault address 0x0006e60e. Record Number: 44 Source Name: Application Error Time Written: 20090627095234.000000-420 Event Type: error User: Computer Name: CENTURION Event Code: 1517 Message: Windows saved user CENTURION\Owen registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 37 Source Name: Userenv Time Written: 20090627085620.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: CENTURION Event Code: 1002 Message: Hanging application mplayerc.exe, version 6.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 16 Source Name: Application Hang Time Written: 20090624172702.000000-420 Event Type: error User: Computer Name: CENTURION Event Code: 1000 Message: Faulting application roa03tg0.exe, version 1.0.2.0, faulting module roa03tg0.exe, version 1.0.2.0, fault address 0x000132ab. Record Number: 13 Source Name: Application Error Time Written: 20090612125717.000000-420 Event Type: error User: Computer Name: CENTURION Event Code: 1002 Message: Hanging application winace.exe, version 2.2.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 12 Source Name: Application Hang Time Written: 20090612113401.000000-420 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\jZip;C:\Program Files\Common Files\Ulead Systems\MPEG "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=2f00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip -----------------EOF-----------------
- August 29, 2009
- 13 replies
Malwarebytes and other scanners getting blocked by virus.

Gala replied to Gala's topic in Resolved Malware Removal Logs

I don't see any problems with my computer now; things run smoothly. Combofix Log c:\windows\svhost\software.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VIEWPOINT_MANAGER_SERVICE -------\Service_Viewpoint Manager Service ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 ))))))))))))))))))))))))))))))) . 2009-08-26 21:15 . 2009-08-26 21:15 -------- d-----w- c:\program files\Apple Pie 2009-08-26 20:58 . 2009-08-26 20:58 -------- d-----w- c:\windows\system32\wbem\Repository 2009-08-26 20:08 . 2009-08-26 20:57 -------- d-----w- c:\documents and settings\Owen\.housecall6.6 2009-08-26 19:04 . 2009-08-27 02:03 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-08-26 19:04 . 2009-08-26 19:04 -------- d-----w- c:\program files\AV Vcs 5.0 DIAMOND 2009-08-26 10:27 . 2009-08-26 19:04 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND(2) 2009-08-26 07:26 . 2009-08-26 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-26 07:26 . 2009-08-26 07:26 -------- d-----w- c:\documents and settings\Owen\Application Data\SUPERAntiSpyware.com 2009-08-26 07:22 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-08-26 07:22 . 2009-08-26 07:22 -------- d-----w- c:\program files\Panda Security 2009-08-26 02:40 . 2009-08-29 21:56 -------- d-----w- c:\windows\svhost 2009-08-25 01:19 . 2009-08-27 02:33 -------- d-----w- C:\vcs5BGEffects 2009-08-25 01:19 . 2009-08-25 01:19 -------- d-----w- C:\vcs5core 2009-08-25 01:19 . 2009-08-25 01:19 -------- d-----w- C:\AV_LOGS 2009-08-24 07:24 . 2009-08-24 07:25 -------- d-----w- c:\documents and settings\Owen\Application Data\Ventrilo 2009-08-24 07:22 . 2009-08-24 07:22 -------- d-----w- c:\program files\Ventrilo 2009-08-16 19:42 . 2009-08-16 19:42 -------- d-----w- c:\program files\THQICE 2009-08-16 17:58 . 2009-08-16 17:58 -------- d-----w- c:\program files\CiB Net Station 2009-08-11 19:38 . 2009-08-11 19:38 82774 ----a-w- c:\windows\Uninstall Jade Empire.exe 2009-08-11 19:09 . 2009-08-11 20:09 -------- d-----w- c:\program files\Jade Empire 2009-08-11 01:05 . 2009-08-16 19:35 -------- d-----w- c:\program files\Activision 2009-08-06 18:13 . 2009-08-06 18:13 -------- d-----w- c:\program files\FLV Player 2009-08-06 17:21 . 2009-08-06 17:38 -------- d-s---w- C:\Combo-Fix 2009-08-06 17:01 . 2009-08-06 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-06 17:00 . 2009-08-06 17:00 152576 ----a-w- c:\documents and settings\Owen\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-06 01:21 . 2009-08-06 01:21 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-06 01:17 . 2009-08-06 01:17 -------- d-----w- c:\program files\Common Files\xing shared 2009-08-06 01:17 . 2009-08-06 08:31 -------- d-----w- c:\program files\Common Files\Real 2009-08-06 01:17 . 2009-08-06 01:17 -------- d-----w- c:\program files\Real . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-29 21:59 . 2008-07-03 19:19 -------- d-----w- c:\program files\Steam 2009-08-29 21:57 . 2008-09-10 22:07 -------- d-----w- c:\documents and settings\Owen\Application Data\DNA 2009-08-29 21:46 . 2009-03-22 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-29 21:39 . 2008-09-10 22:07 -------- d-----w- c:\program files\DNA 2009-08-29 19:34 . 2009-03-22 02:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-26 19:58 . 2008-09-10 22:07 -------- d-----w- c:\documents and settings\Owen\Application Data\BitTorrent 2009-08-26 19:21 . 2009-02-12 04:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-26 19:09 . 2008-06-26 23:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-26 05:24 . 2008-09-20 00:08 -------- d-----w- c:\documents and settings\Owen\Application Data\GetRightToGo 2009-08-16 19:35 . 2008-06-26 22:42 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-14 00:38 . 2008-07-01 00:36 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2009-08-14 00:38 . 2008-07-01 00:36 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2009-08-14 00:38 . 2008-07-01 00:36 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2009-08-14 00:38 . 2008-07-01 00:36 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2009-08-14 00:38 . 2008-07-01 00:36 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2009-08-14 00:38 . 2008-07-01 00:36 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2009-08-14 00:19 . 2008-12-21 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-08-06 17:00 . 2008-07-10 03:07 -------- d-----w- c:\program files\Java 2009-08-06 01:25 . 2009-05-07 01:03 -------- d-----w- c:\program files\Persona 2009-08-06 01:17 . 2008-07-14 02:24 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-06 01:17 . 2003-08-28 11:43 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-08-05 03:21 . 2008-10-12 04:07 -------- d-----w- c:\program files\PeerGuardian2 2009-08-03 20:36 . 2009-02-12 04:19 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2009-02-12 04:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-28 07:54 . 2009-07-28 07:54 -------- d-----w- c:\documents and settings\Owen\Application Data\RenPy 2009-07-25 00:52 . 2009-07-25 00:52 -------- d-----w- c:\documents and settings\Owen\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 2009-07-24 22:05 . 2009-07-24 22:05 56 --sh--r- c:\windows\system32\787CE2ABF3.sys 2009-07-24 22:05 . 2009-07-24 22:05 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-07-24 15:26 . 2009-07-24 15:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-24 15:25 . 2008-07-19 19:55 38208 ----a-w- c:\documents and settings\Owen\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-07-20 07:17 . 2009-07-20 07:17 -------- d-----w- c:\program files\Eushully 2009-07-13 03:39 . 2009-07-13 03:39 -------- d-----w- c:\program files\Enterbrain 2009-07-13 03:38 . 2009-07-13 03:38 -------- d-----w- c:\program files\Common Files\Enterbrain 2009-07-02 00:59 . 2009-07-02 00:59 -------- d-----w- c:\program files\ASCII 2009-06-27 18:55 . 2009-06-05 08:01 25 ----a-w- c:\windows\popcinfot.dat 2009-06-23 01:49 . 2009-06-23 01:49 2238 ----a-r- c:\documents and settings\Owen\Application Data\Microsoft\Installer\{F1757132-F436-4FCB-8A4A-3438CE333A7D}\_4FD69CC5689BDA0580DB6A.exe 2009-06-23 01:49 . 2009-06-23 01:49 2238 ----a-r- c:\documents and settings\Owen\Application Data\Microsoft\Installer\{F1757132-F436-4FCB-8A4A-3438CE333A7D}\_21F066876BD0F768612CBC.exe 2009-05-31 14:25 . 2009-05-31 13:03 19104 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2009-05-31 14:25 . 2009-05-31 13:03 105632 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2009-05-31 13:51 . 2009-05-31 13:03 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2009-05-31 13:03 . 2009-05-31 13:03 99216 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll . ------- Sigcheck ------- [-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll [-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\system32\eventlog.dll [7] 2004-08-04 08:56 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\system32\dllcache\eventlog.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-06_17.36.50 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-29 21:59 . 2009-08-29 21:59 16384 c:\windows\temp\Perflib_Perfdata_900.dat + 2009-08-29 21:59 . 2009-08-29 21:59 16384 c:\windows\temp\Perflib_Perfdata_65c.dat + 2004-08-04 08:56 . 2004-08-04 08:56 55808 c:\windows\system32\logevent.dll + 2009-08-26 07:11 . 2009-08-26 20:58 149092 c:\windows\system32\Restore\rstrlog.dat + 2009-08-25 11:12 . 2009-08-25 11:12 253952 c:\windows\system32\config\systemprofile\ntuser.dat + 2009-08-24 07:22 . 2009-08-24 07:22 683520 c:\windows\Installer\5a870242.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2009-06-12 1217784] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-05 307200] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-26 16264192] c:\documents and settings\Owen\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-2-15 575488] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-17 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [bU] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Steam\\SteamApps\\owenlin0\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56252:TCP"= 56252:TCP:Pando Media Booster "56252:UDP"= 56252:UDP:Pando Media Booster "<NO NAME>"= "57268:TCP"= 57268:TCP:Pando Media Booster "57268:UDP"= 57268:UDP:Pando Media Booster "56110:TCP"= 56110:TCP:Pando Media Booster "56110:UDP"= 56110:UDP:Pando Media Booster "8395:TCP"= 8395:TCP:League of Legends Launcher "8395:UDP"= 8395:UDP:League of Legends Launcher "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8399:TCP"= 8399:TCP:League of Legends Launcher "8399:UDP"= 8399:UDP:League of Legends Launcher "57618:TCP"= 57618:TCP:Pando Media Booster "57618:UDP"= 57618:UDP:Pando Media Booster S3 cpuz130;cpuz130;\??\c:\docume~1\Owen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Owen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?] S3 HookProtect;HookProtect;\??\c:\steps\element\HookProtect.sys --> c:\steps\element\HookProtect.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007/11/06 13:22 34064] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?] S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-08-29 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 02:35] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab FF - ProfilePath - c:\documents and settings\Owen\Application Data\Mozilla\Firefox\Profiles\hp1d7d8c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Owen\Application Data\Mozilla\Firefox\Profiles\hp1d7d8c.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMXENG.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: browser.sessionstore.resume_from_crash - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-29 14:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-1292428093-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\q0・`0`0・q0\T嶐l\sYM0・・h0U0・・F*E*] "Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,80,00, 00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\ [HKEY_USERS\S-1-5-21-299502267-1292428093-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "?慴"=hex:a9,93,2a,e4,5d,a6,c2,59,0d,a5,5c,65,4c,2e,e2,bb,72,57,ae,d5,96,03,68, 82,07,48,1f,77,f3,2a,47,6f,0c,87,4c,66,67,72,ba,b0,1a,94,55,e9,e3,58,7d,45,\ "?祥"=hex:19,3c,84,c5,24,52,dd,2b,e5,7b,5e,f4,e3,b2,65,18 [HKEY_USERS\S-1-5-21-299502267-1292428093-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:9e,11,bc,0f,c1,3b,25,56,cb,57,2c,91,c4,5c,53,52,56,4d,2f,42,83, 01,d6,96,dd,55,fe,e4,59,07,61,f8,70,6f,ea,df,e0,87,48,da,c1,31,37,39,7f,5b,\ "rkeysecu"=hex:d0,3d,a8,04,05,f6,b6,6e,4a,da,2a,eb,88,43,cd,b2 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(948) c:\program files\Pure Networks\Network Magic\nmrsrc.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\nexon\Mabinogi\npkcmsvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Pure Networks\Network Magic\nmsrvc.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-08-29 15:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-29 22:05 ComboFix2.txt 2009-08-28 22:05 ComboFix3.txt 2009-08-06 17:38 Pre-Run: 2,257,719,296 bytes free Post-Run: 2,169,499,648 bytes free 291 --- E O F --- 2008-12-13 18:13 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Malwarebytes Log Malwarebytes' Anti-Malware 1.40 Database version: 2713 Windows 5.1.2600 Service Pack 2 2009/08/29 16:25:33 mbam-log-2009-08-29 (16-25-33).txt Scan type: Full Scan (C:\|) Objects scanned: 237101 Time elapsed: 1 hour(s), 13 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{8223BE1E-A961-472C-A357-87FE7DC86914}\RP493\A0046418.exe (Trojan.Banker) -> Quarantined and deleted successfully.
- August 29, 2009
- 13 replies
Malwarebytes and other scanners getting blocked by virus.

Gala replied to Gala's topic in Resolved Malware Removal Logs

For the Disable TeaTimer part, I am able to uncheck resident protection in the system tray but am unable to open Spybot S&D due to the permission error. Should I uninstall Spybot S&D and its functions if it interferes?
- August 29, 2009
- 13 replies
Malwarebytes and other scanners getting blocked by virus.

Gala replied to Gala's topic in Resolved Malware Removal Logs

ComboFix Log ComboFix 09-08-28.01 - Owen 2009/08/28 14:49.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.2046.1523 [GMT -7:00] Running from: c:\documents and settings\Owen\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\bc4d1.msi . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 ))))))))))))))))))))))))))))))) . 2009-08-26 21:15 . 2009-08-26 21:15 -------- d-----w- c:\program files\Apple Pie 2009-08-26 20:58 . 2009-08-26 20:58 -------- d-----w- c:\windows\system32\wbem\Repository 2009-08-26 20:08 . 2009-08-26 20:57 -------- d-----w- c:\documents and settings\Owen\.housecall6.6 2009-08-26 19:04 . 2009-08-27 02:03 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-08-26 19:04 . 2009-08-26 19:04 -------- d-----w- c:\program files\AV Vcs 5.0 DIAMOND 2009-08-26 19:04 . 2009-08-27 02:06 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND dlingskull 2009-08-26 10:27 . 2009-08-26 19:04 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND(2) 2009-08-26 07:26 . 2009-08-26 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-26 07:26 . 2009-08-26 07:26 -------- d-----w- c:\documents and settings\Owen\Application Data\SUPERAntiSpyware.com 2009-08-26 07:22 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-08-26 07:22 . 2009-08-26 07:22 -------- d-----w- c:\program files\Panda Security 2009-08-26 02:40 . 2009-08-26 02:43 -------- d-----w- c:\windows\svhost 2009-08-25 01:19 . 2009-08-27 02:33 -------- d-----w- C:\vcs5BGEffects 2009-08-25 01:19 . 2009-08-25 01:19 -------- d-----w- C:\vcs5core 2009-08-25 01:19 . 2009-08-25 01:19 -------- d-----w- C:\AV_LOGS 2009-08-24 07:24 . 2009-08-24 07:25 -------- d-----w- c:\documents and settings\Owen\Application Data\Ventrilo 2009-08-24 07:22 . 2009-08-24 07:22 -------- d-----w- c:\program files\Ventrilo 2009-08-16 19:42 . 2009-08-16 19:42 -------- d-----w- c:\program files\THQICE 2009-08-16 17:58 . 2009-08-16 17:58 -------- d-----w- c:\program files\CiB Net Station 2009-08-11 19:38 . 2009-08-11 19:38 82774 ----a-w- c:\windows\Uninstall Jade Empire.exe 2009-08-11 19:09 . 2009-08-11 20:09 -------- d-----w- c:\program files\Jade Empire 2009-08-11 01:05 . 2009-08-16 19:35 -------- d-----w- c:\program files\Activision 2009-08-06 18:13 . 2009-08-06 18:13 -------- d-----w- c:\program files\FLV Player 2009-08-06 17:21 . 2009-08-06 17:38 -------- d-s---w- C:\Combo-Fix 2009-08-06 17:01 . 2009-08-06 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-06 17:00 . 2009-08-06 17:00 152576 ----a-w- c:\documents and settings\Owen\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-06 01:21 . 2009-08-06 01:21 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-06 01:17 . 2009-08-06 01:17 -------- d-----w- c:\program files\Common Files\xing shared 2009-08-06 01:17 . 2009-08-06 08:31 -------- d-----w- c:\program files\Common Files\Real 2009-08-06 01:17 . 2009-08-06 01:17 -------- d-----w- c:\program files\Real . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-28 21:59 . 2008-07-03 19:19 -------- d-----w- c:\program files\Steam 2009-08-28 21:59 . 2008-09-10 22:07 -------- d-----w- c:\program files\DNA 2009-08-28 21:59 . 2008-09-10 22:07 -------- d-----w- c:\documents and settings\Owen\Application Data\DNA 2009-08-26 19:58 . 2008-09-10 22:07 -------- d-----w- c:\documents and settings\Owen\Application Data\BitTorrent 2009-08-26 19:21 . 2009-02-12 04:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-26 19:09 . 2008-06-26 23:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-26 07:18 . 2009-03-22 02:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-26 05:24 . 2008-09-20 00:08 -------- d-----w- c:\documents and settings\Owen\Application Data\GetRightToGo 2009-08-16 19:35 . 2008-06-26 22:42 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-14 00:38 . 2008-07-01 00:36 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2009-08-14 00:38 . 2008-07-01 00:36 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2009-08-14 00:38 . 2008-07-01 00:36 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2009-08-14 00:38 . 2008-07-01 00:36 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2009-08-14 00:38 . 2008-07-01 00:36 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2009-08-14 00:38 . 2008-07-01 00:36 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2009-08-14 00:19 . 2008-12-21 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-08-06 17:00 . 2008-07-10 03:07 -------- d-----w- c:\program files\Java 2009-08-06 01:25 . 2009-05-07 01:03 -------- d-----w- c:\program files\Persona 2009-08-06 01:17 . 2008-07-14 02:24 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-06 01:17 . 2003-08-28 11:43 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-08-05 03:21 . 2008-10-12 04:07 -------- d-----w- c:\program files\PeerGuardian2 2009-08-03 20:36 . 2009-02-12 04:19 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2009-02-12 04:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-28 07:54 . 2009-07-28 07:54 -------- d-----w- c:\documents and settings\Owen\Application Data\RenPy 2009-07-25 00:52 . 2009-07-25 00:52 -------- d-----w- c:\documents and settings\Owen\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 2009-07-24 22:05 . 2009-07-24 22:05 56 --sh--r- c:\windows\system32\787CE2ABF3.sys 2009-07-24 22:05 . 2009-07-24 22:05 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-07-24 15:26 . 2009-07-24 15:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-24 15:25 . 2008-07-19 19:55 38208 ----a-w- c:\documents and settings\Owen\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-07-20 07:17 . 2009-07-20 07:17 -------- d-----w- c:\program files\Eushully 2009-07-13 03:39 . 2009-07-13 03:39 -------- d-----w- c:\program files\Enterbrain 2009-07-13 03:38 . 2009-07-13 03:38 -------- d-----w- c:\program files\Common Files\Enterbrain 2009-07-02 00:59 . 2009-07-02 00:59 -------- d-----w- c:\program files\ASCII 2009-06-27 18:55 . 2009-06-05 08:01 25 ----a-w- c:\windows\popcinfot.dat 2009-06-23 01:49 . 2009-06-23 01:49 2238 ----a-r- c:\documents and settings\Owen\Application Data\Microsoft\Installer\{F1757132-F436-4FCB-8A4A-3438CE333A7D}\_4FD69CC5689BDA0580DB6A.exe 2009-06-23 01:49 . 2009-06-23 01:49 2238 ----a-r- c:\documents and settings\Owen\Application Data\Microsoft\Installer\{F1757132-F436-4FCB-8A4A-3438CE333A7D}\_21F066876BD0F768612CBC.exe 2009-05-31 14:26 . 2009-05-31 14:26 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys 2009-05-31 14:26 . 2009-05-31 14:26 186443 ----a-w- c:\windows\system32\atasnt40.dll 2009-05-31 14:25 . 2009-05-31 13:03 19104 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2009-05-31 14:25 . 2009-05-31 13:03 105632 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2009-05-31 13:51 . 2009-05-31 13:03 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2009-05-31 13:03 . 2009-05-31 13:03 99216 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll . ------- Sigcheck ------- [-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll [-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\system32\eventlog.dll [7] 2004-08-04 08:56 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\system32\dllcache\eventlog.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-06_17.36.50 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-28 21:59 . 2009-08-28 21:59 16384 c:\windows\temp\Perflib_Perfdata_924.dat + 2009-08-28 21:59 . 2009-08-28 21:59 16384 c:\windows\temp\Perflib_Perfdata_5fc.dat + 2004-08-04 08:56 . 2004-08-04 08:56 55808 c:\windows\system32\logevent.dll + 2009-08-26 07:11 . 2009-08-26 20:58 149092 c:\windows\system32\Restore\rstrlog.dat + 2009-08-25 11:12 . 2009-08-25 11:12 253952 c:\windows\system32\config\systemprofile\ntuser.dat + 2009-08-26 02:40 . 2009-05-09 11:40 643072 c:\windows\svhost\setup.exe + 2009-08-24 07:22 . 2009-08-24 07:22 683520 c:\windows\Installer\5a870242.msi + 2009-08-26 02:40 . 2009-05-09 02:36 33442240 c:\windows\svhost\software.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2009-06-12 1217784] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-05 307200] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-26 16264192] c:\documents and settings\Owen\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-2-15 575488] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-17 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [bU] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Steam\\SteamApps\\owenlin0\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56252:TCP"= 56252:TCP:Pando Media Booster "56252:UDP"= 56252:UDP:Pando Media Booster "<NO NAME>"= "57268:TCP"= 57268:TCP:Pando Media Booster "57268:UDP"= 57268:UDP:Pando Media Booster "56110:TCP"= 56110:TCP:Pando Media Booster "56110:UDP"= 56110:UDP:Pando Media Booster "8395:TCP"= 8395:TCP:League of Legends Launcher "8395:UDP"= 8395:UDP:League of Legends Launcher "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8399:TCP"= 8399:TCP:League of Legends Launcher "8399:UDP"= 8399:UDP:League of Legends Launcher "57618:TCP"= 57618:TCP:Pando Media Booster "57618:UDP"= 57618:UDP:Pando Media Booster R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008/11/14 0:08 24652] S3 cpuz130;cpuz130;\??\c:\docume~1\Owen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Owen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?] S3 HookProtect;HookProtect;\??\c:\steps\element\HookProtect.sys --> c:\steps\element\HookProtect.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007/11/06 13:22 34064] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?] S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-08-22 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 02:35] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab FF - ProfilePath - c:\documents and settings\Owen\Application Data\Mozilla\Firefox\Profiles\hp1d7d8c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Owen\Application Data\Mozilla\Firefox\Profiles\hp1d7d8c.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMXENG.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: browser.sessionstore.resume_from_crash - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-28 14:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-1292428093-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\q0・`0`0・q0\T嶐l\sYM0・・h0U0・・F*E*] "Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,80,00, 00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\ [HKEY_USERS\S-1-5-21-299502267-1292428093-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "?慴"=hex:a9,93,2a,e4,5d,a6,c2,59,0d,a5,5c,65,4c,2e,e2,bb,72,57,ae,d5,96,03,68, 82,07,48,1f,77,f3,2a,47,6f,0c,87,4c,66,67,72,ba,b0,1a,94,55,e9,e3,58,7d,45,\ "?祥"=hex:19,3c,84,c5,24,52,dd,2b,e5,7b,5e,f4,e3,b2,65,18 [HKEY_USERS\S-1-5-21-299502267-1292428093-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:9e,11,bc,0f,c1,3b,25,56,cb,57,2c,91,c4,5c,53,52,56,4d,2f,42,83, 01,d6,96,dd,55,fe,e4,59,07,61,f8,70,6f,ea,df,e0,87,48,da,c1,31,37,39,7f,5b,\ "rkeysecu"=hex:d0,3d,a8,04,05,f6,b6,6e,4a,da,2a,eb,88,43,cd,b2 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2180) c:\program files\Pure Networks\Network Magic\nmrsrc.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\nexon\Mabinogi\npkcmsvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Pure Networks\Network Magic\nmsrvc.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-08-28 15:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-28 22:05 ComboFix2.txt 2009-08-06 17:38 Pre-Run: 1,960,206,336 bytes free Post-Run: 2,276,487,168 bytes free 292 --- E O F --- 2008-12-13 18:13
- August 28, 2009
- 13 replies
Malwarebytes and other scanners getting blocked by virus.

Gala replied to Gala's topic in Resolved Malware Removal Logs

Thanks for helping Katana. Here are the logs in the order that was requests in the reply. The Google links being redirected problem, which started acting up again before the process, is now not redirecting me to a random web page. Malwarebytes and other like programs still have the permission error. Avenger Log File Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully. Completed script processing. ******************* Finished! Terminate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Win32kDiag Log File Log file is located at: C:\Documents and Settings\Owen\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\addins\addins Found mount point : C:\WINDOWS\AppPatch\Custom\Custom Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\AppPatch\Custom\Custom Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ftpcache\ftpcache Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\17400AB28230347339DBAF1833357A38\3.1.21022\3.1.21022 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\17400AB28230347339DBAF1833357A38\3.1.21022\3.1.21022 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022 Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe [1] 2004-08-04 01:56:52 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe (Microsoft Corporation) [1] 2008-04-13 17:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\helpsvc.exe (Microsoft Corporation) [1] 2004-08-04 01:56:52 743936 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\10 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\10 Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70 Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1025\1025 Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1028\1028 Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1031\1031 Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1037\1037 Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1041\1041 Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1042\1042 Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1054\1054 Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\2052\2052 Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3076\3076 Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-299502267-1292428093-682003330-1003\S-1-5-21-299502267-1292428093-682003330-1003 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-299502267-1292428093-682003330-1003\S-1-5-21-299502267-1292428093-682003330-1003 Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ATI\ACE\ACE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ATI\ACE\ACE Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\dhcp\dhcp Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\export\export Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv Found mount point : C:\WINDOWS\system32\Lang\Lang Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Lang\Lang Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\sample\sample Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt Found mount point : C:\WINDOWS\system32\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Temp\Temp Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wins\wins Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\xircom\xircom Found mount point : C:\WINDOWS\Temp\SDDLLS\SDDLLS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\SDDLLS\SDDLLS Found mount point : C:\WINDOWS\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\Temp Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Finished!
- August 28, 2009
- 13 replies
Malwarebytes and other scanners getting blocked by virus.

Gala posted a topic in Resolved Malware Removal Logs

Okay, seems like I have a similar problem as SIR CHEECH and I NEED HELP, who have posted in this forum. I've checked through SIR CHEECH's topic, but the process seemed personalized for him. HiJackThis, malwarebytes, and other scanners terminate after starting the scan. Afterward, when trying to start up the program again, it gives the error "Windows cannot access specified device, path, or file. You may not have appropriate permissions to access them." In task manager, when I first noticed the virus, I found a process called "a.exe" and ended the process since it was never there before. It never showed up again. Whenever I clicked on a google link, it redirected to another page. Now 20 minutes ago, it seems as though the google links are okay though I haven't done anything, or at least I don't think I did anything, that would resolve the google issue. Now the only noticeable problem is that scanners such as HiJackThis and Malwarebytes become blocked after terminating immediately after the start of scanning. I don't know if this will help, but here's a log of Win32kDiag. Log file is located at: C:\Documents and Settings\Owen\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\AppPatch\Custom\Custom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\17400AB28230347339DBAF1833357A38\3.1.21022\3.1.21022 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\10 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-299502267-1292428093-682003330-1003\S-1-5-21-299502267-1292428093-682003330-1003 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ATI\ACE\ACE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2008-04-13 17:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 01:56:44 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 01:56:44 62976 C:\WINDOWS\system32\eventlog.dll () [2] 2004-08-04 01:56:44 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Lang\Lang Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\SDDLLS\SDDLLS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished!
- August 26, 2009
- 13 replies

Sign In

Gala

Posts

Joined

Last visited

Reputation

Malwarebytes and other scanners getting blocked by virus.

Malwarebytes and other scanners getting blocked by virus.

Malwarebytes and other scanners getting blocked by virus.

Malwarebytes and other scanners getting blocked by virus.

Malwarebytes and other scanners getting blocked by virus.

Malwarebytes and other scanners getting blocked by virus.

Malwarebytes and other scanners getting blocked by virus.

Malwarebytes and other scanners getting blocked by virus.

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information