Jump to content

Recommended Posts

As many people are having the same problem so am i > <

i am goin to make a small index.....

1.10000 DDs.txt log

1.20000 attach.txt log

1.30000 MBAM scan log....

1.10000

my DDs.txt log

DDS (Ver_10-03-17.01) - NTFSX64

Run by Archer at 17:06:52.80 on 05/10/2010 Tue

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Ultimate 6.1.7600.0.950.886.1033.18.4095.2304 [GMT 10:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\HideWindowPlus\HWinPlus.exe

C:\Users\Archer\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Archer\AppData\Roaming\fbx.exe

C:\Program Files (x86)\BayGenie\ProEdition\BayGenie.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Users\Archer\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.e xe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\gogobox\gogobox.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Lunascape\Lunascape6\Luna.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Nakido\nakido.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files (x86)\gogobox\gogobox_e.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\gogobox\upnp\upnp.exe

C:\Program Files (x86)\gogobox\gogobox_t.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Archer\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://fl.iamwired.net/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\syswow64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files (x86)\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AddTask Class: {6a19c29d-ed45-4483-8999-9f939c8161f2} - c:\program files\eread\eread\WebHook.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files (x86)\orbitdownloader\GrabPro.dll

uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"

uRun: [HideWindowPlus] c:\program files (x86)\hidewindowplus\HWinPlus.exe -background

uRun: [Google Update] "c:\users\archer\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [installMon] c:\users\archer\appdata\roaming\fbx.exe

uRun: [bayGenie] "c:\program files (x86)\baygenie\proedition\BayGenie.exe"

mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe

mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [gogobox.exe] c:\program files (x86)\gogobox\gogobox.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [stormCodec_Helper] "c:\program files (x86)\ringz studio\storm codec\StormSet.exe" /S /opti

mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\archer\appdata\roaming\micros~1\windows\startm~1\programs\startup\ rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\lunasc~1.lnk - c:\program files (x86)\lunascape\lunascape6\Luna.exe

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Download by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: gogobox.com.tw

Trusted Zone: gogobox.com.tw

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3C073A4B-B1D2-4A7B-B970-7F1277D74FB0} - hxxps://www.chb.com.tw/chbib/faces/theme/CHBCertificateDBClientCOM.cab

DPF: {650BBB86-3D77-49BA-A4B2-2455E44EB031} - hxxps://netbank.chb.com.tw/Security/PasswordMD5ClientCOM.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C9B6115C-DEA9-11D6-8C3C-0050BAA6346E} - hxxps://netbank.chb.com.tw/Security/CertificateDBClientCOM.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF3336AF-E259-4978-9D69-B4BBF47BE261} - hxxp://tel.isoshu.com/zxlqs.cab

DPF: {EB8D26BA-9A4C-444C-80D1-1B544F68D797} - hxxps://netbank.chb.com.tw/Security/XMLSignatureClientCOM.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\Skype4COM.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

IE-X64: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}

IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files (x86)\fiddler2\Fiddler.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\archer\appdata\roaming\mozilla\firefox\profiles\iufg130q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://fl.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://fl.iamwired.net/

FF - prefs.js: keyword.URL - hxxp://fl.iamwired.net/websearch.php?src=tops&search=

FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\progra~2\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npBFPlugin.dll

FF - plugin: c:\users\archer\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dl l

FF - plugin: c:\users\archer\appdata\roaming\mozilla\firefox\profiles\iufg130q.default\e xtensions\ietab@ip.cn\plugins\npCoralIETab.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

Link to post
Share on other sites

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-9-8 12368]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-9-8 250448]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-4-25 37392]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-9-8 125520]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-9-8 463952]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-8 121936]

R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]

R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2010-4-25 14904]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-8 20048]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-8 61008]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]

R2 Nakido;Nakido;c:\program files (x86)\nakido\nakido.exe [2010-9-8 337408]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2009-9-15 6952960]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-4-25 86120]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-3-4 346144]

S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-9-8 119200]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-10-5 304464]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]

S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-4-25 51120]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-5 24664]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-11 5434368]

S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2009-9-26 174424]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4924336]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]

S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-25 1255736]

=============== Created Last 30 ================

2010-10-05 06:36:16 0 d-----w- c:\users\archer\appdata\roaming\Malwarebytes

2010-10-05 06:36:07 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-05 06:36:07 0 d-----w- c:\programdata\Malwarebytes

2010-10-05 06:36:07 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-10-05 06:08:04 0 --sha-w- C:\DkHyperbootSync

2010-10-04 09:49:37 1060864 begin_of_the_skype_highlighting 37 1060864 end_of_the_skype_highlighting ----a-w- c:\windows\syswow64\mfc71.dll

2010-10-04 09:49:37 1047552 begin_of_the_skype_highlighting 37 1047552 end_of_the_skype_highlighting ----a-w- c:\windows\syswow64\mfc71u.dll

2010-10-04 09:49:37 1 ----a-w- c:\windows\syswow64\uuddc32.dll

2010-10-04 09:49:37 0 d-----w- c:\program files (x86)\BayGenie

2010-10-04 09:39:03 40344 ----a-w- c:\users\archer\appdata\roaming\FbxU.exe

2010-09-29 00:08:19 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat

2010-09-29 00:06:50 0 d-----r- c:\program files (x86)\Skype

2010-09-29 00:06:45 0 d-----w- c:\programdata\Skype

2010-09-25 00:24:46 81920 ----a-w- c:\users\archer\appdata\roaming\fbx.exe

2010-09-19 00:39:23 0 d-----w- c:\programdata\Apple Computer

2010-09-19 00:39:22 0 d-----w- c:\program files (x86)\common files\Real

2010-09-19 00:39:21 0 d-----w- c:\program files (x86)\Ringz Studio

2010-09-19 00:30:55 0 d-----w- c:\users\archer\appdata\roaming\Application Data

2010-09-19 00:30:55 0 d-----w- c:\programdata\Storm

2010-09-18 15:57:11 38 ----a-w- c:\windows\avisplitter.ini

2010-09-18 15:57:06 839680 ----a-w- c:\windows\syswow64\lameACM.acm

2010-09-18 15:57:06 414 ----a-w- c:\windows\syswow64\lame_acm.xml

2010-09-18 15:57:06 39936 ----a-w- c:\windows\syswow64\huffyuv.dll

2010-09-18 15:57:06 391680 ----a-w- c:\windows\syswow64\I263_32.drv

2010-09-18 15:57:06 2931712 begin_of_the_skype_highlighting 06 2931712 end_of_the_skype_highlighting ----a-w- c:\windows\syswow64\x264vfw.dll

2010-09-18 15:57:06 287744 ----a-w- c:\windows\syswow64\divxa32.acm

2010-09-18 15:57:06 232448 ----a-w- c:\windows\syswow64\mp3fhg.acm

2010-09-18 15:57:06 217088 ----a-w- c:\windows\syswow64\yv12vfw.dll

2010-09-18 15:57:06 151552 ----a-w- c:\windows\syswow64\ac3acm.acm

2010-09-15 07:46:34 0 --sh--r- C:\logwmemory.bin

2010-09-14 21:15:05 2058752 begin_of_the_skype_highlighting 05 2058752 end_of_the_skype_highlighting ----a-w- c:\windows\syswow64\iertutil.dll

2010-09-14 21:14:52 558592 ----a-w- c:\windows\system32\spoolsv.exe

2010-09-08 12:04:26 463952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2010-09-08 12:04:25 125520 ----a-w- c:\windows\system32\drivers\aswFW.sys

2010-09-08 12:04:03 250448 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2010-09-08 12:03:59 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-09-08 12:03:38 38848 ----a-w- c:\windows\avastSS.scr

2010-09-08 12:03:38 167592 ----a-w- c:\windows\syswow64\aswBoot.exe

2010-09-08 12:03:38 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2010-09-08 11:29:45 0 d-----w- c:\users\archer\appdata\roaming\PPStream

2010-09-08 11:29:44 20 ----a-w- c:\windows\powerlist.ini

2010-09-08 11:29:38 709 ----a-w- c:\windows\powerplayer.ini

2010-09-08 11:29:38 251 ----a-w- c:\windows\psnetwork.ini

2010-09-08 11:29:37 447880 ----a-w- c:\windows\system32\rmsplt.ax

2010-09-08 11:29:37 1384448 begin_of_the_skype_highlighting 37 1384448 end_of_the_skype_highlighting ----a-w- c:\windows\system32\PPSMInfo.dll

2010-09-08 10:52:29 0 d-----w- c:\program files (x86)\Nakido

2010-09-05 09:53:35 0 d-----w- c:\users\archer\appdata\roaming\K-ON_DTA

2010-09-05 09:51:52 0 d-----w- c:\program files (x86)\data

==================== Find3M ====================

2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll

2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll

2010-07-23 10:48:44 108432 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-07-12 09:49:51 258352 ----a-w- c:\windows\syswow64\unicows.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 begin_of_the_skype_highlighting 08 9633792 end_of_the_skype_highlighting --sha-r- c:\windows\fonts\StaticCache.dat

2010-04-27 17:48:08 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\h istory\history.ie5\index.dat

2010-04-27 17:48:08 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\t emporary internet files\content.ie5\index.dat

2010-04-27 17:48:08 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows \cookies\index.dat

2010-04-24 17:23:51 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows \ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:08:36.11 ===============

1.20000

my attach.txt log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 25/04/2010 2:09:27 PM

System Uptime: 10/05/2010 5:03:39 PM (3552 hours ago)

Motherboard: ASUSTeK Computer Inc. | | N50Vn

Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz | Socket 478 | 2401/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 2.636 GiB free.

D: is FIXED (NTFS) - 135 GiB total, 8.306 GiB free.

E: is CDROM ()

F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Virtual WiFi Miniport Adapter

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&FEFA7DE&0&01

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&FEFA7DE&0&01

Service: vwifimp

Class GUID:

Description: STK7700D

Device ID: USB\VID_1164&PID_1F08\0000000001

Manufacturer:

Name: STK7700D

PNP Device ID: USB\VID_1164&PID_1F08\0000000001

Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

??????????

7-Zip 4.65

Active@ Partition Recovery

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Player 9 ActiveX

Adobe Reader 9.3.4

Adobe Shockwave Player 11.5

Alien Swarm - SDK

ASUS LifeFrame3

ASUS Virtual Camera

ATK Generic Function Service

ATK Hotkey

ATKOSD2

avast! Internet Security

BayGenie eBay Auction Sniper Pro Edition 3.3.5.4

Cheat Engine 5.5

Cheat Engine 5.6

e-tax 2010

GOGOBOX

Google Chrome

HP USB Disk Storage Format Tool

ImgBurn

IrfanView (remove only)

Java Auto Updater

Java 6 Update 20

JDownloader

K-Lite Mega Codec Pack 6.4.0

Lunascape6 (All Users)

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.10)

MSVCRT

Nakido

NVIDIA PhysX

Orbit Downloader

piaip AppLocale

Picasa 3

Rainmeter (remove only)

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RICOH R5U8xx Media Driver ver.3.62.02

RocketDock 1.3.5

save2pc Pro 3.60

Sengoku Rance English v1.01

Skype Toolbars

Skype? 4.2

StarCraft II

Steam

Storm Codec

System Requirements Lab

TalonRO Client 1.0.0

Team Fortress 2

Team Fortress 2 Dedicated Server

WC3Banlist

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Messenger

Windows Media Player Firefox Plugin

WinPcap 4.1.1

Wireless Console 2

?Torrent

?????????????

==== Event Viewer Messages From Past Week ========

5/10/2010 5:05:58 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/10/2010 5:05:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/10/2010 5:05:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

5/10/2010 5:02:12 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/10/2010 5:02:11 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/10/2010 5:02:11 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

5/10/2010 5:01:49 PM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).

5/10/2010 4:13:43 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

4/10/2010 9:38:34 AM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.

4/10/2010 2:49:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

29/09/2010 2:14:50 AM, Error: Service Control Manager [7031] - The avast! Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

==== End Of File ===========================

Link to post
Share on other sites

1.30000

my MBAM scan log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4746

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/10/2010 6:22:40 PM

mbam-log-2010-10-05 (18-22-40).txt

Scan type: Full scan (C:\|)

Objects scanned: 295956

Time elapsed: 1 hour(s), 16 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Archer\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0006e3 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Users\Archer\Desktop\PPS????+vip??+???\PPStreamNOAD.exe (Trojan.Autorun) -> Quarantined and deleted successfully.

C:\Users\Archer\Desktop\temp\Desktop\CrazyMulti.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Archer\Desktop\temp\Nore._9.4.26.0\Keymaker.Nero.9.4.26.0 v5.55.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Archer\Desktop\temp\Your Uninstaller! 2008 PRO v6.1.1233\Your Uninstaller 2008\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted succes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.