Jump to content

Recommended Posts

Hello, need help removing Essential Cleaner, Using Avast Anti-virus and had installed Malwarebytes.

On scan of Avast , i get my pc restarted before it finish scan, Malwarebytes do not start.

After i restart my pc i have about 1 minet pc acting normaly where i can open specific programs included Malwarebytes, But after short time i get blue screen.

Tryed dling programs u have suggested but no result.

Link to post
Share on other sites

Hello, need help removing Essential Cleaner, Using Avast Anti-virus and had installed Malwarebytes.

On scan of Avast , i get my pc restarted before it finish scan, Malwarebytes do not start.

After i restart my pc i have about 1 minet pc acting normaly where i can open specific programs included Malwarebytes, But after short time i get blue screen.

Tryed dling programs u have suggested but no result.

Block completly from opening any program ( even windows media player) well i do see it Open for 1 sec, then it disapear.

Link to post
Share on other sites

Blue screen of death every 15 minets or so, well can't find any info about this one, guees its 1 of new rogues.

Sorry for spaming. Was just little bit upset since its been a year or so since i got smth i can't remove. last 1 (Paladin antivirus)

1) Restart every 15 minets.

2) close ( i belive) or hide, any Program i am trying to open.

3) Start> run any cmd i use opens for 1 sec then hides or closes by itself as any other programs.

4) malwarebytes blocked.

5) Avast do not detect anything, and warning msg i get is that avastsvc.exe is infected Please activate ur antivirus software.

6) Can't run in safe mode.

Hope this was helpful, unfortunatly can't post hijack log or anything els due to reasons i mention.

Thank you in advance ^^

Link to post
Share on other sites

After 1 more error something went wrong, and my screen on log in did not change and essential cleaner do not pop up, maybe i deleted some file while was looking around.

Was able to do Hijack:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:41:48 AM, on 5/19/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\U-ABIT\uGuru\uGuru.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Hawking\HWU54D\HWU54D.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evony.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

O1 - Hosts: 64.16.193.26 l2authd.lineage2.com

O1 - Hosts: 216.107.250.194 update.nprotect.com

O1 - Hosts: 216.107.250.194 nprotect.lineage2.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F92AE24D-2C39-4C17-8324-E93E9E0A37A2} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exe" /runcleanupscript

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\uGuru\uGuru.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU54D\HWU54D.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5347/mcfscan.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--

End of file - 8533 bytes

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebyes.

Bumping your topic makes it seem like you are already being helped, and as you've noticed, you were overlooked because of it.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

STDSSKiller

011/05/22 04:38:01.0609 3432 Scan started

2011/05/22 04:38:01.0609 3432 Mode: Manual;

2011/05/22 04:38:01.0609 3432 ================================================================================

2011/05/22 04:38:02.0078 3432 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys

2011/05/22 04:38:02.0125 3432 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/22 04:38:02.0156 3432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/22 04:38:02.0187 3432 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/05/22 04:38:02.0203 3432 AFD (944ca435bfcfc82cc1ed9e3a7d731aa9) C:\WINDOWS\System32\drivers\afd.sys

2011/05/22 04:38:02.0234 3432 afw (14ba5ca5d11771ce8e8b6cc6830a2436) C:\WINDOWS\system32\DRIVERS\afw.sys

2011/05/22 04:38:02.0265 3432 afwcore (1f3d61965a9bd278a205d3062176e45c) C:\WINDOWS\system32\drivers\afwcore.sys

2011/05/22 04:38:02.0343 3432 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/05/22 04:38:02.0421 3432 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys

2011/05/22 04:38:02.0468 3432 ASWFilt (1f9827d87260dad71555a34c7a8624c3) C:\WINDOWS\system32\Filt\ASWFilt.dll

2011/05/22 04:38:02.0484 3432 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/22 04:38:02.0500 3432 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/22 04:38:02.0546 3432 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys

2011/05/22 04:38:02.0562 3432 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/22 04:38:02.0609 3432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/22 04:38:02.0640 3432 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/05/22 04:38:02.0640 3432 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/05/22 04:38:02.0703 3432 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/05/22 04:38:02.0718 3432 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/05/22 04:38:02.0765 3432 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/05/22 04:38:02.0796 3432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/22 04:38:02.0812 3432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/22 04:38:02.0843 3432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/22 04:38:02.0859 3432 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/22 04:38:02.0890 3432 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/22 04:38:02.0968 3432 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/22 04:38:03.0000 3432 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/22 04:38:03.0015 3432 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/22 04:38:03.0031 3432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/22 04:38:03.0031 3432 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/22 04:38:03.0062 3432 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/22 04:38:03.0078 3432 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/22 04:38:03.0093 3432 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/22 04:38:03.0109 3432 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/22 04:38:03.0125 3432 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/05/22 04:38:03.0156 3432 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/22 04:38:03.0187 3432 FStarForce (e626f53e373e521f75b59936a31a4124) C:\WINDOWS\system32\DRIVERS\FStarForce.sys

2011/05/22 04:38:03.0203 3432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/22 04:38:03.0218 3432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/22 04:38:03.0234 3432 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/22 04:38:03.0250 3432 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/22 04:38:03.0281 3432 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/22 04:38:03.0296 3432 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/22 04:38:03.0343 3432 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/22 04:38:03.0359 3432 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/22 04:38:03.0500 3432 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/05/22 04:38:03.0531 3432 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/22 04:38:03.0546 3432 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/22 04:38:03.0593 3432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/22 04:38:03.0625 3432 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/22 04:38:03.0656 3432 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/22 04:38:03.0671 3432 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/22 04:38:03.0703 3432 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/22 04:38:03.0703 3432 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/22 04:38:03.0718 3432 JRAID (6e4e3c0b27116b14d1150be7eeceaac6) C:\WINDOWS\system32\DRIVERS\jraid.sys

2011/05/22 04:38:03.0734 3432 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/22 04:38:03.0750 3432 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/22 04:38:03.0765 3432 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/22 04:38:03.0781 3432 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/22 04:38:03.0828 3432 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2011/05/22 04:38:03.0859 3432 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

2011/05/22 04:38:03.0875 3432 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2011/05/22 04:38:03.0921 3432 Memctl (6dc926c53624755b07cfe254f3845afa) C:\Program Files\U-ABIT\FlashMenu\Memctl.sys

2011/05/22 04:38:03.0953 3432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/22 04:38:03.0984 3432 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/22 04:38:03.0984 3432 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/22 04:38:04.0000 3432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/22 04:38:04.0015 3432 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/22 04:38:04.0046 3432 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/22 04:38:04.0078 3432 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/22 04:38:04.0093 3432 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/22 04:38:04.0109 3432 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/22 04:38:04.0125 3432 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/22 04:38:04.0140 3432 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/22 04:38:04.0156 3432 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/22 04:38:04.0171 3432 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/22 04:38:04.0187 3432 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/22 04:38:04.0203 3432 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/22 04:38:04.0218 3432 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/22 04:38:04.0234 3432 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/22 04:38:04.0250 3432 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/22 04:38:04.0265 3432 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/22 04:38:04.0281 3432 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/22 04:38:04.0312 3432 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/05/22 04:38:04.0312 3432 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/22 04:38:04.0343 3432 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/22 04:38:04.0390 3432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/22 04:38:04.0562 3432 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/22 04:38:04.0625 3432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/22 04:38:04.0640 3432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/22 04:38:04.0656 3432 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/05/22 04:38:04.0671 3432 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

2011/05/22 04:38:04.0687 3432 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/22 04:38:04.0703 3432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/22 04:38:04.0718 3432 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/22 04:38:04.0765 3432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/22 04:38:04.0781 3432 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/22 04:38:04.0828 3432 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2011/05/22 04:38:04.0906 3432 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/22 04:38:04.0921 3432 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/22 04:38:04.0937 3432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/22 04:38:05.0015 3432 pwlyrpob (6b1eea6e251f670b21eb348d4564f476) C:\DOCUME~1\Kirja\LOCALS~1\Temp\pwlyrpob.sys

2011/05/22 04:38:05.0046 3432 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/05/22 04:38:05.0109 3432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/22 04:38:05.0125 3432 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/22 04:38:05.0156 3432 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/22 04:38:05.0156 3432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/22 04:38:05.0187 3432 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/22 04:38:05.0187 3432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/22 04:38:05.0218 3432 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/22 04:38:05.0234 3432 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/22 04:38:05.0250 3432 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/22 04:38:05.0296 3432 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys

2011/05/22 04:38:05.0312 3432 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/05/22 04:38:05.0375 3432 SandBox (a981b8e884f25701e58c55b3c44d869e) C:\WINDOWS\system32\drivers\SandBox.sys

2011/05/22 04:38:05.0406 3432 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys

2011/05/22 04:38:05.0437 3432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/22 04:38:05.0468 3432 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

2011/05/22 04:38:05.0484 3432 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/22 04:38:05.0531 3432 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/22 04:38:05.0562 3432 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

2011/05/22 04:38:05.0578 3432 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/05/22 04:38:05.0578 3432 sptd - detected LockedFile.Multi.Generic (1)

2011/05/22 04:38:05.0593 3432 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/22 04:38:05.0609 3432 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/22 04:38:05.0656 3432 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/05/22 04:38:05.0671 3432 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/22 04:38:05.0687 3432 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/22 04:38:05.0765 3432 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/22 04:38:05.0796 3432 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/22 04:38:05.0828 3432 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/22 04:38:05.0843 3432 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/22 04:38:05.0859 3432 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/22 04:38:05.0890 3432 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/22 04:38:05.0921 3432 UGURU (c3cd138762aab1797805c26bf5defcbe) C:\WINDOWS\system32\drivers\uGuru.sys

2011/05/22 04:38:05.0953 3432 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/22 04:38:05.0984 3432 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/22 04:38:06.0000 3432 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/22 04:38:06.0015 3432 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/22 04:38:06.0031 3432 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/22 04:38:06.0046 3432 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/22 04:38:06.0062 3432 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/22 04:38:06.0093 3432 VBEngNT (8dfcd62c767741576bb9cd8da9854517) C:\WINDOWS\system32\drivers\VBEngNT.sys

2011/05/22 04:38:06.0125 3432 VBFilt (442e677f49d0e310a7b0841cb880e821) C:\WINDOWS\system32\Filt\VBFilt.dll

2011/05/22 04:38:06.0156 3432 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/05/22 04:38:06.0171 3432 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/22 04:38:06.0187 3432 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/22 04:38:06.0234 3432 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/05/22 04:38:06.0265 3432 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/22 04:38:06.0328 3432 Winflash (fd5b87cd55134bf3545116dbbd45be88) C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys

2011/05/22 04:38:06.0375 3432 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/05/22 04:38:06.0390 3432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/05/22 04:38:06.0437 3432 ZD1211U(Hawking Technologies) (4fee08bf688aaf439709ac767947119e) C:\WINDOWS\system32\DRIVERS\zd1211u.sys

2011/05/22 04:38:06.0468 3432 ZDBRGSYS (f506a40dc8890f61cc6660efbecc0810) C:\WINDOWS\system32\ZDBRGSYS.SYS

2011/05/22 04:38:06.0484 3432 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS

2011/05/22 04:38:06.0625 3432 ================================================================================

2011/05/22 04:38:06.0625 3432 Scan finished

2011/05/22 04:38:06.0625 3432 ================================================================================

2011/05/22 04:38:06.0640 1312 Detected object count: 1

2011/05/22 04:38:32.0812 1312 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot

2011/05/22 04:38:32.0812 1312 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot

2011/05/22 04:38:32.0812 1312 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot

2011/05/22 04:38:32.0812 1312 LockedFile.Multi.Generic(sptd) - User select action: Delete

2011/05/22 04:38:37.0046 3224 Deinitialize success

Link to post
Share on other sites

DDS:

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Kirja at 4:46:25 on 2011-05-22

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2498 [GMT -4:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: Outpost Security Suite *Enabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

AV: Paladin Antivirus *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}

FW: Outpost Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\U-ABIT\uGuru\uGuru.exe

C:\Program Files\Hawking\HWU54D\HWU54D.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Kirja\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.evony.com/

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {F92AE24D-2C39-4C17-8324-E93E9E0A37A2} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [ABIT uGuruIII] c:\program files\u-abit\uguru\uGuru.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

mRun: [skyTel] SkyTel.EXE

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite free\feedback.exe" /dump:os_startup

mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice

StartupFolder: c:\docume~1\kirja\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hawkin~1.lnk - c:\program files\hawking\hwu54d\HWU54D.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5347/mcfscan.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\iifdEWmn

Hosts: 64.16.193.26 l2authd.lineage2.com

Hosts: 216.107.250.194 update.nprotect.com

Hosts: 216.107.250.194 nprotect.lineage2.com

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-19 11608]

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-5-19 708760]

R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2010-2-24 14592]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]

R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2011-5-19 2072592]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-5-19 339624]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-19 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-5-19 421032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-19 61960]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2011-5-19 34280]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2011-5-19 267624]

R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2011-5-19 70160]

R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-5-19 242040]

R3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2011-5-19 34096]

S3 aaudstum;aaudstum;\??\c:\docume~1\kirja\locals~1\temp\aaudstum.sys --> c:\docume~1\kirja\locals~1\temp\aaudstum.sys [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-18 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-18 30104]

S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2010-4-10 8704]

S3 pwlyrpob;pwlyrpob;c:\docume~1\kirja\locals~1\temp\pwlyrpob.sys [2011-5-18 100736]

S3 ZD1211U(Hawking Technologies);Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies);c:\windows\system32\drivers\ZD1211U.sys [2009-4-12 273408]

S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [2009-4-12 19200]

.

=============== Created Last 30 ================

.

2011-05-19 05:44:00 242040 ----a-w- c:\windows\system32\drivers\VBEngNT.sys

2011-05-19 05:43:59 708760 ----a-w- c:\windows\system32\drivers\SandBox.sys

2011-05-19 05:43:28 267624 ----a-w- c:\windows\system32\drivers\afwcore.sys

2011-05-19 05:42:06 34280 ----a-w- c:\windows\system32\drivers\afw.sys

2011-05-19 05:41:47 -------- d-----w- c:\windows\system32\Filt

2011-05-19 05:41:47 -------- d-----w- c:\program files\Agnitum

2011-05-19 05:41:47 -------- d-----w- c:\documents and settings\kirja\application data\Agnitum

2011-05-19 05:40:48 -------- d-----w- c:\documents and settings\all users\application data\Agnitum

2011-05-19 05:30:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-19 05:30:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-19 05:23:59 -------- d-----w- c:\documents and settings\kirja\application data\Avira

2011-05-19 05:17:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-19 05:17:04 -------- d-----w- c:\program files\Avira

2011-05-19 05:17:04 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-05-19 04:41:39 388096 ----a-r- c:\documents and settings\kirja\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-19 04:41:38 -------- d-----w- c:\program files\Trend Micro

2011-05-19 04:33:16 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite

2011-05-05 22:00:38 -------- d-----w- C:\LeagueOfLegends.NA.04_26_2011

.

==================== Find3M ====================

.

2011-05-18 03:56:43 98304 ----a-w- c:\windows\DUMP954a.tmp

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

.

============= FINISH: 4:47:20.17 ===============

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (Antivir and Paladin). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi.

I am using single AV program, Paladin AV is rouge malware wich i had last summer, and had help to remove it here, how ever i can not locate it anywhere.

Here is Combofix:

ComboFix 11-05-25.03 - Kirja 05/26/2011 8:37.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2544 [GMT -4:00]

Running from: c:\documents and settings\Kirja\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Kirja\Application Data\inst.exe

c:\documents and settings\Kirja\WINDOWS

c:\windows\system32\fijwkfxi.ini

c:\windows\system32\jynlddul.ini

c:\windows\system32\nmWEdfii.ini

c:\windows\system32\nmWEdfii.ini2

.

.

((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))

.

.

2011-05-22 22:28 . 2011-05-22 22:28 -------- d-----w- c:\documents and settings\UpdatusUser

2011-05-22 22:28 . 2011-05-22 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA

2011-05-22 22:28 . 2011-05-22 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2011-05-22 22:26 . 2011-05-22 22:33 259932 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-05-22 22:26 . 2011-05-22 22:33 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-05-22 22:26 . 2011-05-22 22:33 259932 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-05-22 22:25 . 2011-05-22 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2011-05-22 22:16 . 2011-05-22 22:16 -------- d-----w- c:\windows\nview

2011-05-22 21:59 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll

2011-05-22 21:59 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll

2011-05-22 21:59 . 2011-04-08 05:14 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-05-22 21:59 . 2011-04-08 05:14 2770536 ----a-w- c:\windows\system32\nvcuvid.dll

2011-05-22 21:59 . 2011-04-08 05:14 2116894 ----a-w- c:\windows\system32\nvdata.bin

2011-05-22 21:59 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-05-22 21:59 . 2011-04-08 05:14 13000704 ----a-w- c:\windows\system32\nvcompiler.dll

2011-05-22 21:55 . 2011-05-22 22:28 -------- d-----w- c:\program files\NVIDIA Corporation

2011-05-19 05:46 . 2011-05-19 05:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira

2011-05-19 05:30 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-19 05:30 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-19 05:23 . 2011-05-19 05:23 -------- d-----w- c:\documents and settings\Kirja\Application Data\Avira

2011-05-19 05:17 . 2011-04-06 12:51 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-19 05:17 . 2011-04-06 12:51 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-05-19 05:17 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-05-19 05:17 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-05-19 05:17 . 2011-05-19 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-05-19 05:17 . 2011-05-19 05:17 -------- d-----w- c:\program files\Avira

2011-05-19 04:41 . 2011-05-19 04:41 388096 ----a-r- c:\documents and settings\Kirja\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-19 04:41 . 2011-05-19 04:41 -------- d-----w- c:\program files\Trend Micro

2011-05-19 04:33 . 2011-05-19 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2011-05-05 22:00 . 2011-05-05 22:51 -------- d-----w- C:\LeagueOfLegends.NA.04_26_2011

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-18 03:56 . 2008-06-05 02:58 98304 ----a-w- c:\windows\DUMP954a.tmp

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-08 05:14 . 2008-05-03 05:46 5210112 ----a-w- c:\windows\system32\nvcuda.dll

2011-04-08 05:14 . 2007-11-06 09:30 4111232 ----a-w- c:\windows\system32\nv4_disp.dll

2011-04-08 05:14 . 2007-11-06 09:30 2027008 ----a-w- c:\windows\system32\nvapi.dll

2011-04-08 05:14 . 2007-11-06 09:30 14856192 ----a-w- c:\windows\system32\nvoglnt.dll

2011-04-08 05:14 . 2007-11-06 09:30 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-04-08 02:15 . 2011-04-08 02:15 81920 ----a-w- c:\windows\system32\nvwddi.dll

2011-04-08 02:15 . 2011-04-08 02:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-04-08 02:15 . 2011-04-08 02:15 277608 ----a-w- c:\windows\system32\nvmccs.dll

2011-04-08 02:15 . 2011-04-08 02:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll

2011-04-08 02:15 . 2011-04-08 02:15 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-04-08 02:15 . 2011-04-08 02:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe

2011-04-08 02:15 . 2011-04-08 02:15 145000 ----a-w- c:\windows\system32\nvcolor.exe

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ------w- c:\program files\opera\program\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ------w- c:\program files\opera\program\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"ABIT uGuruIII"="c:\program files\U-ABIT\uGuru\uGuru.exe" [2007-04-11 425984]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]

"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-06 281768]

"NvMediaCenter"="NvMCTray.dll" [2011-04-08 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]

.

c:\documents and settings\Kirja\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU54D\HWU54D.exe [2011-1-7 458752]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-6-11 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-26 692224]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25173:TCP"= 25173:TCP:BitComet 25173 TCP

"25173:UDP"= 25173:UDP:BitComet 25173 UDP

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"26744:TCP"= 26744:TCP:BitComet 26744 TCP

"26744:UDP"= 26744:UDP:BitComet 26744 UDP

"58188:TCP"= 58188:TCP:Pando Media Booster

"58188:UDP"= 58188:UDP:Pando Media Booster

"56370:TCP"= 56370:TCP:Pando Media Booster

"56370:UDP"= 56370:UDP:Pando Media Booster

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"6986:TCP"= 6986:TCP:League of Legends Launcher

"6986:UDP"= 6986:UDP:League of Legends Launcher

"56506:TCP"= 56506:TCP:Pando Media Booster

"56506:UDP"= 56506:UDP:Pando Media Booster

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

.

R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2/24/2010 7:46 AM 14592]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2/24/2010 6:22 AM 185472]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [5/19/2011 1:17 AM 339624]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [5/19/2011 1:17 AM 421032]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/22/2011 6:28 PM 2218600]

S3 aaudstum;aaudstum;\??\c:\docume~1\Kirja\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Kirja\LOCALS~1\Temp\aaudstum.sys [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/18/2010 9:28 PM 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/18/2010 9:28 PM 30104]

S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [4/10/2010 5:34 PM 8704]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 pwlyrpob;pwlyrpob;\??\c:\docume~1\Kirja\LOCALS~1\Temp\pwlyrpob.sys --> c:\docume~1\Kirja\LOCALS~1\Temp\pwlyrpob.sys [?]

S3 ZD1211U(Hawking Technologies);Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies);c:\windows\system32\drivers\ZD1211U.sys [4/12/2009 7:32 PM 273408]

S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [4/12/2009 7:32 PM 19200]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-26 c:\windows\Tasks\System Restore.job

- c:\windows\system32\Restore\rstrui.exe [2008-06-07 13:27]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.evony.com/

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F92AE24D-2C39-4C17-8324-E93E9E0A37A2} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe

HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe

SafeBoot-klmdb.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-26 08:44

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-57989841-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s*B*S%\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-57989841-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*

Link to post
Share on other sites

DDS:

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Kirja at 9:10:09 on 2011-05-26

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2527 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\U-ABIT\uGuru\uGuru.exe

C:\Program Files\Hawking\HWU54D\HWU54D.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Opera\opera.exe

C:\Documents and Settings\Kirja\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.evony.com/

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [ABIT uGuruIII] c:\program files\u-abit\uguru\uGuru.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [skyTel] SkyTel.EXE

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

StartupFolder: c:\docume~1\kirja\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hawkin~1.lnk - c:\program files\hawking\hwu54d\HWU54D.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5347/mcfscan.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-19 11608]

R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2010-2-24 14592]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-5-19 339624]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-19 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-5-19 421032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-19 61960]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-22 2218600]

S3 aaudstum;aaudstum;\??\c:\docume~1\kirja\locals~1\temp\aaudstum.sys --> c:\docume~1\kirja\locals~1\temp\aaudstum.sys [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-18 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-18 30104]

S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2010-4-10 8704]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 pwlyrpob;pwlyrpob;\??\c:\docume~1\kirja\locals~1\temp\pwlyrpob.sys --> c:\docume~1\kirja\locals~1\temp\pwlyrpob.sys [?]

S3 ZD1211U(Hawking Technologies);Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies);c:\windows\system32\drivers\ZD1211U.sys [2009-4-12 273408]

S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [2009-4-12 19200]

.

=============== Created Last 30 ================

.

2011-05-26 12:34:35 -------- d-sha-r- C:\cmdcons

2011-05-26 12:30:35 98816 ----a-w- c:\windows\sed.exe

2011-05-26 12:30:35 89088 ----a-w- c:\windows\MBR.exe

2011-05-26 12:30:35 256512 ----a-w- c:\windows\PEV.exe

2011-05-26 12:30:35 161792 ----a-w- c:\windows\SWREG.exe

2011-05-22 22:28:01 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation

2011-05-22 22:26:54 259932 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-05-22 22:26:54 259932 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-05-22 22:26:54 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-05-22 22:16:09 -------- d-----w- c:\windows\nview

2011-05-22 21:59:32 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll

2011-05-22 21:59:32 855656 ----a-w- c:\windows\system32\nvgenco322060.dll

2011-05-22 21:59:32 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-05-22 21:59:32 2770536 ----a-w- c:\windows\system32\nvcuvid.dll

2011-05-22 21:59:32 2116894 ----a-w- c:\windows\system32\nvdata.bin

2011-05-22 21:59:32 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-05-22 21:59:31 13000704 ----a-w- c:\windows\system32\nvcompiler.dll

2011-05-22 21:55:14 -------- d-----w- c:\program files\NVIDIA Corporation

2011-05-19 05:30:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-19 05:30:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-19 05:23:59 -------- d-----w- c:\documents and settings\kirja\application data\Avira

2011-05-19 05:17:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-19 05:17:04 -------- d-----w- c:\program files\Avira

2011-05-19 05:17:04 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-05-19 04:41:39 388096 ----a-r- c:\documents and settings\kirja\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-19 04:41:38 -------- d-----w- c:\program files\Trend Micro

2011-05-19 04:33:16 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite

2011-05-05 22:00:38 -------- d-----w- C:\LeagueOfLegends.NA.04_26_2011

.

==================== Find3M ====================

.

2011-05-18 03:56:43 98304 ----a-w- c:\windows\DUMP954a.tmp

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-08 05:14:00 5210112 ----a-w- c:\windows\system32\nvcuda.dll

2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll

2011-04-08 05:14:00 2027008 ----a-w- c:\windows\system32\nvapi.dll

2011-04-08 05:14:00 14856192 ----a-w- c:\windows\system32\nvoglnt.dll

2011-04-08 05:14:00 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-04-08 02:15:38 81920 ----a-w- c:\windows\system32\nvwddi.dll

2011-04-08 02:15:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-04-08 02:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll

2011-04-08 02:15:34 13891176 ----a-w- c:\windows\system32\nvcpl.dll

2011-04-08 02:15:34 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-04-08 02:15:32 155752 ----a-w- c:\windows\system32\nvsvc32.exe

2011-04-08 02:15:32 145000 ----a-w- c:\windows\system32\nvcolor.exe

.

============= FINISH: 9:10:30.53 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for BitComet and anything else you have installed.

Link to post
Share on other sites

Hi, Well i haven't used Bitcoment in awhile, since i do not have much space on HD to dl anything, and since i do like play games some games like ( Dragon age) e.t.c req alot of space, just never thought of uninstaling it before, Wich els program's u'd like me to remove?

Link to post
Share on other sites

  • Staff

Hi,

That's all, thank you.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi.

Eset:

# utc_time=2011-06-02 08:33:36

# local_time=2011-06-02 04:33:36 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 299066 299066 0 0

# compatibility_mode=1792 16777175 100 0 296940 296940 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=100355

# found=23

# cleaned=23

# scan_time=2852

C:\Documents and Settings\Kirja\Local Settings\Application Data\Opera\Opera\temporary_downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\fijwkfxi.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\jynlddul.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\nmWEdfii.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\nmWEdfii.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP500\A0084604.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP502\A0091687.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP513\A0093241.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP513\A0093242.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP513\A0093243.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099825.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099826.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099827.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099828.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099829.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099830.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP520\A0100363.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.12

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Premium

ESET Online Scanner v3

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 13

Out of date Java installed!

Adobe Flash Player

Adobe Reader 8.1.1

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Link to post
Share on other sites

Hello, well Pc seemce to work ok , had issue not long ago where it just freeze.

Couldn't open Add/remove program ( well it opened 1 minet after i double click)

Start > turn off ( was on delay aswell 1-2 minets)

Happened after i installed game AION.

Found program named (jv16 PowerTools 2011) belive it was fixed.

Looks like i need to do some updates.

Yea i belive computer working fine.

Also i still have such programs installed as Combofix and some others. ( not sure if its safe to uninstall them)

Not sure if its right, but my arrow keys not working when i try to switch to safe mode or use last best setting for windows.

Link to post
Share on other sites

  • Staff

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

Hello, sorry for answearing so late, busy with work, Removed Combofix and programs u mention, and installed new one.

Will do service pack 3, as soon as i get more free time.

Changes to pc after changes.

Start> control Panel > add remove programs ( takes forever to open)

Also noticed > System > Automatic updates ( also takes forecer to open)

Start> Turn ofF computer ( also on delay)

Will use jv16 PowerTools 2011 again might fix it as last time.

Link to post
Share on other sites

  • Staff

Hi,

Before you do anything else, do the Service Pack 3 update.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

Hi, almost did all steps u said , just still waiting for sp3, and going to do defragmenting to day. Pc seemce to work fine, old problems fixed, and no trace of a problems. Will look more in to pitstop when i get more time to night.

Thank you for helping ^.^ hope i get sp3 soon, think i did not update windows for 2 years lol.

Link to post
Share on other sites

Hi again, after Ccleaner i feel little bit changes, can't say in good way, had blue screen of death and when machine starts it feels as same as i got malware.

Scan saved at 4:42:47 PM, on 6/15/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\U-ABIT\uGuru\uGuru.exe

C:\Program Files\Hawking\HWU54D\HWU54D.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Opera\opera.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\uGuru\uGuru.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-57989841-2049760794-682003330-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU54D\HWU54D.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5347/mcfscan.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: ??????????? Avira AntiVir (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--

End of file - 8605 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.