Bottle Posted June 2, 2011 ID:436028 Share Posted June 2, 2011 I have AVG8.5 and keep getting spammed by the resident shield alert (its alerting me to random files, not infected ones (i think)). Scans with malwarebyes initially turned up stuff and i asked malwarebytes to get rid of them but now i still get spammed with the resident shield alert and malwarebytes turns up nothing.I have disabled CD Emulation drivers using DeFrogger, posted the malwarbytes log file, the DDS log file and attached the ARK + attach.txt file as the zip. Please let me know what to do next =((On a side not i even tried booting up in safe mode but for some reason couldnt, the computer would reset itself when loading the drivers dunno if this is an issue with hardware or windows or the virus... eeek)Thanks for your timeLatest malwarebyte log:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6711Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.218002/06/2011 14:28:30mbam-log-2011-06-02 (14-28-30).txtScan type: Quick scanObjects scanned: 170980Time elapsed: 11 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS log:.DDS (Ver_2011-06-01.06) - NTFSx86 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16Run by Family at 14:40:32 on 2011-06-02Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3327.2682 [GMT 1:00].AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\nikuopco\voyhysif.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft IntelliType Pro\dpupdchk.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\NETGEAR\WG111v2\WG111v2.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\Program Files\Wireless USB\Installer\WINXP\USB Wireless Client Utility.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Family\Start Menu\Programs\Startup\voyhysif.exeC:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.uk/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/iemDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dllmWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\nikuopco\voyhysif.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dlluRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exeuRun: [kdx] c:\program files\kontiki\KHost.exe -alluRun: [Google Update] "c:\documents and settings\family\local settings\application data\google\update\GoogleUpdate.exe" /cmRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exemRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exemRun: [4oD] "c:\program files\kontiki\KHost.exe" -allmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kdRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\family\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exeStartupFolder: c:\documents and settings\family\start menu\programs\startup\voyhysif.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\usbwir~1.lnk - c:\program files\wireless usb\installer\winxp\USB Wireless Client Utility.exeIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241866501187DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241866465796DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{402BFE5E-C7C0-42BC-904D-66C08367C46B} : DhcpNameServer = 192.168.2.1TCP: Interfaces\{699F77A0-B40F-4CDC-AC3C-0B7B089AD956} : DhcpNameServer = 143.167.2.110 143.167.252.110Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dllNotify: avgrsstarter - avgrsstx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\family\application data\mozilla\firefox\profiles\uspkhstn.default user\FF - plugin: c:\documents and settings\family\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll.============= SERVICES / DRIVERS ===============.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-9 64160]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-9 335240]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-9 27784]R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-9 108552]R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-9 908056]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-9 297752]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-11-12 37376]S2 gupdate1c9de3611da34c9;Google Update Service (gupdate1c9de3611da34c9);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-11-9 947528]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-17 25832]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808].=============== Created Last 30 ================.2011-06-02 01:01:49 -------- d-----w- c:\program files\nikuopco2011-06-02 01:01:31 277485 ----a-w- c:\program files\mozilla firefox\0.20790929619252863.exe2011-05-29 12:03:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-27 20:17:48 -------- d-----w- c:\documents and settings\family\application data\Malwarebytes2011-05-27 20:17:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-27 20:17:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-05-27 20:17:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-27 20:17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-05-14 12:53:13 -------- d-----w- c:\program files\Mount&Blade Warband2011-05-06 18:36:26 -------- d-----w- c:\documents and settings\family\application data\Mount&Blade Warband.==================== Find3M ====================..============= FINISH: 14:41:14.62 ===============ark.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted June 4, 2011 Staff ID:436894 Share Posted June 4, 2011 Hi and welcome to Malwarebytes.FYI your version of AVG is ancient. Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
Bottle Posted June 5, 2011 Author ID:437119 Share Posted June 5, 2011 Thanks for the reply!Ive uninstalled the old avg, it had problems with combofix and disabling it didn't seem to be enough. will install the latest one once my PC is clean.Here is the new malwarebytes log:Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6775Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.218005/06/2011 18:07:18mbam-log-2011-06-05 (18-07-18).txtScan type: Quick scanObjects scanned: 157404Time elapsed: 2 minute(s), 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Here is the combofix log:ComboFix 11-06-04.02 - PAJ 05/06/2011 2:08.2.4 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3327.2878 [GMT 1:00]Running from: c:\documents and settings\PAJ\My Documents\Downloads\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\CFLogc:\documents and settings\Family\Application Data\Adobe\plugsc:\documents and settings\Family\Application Data\Adobe\shed..((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))..2011-05-29 12:03 . 2011-05-29 12:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-27 20:17 . 2011-05-27 20:17 -------- d-----w- c:\documents and settings\Family\Application Data\Malwarebytes2011-05-27 20:17 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-27 20:17 . 2011-05-27 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-05-27 20:17 . 2011-06-04 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-05-27 20:17 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-14 12:53 . 2011-06-04 16:57 -------- d-----w- c:\program files\Mount&Blade Warband2011-05-06 18:36 . 2011-05-07 02:08 -------- d-----w- c:\documents and settings\Family\Application Data\Mount&Blade Warband...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-04-29 12:47 . 2011-04-09 21:06 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2008-09-29 16:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000].[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000].[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files\Steam\Steam.exe" [2011-03-26 1242448]"gStart"="c:\garmin\gStart.exe" [2006-09-06 1891416]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-26 39408]"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2009-05-08 16862720]"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-26 149280]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]"nwiz"="nwiz.exe" [2008-02-28 1626112]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-28 86016].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360].c:\documents and settings\Family\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A].c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]USB Wireless Client Utility.lnk - c:\program files\Wireless USB\Installer\WINXP\USB Wireless Client Utility.exe [2009-5-21 598016].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Games\\Dragon Age\\bin_ship\\daorigins.exe"="c:\\Program Files\\Games\\Dragon Age\\DAOriginsLauncher.exe"="c:\\Program Files\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"="c:\\Program Files\\Steam\\steamapps\\common\\empire total war demo\\Empire.exe"="c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Riot GamesUS\\League of Legends\\air\\LolClient.exe"="c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\Shogun2.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"56801:TCP"= 56801:TCP:Pando Media Booster"56801:UDP"= 56801:UDP:Pando Media Booster"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"57523:TCP"= 57523:TCP:Pando Media Booster"57523:UDP"= 57523:UDP:Pando Media Booster"8395:TCP"= 8395:TCP:League of Legends Launcher"8395:UDP"= 8395:UDP:League of Legends Launcher"8396:TCP"= 8396:TCP:League of Legends Launcher"8396:UDP"= 8396:UDP:League of Legends Launcher"6907:TCP"= 6907:TCP:League of Legends Launcher"6907:UDP"= 6907:UDP:League of Legends Launcher"6886:TCP"= 6886:TCP:League of Legends Launcher"6886:UDP"= 6886:UDP:League of Legends Launcher"8381:TCP"= 8381:TCP:League of Legends Launcher"8381:UDP"= 8381:UDP:League of Legends Launcher"6911:TCP"= 6911:TCP:League of Legends Launcher"6911:UDP"= 6911:UDP:League of Legends Launcher"6931:TCP"= 6931:TCP:League of Legends Launcher"6931:UDP"= 6931:UDP:League of Legends Launcher"6967:TCP"= 6967:TCP:League of Legends Launcher"6967:UDP"= 6967:UDP:League of Legends Launcher"6955:TCP"= 6955:TCP:League of Legends Launcher"6955:UDP"= 6955:UDP:League of Legends Launcher"6973:TCP"= 6973:TCP:League of Legends Launcher"6973:UDP"= 6973:UDP:League of Legends Launcher.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [09/05/2009 22:10 64160]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [12/11/2008 14:54 37376]S2 gupdate1c9de3611da34c9;Google Update Service (gupdate1c9de3611da34c9);c:\program files\Google\Update\GoogleUpdate.exe [26/05/2009 20:13 133104]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1029456]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [17/12/2009 16:44 25832]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/05/2009 20:13 133104]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/07/2009 22:24 721904].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WUAUSERV.Contents of the 'Scheduled Tasks' folder.2011-06-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:42].2011-06-05 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-26 19:12].2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 19:13].2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 19:13].2011-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1383384898-839522115-1003Core.job- c:\documents and settings\PAJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-08 19:33].2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1383384898-839522115-1003UA.job- c:\documents and settings\PAJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-08 19:33].2011-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1383384898-839522115-1004Core.job- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-31 22:54].2011-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1383384898-839522115-1004UA.job- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-31 22:54]..------- Supplementary Scan -------.uStart Page = hxxp://www.ask.com/?o=101760&l=disuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200TCP: DhcpNameServer = 192.168.2.1FF - ProfilePath - c:\documents and settings\PAJ\Application Data\Mozilla\Firefox\Profiles\nhu1w0lu.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=.- - - - ORPHANS REMOVED - - - -.Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exeHKCU-Run-kdx - c:\program files\Kontiki\KHost.exeHKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exeHKLM-Run-4oD - c:\program files\Kontiki\KHost.exeHKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exeAddRemove-InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498} - c:\program files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exeAddRemove-InstallShield_{E0F252A6-DE85-4E93-A93B-DFC3537B3965} - c:\progra~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exeAddRemove-InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217} - c:\program files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exeAddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Nero\Nero 7\nero\uninstall\UNNERO.exeAddRemove-Red Alert 2 - c:\westwood\RA2\Uninstll.EXEAddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exeAddRemove-{7F89B388-0D57-4028-8E7D-C8B10ED126C5} - c:\program files\InstallShield Installation Information\{7F89B388-0D57-4028-8E7D-C8B10ED126C5}\setup.exeAddRemove-{918A9082-6287-4D25-9002-5E5D5E4971CB} - c:\program files\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exeAddRemove-{92606477-9366-4D3B-8AE3-6BE4B29727AB} - c:\program files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exeAddRemove-BitTorrent - c:\program files\BitTorrent\uninst.exeAddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-06-05 02:17Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(724)c:\windows\system32\RtlGina2.dll.- - - - - - - > 'explorer.exe'(2544)c:\windows\system32\msi.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2011-06-05 02:23:29ComboFix-quarantined-files.txt 2011-06-05 01:23.Pre-Run: 132,900,556,800 bytes freePost-Run: 159,457,329,152 bytes free.- - End Of File - - 81FE5A755BDA5891FD3BB627E11F5231Here is the new dds log:.DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16Run by PAJ at 18:10:54 on 2011-06-05Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3327.2431 [GMT 1:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Microsoft IntelliType Pro\dpupdchk.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Garmin\gStart.exeC:\Program Files\NETGEAR\WG111v2\WG111v2.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\PAJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\PAJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\PAJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\PAJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.ask.com/?o=101760&l=disuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%smURLSearchHooks: H - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dlluRun: [steam] "c:\program files\steam\Steam.exe" -silentuRun: [gStart] c:\garmin\gStart.exeuRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exeuRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorunmRun: [RTHDCPL] RTHDCPL.EXEmRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitdRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\usbwir~1.lnk - c:\program files\wireless usb\installer\winxp\USB Wireless Client Utility.exeIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241866501187DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241866465796DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{402BFE5E-C7C0-42BC-904D-66C08367C46B} : DhcpNameServer = 192.168.2.1TCP: Interfaces\{699F77A0-B40F-4CDC-AC3C-0B7B089AD956} : DhcpNameServer = 143.167.2.110 143.167.252.110SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\paj\application data\mozilla\firefox\profiles\nhu1w0lu.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=FF - plugin: c:\documents and settings\paj\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll.============= SERVICES / DRIVERS ===============.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-9 64160]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-11-12 37376]S2 gupdate1c9de3611da34c9;Google Update Service (gupdate1c9de3611da34c9);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-17 25832]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808].=============== Created Last 30 ================.2011-06-05 17:04:32 -------- d-----w- c:\documents and settings\paj\application data\Malwarebytes2011-06-05 00:57:29 -------- d-sha-r- C:\cmdcons2011-06-05 00:52:57 208896 ----a-w- c:\windows\MBR.exe2011-06-05 00:52:56 98816 ----a-w- c:\windows\sed.exe2011-06-05 00:52:56 518144 ----a-w- c:\windows\SWREG.exe2011-06-05 00:52:56 256512 ----a-w- c:\windows\PEV.exe2011-06-05 00:32:32 -------- d--h--w- c:\documents and settings\all users\application data\Common Files2011-06-05 00:25:31 -------- d-----w- C:\$AVG2011-06-05 00:20:15 -------- d-----w- c:\documents and settings\all users\application data\MFAData2011-05-29 12:03:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-27 20:17:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-27 20:17:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-05-27 20:17:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-27 20:17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-05-14 12:53:13 -------- d-----w- c:\program files\Mount&Blade Warband.==================== Find3M ====================..============= FINISH: 18:11:02.29 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted June 8, 2011 Staff ID:438210 Share Posted June 8, 2011 Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Bottle Posted June 10, 2011 Author ID:439280 Share Posted June 10, 2011 Hey Chris,The online ESET virus scanner seemed to pick things up. posted its log below along with the security check log. Im no longer getting the resident alert spam but that stopped after i uninstalled AVG (to run combofix). Im not getting anymore obvious pop ups but i still have the CD emulation drivers disabled with the defrogger. Do you think its safe to reactivate them? Am i clean now?Thanks so much for the help btw, im guessing im almost clean now?ESET log:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)# OnlineScanner.ocx=1.0.0.6526# api_version=3.0.2# EOSSerial=79525a9ff247dd4b97fd8ffadf45b61c# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-06-10 09:07:10# local_time=2011-06-10 10:07:10 (+0000, GMT Daylight Time)# country="United Kingdom"# lang=9# osver=5.1.2600 NT Service Pack 2# compatibility_mode=8192 67108863 100 0 79 79 0 0# scanned=173986# found=15# cleaned=15# scan_time=4666C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\34\37db3fe2-5cdaefe0 Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\51\3df04333-67c2616c a variant of Win32/Kryptik.ONR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\51\3df04333-7efcf51a a variant of Win32/Kryptik.ONR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\62\2bc3143e-7670a15a a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Program Files\Activision\Call of Duty 4 - Modern Warfare\pb\htm\wc002180.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Activision\Call of Duty 4 - Modern Warfare\pb\htm\wc002191.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Activision\Call of Duty 4 - Modern Warfare\pb\htm\wc002193.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Activision\Call of Duty 4 - Modern Warfare\pb\htm\wc002200.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Activision\Call of Duty 4 - Modern Warfare\pb\htm\wc002203.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Activision\Call of Duty 4 - Modern Warfare\pb\htm\wc002207.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Activision\Call of Duty 4 - Modern Warfare\pb\htm\wc002217.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Activision\Call of Duty 4 - Modern Warfare\pb\htm\wc002219.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Electronic Arts\Battlefield Bad Company 2\pb\htm\wc002158.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Electronic Arts\Battlefield Bad Company 2\pb\htm\wc002220.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Program Files\Electronic Arts\Battlefield Bad Company 2\pb\htm\wc002237.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 CSecurity check log: Results of screen317's Security Check version 0.99.13 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware Java 6 Update 16 Out of date Java installed! Adobe Flash Player 10.3.181.14 Adobe Reader 9.1 Out of date Adobe Reader installed! Mozilla Firefox (x86 en-GB..) ```````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! ``````````End of Log```````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted June 13, 2011 Staff ID:440300 Share Posted June 13, 2011 I'm afraid I have some very bad news...The infection that you can see in the Kaspersky scan, Win32/Ramnit.A is what we call a file-infector.These are particularly malicious, in that they infect all of your legitimate programs.The problem is... the virus is very buggy, so it does not do a good job of infecting your files, so any attempt to disinfect and possibly save your files would be futile, in that, due to the buggy virus, we cannot properly disinfect your files.What I highly recommend now is a reformat and a reinstallation of Windows XP.Please let me know if you are prepared to do so.You may backup and save all files except programs (meaning pictures and documents are okay), because if you backup any applications, they will transfer to your clean system, and you will be reinfected.So, with that said, do you have your Windows XP CD? Link to post Share on other sites More sharing options...
Staff screen317 Posted June 24, 2011 Staff ID:444945 Share Posted June 24, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts