1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive IE having prob, suspected virus

Discussion in 'Malware and Virus Removal Archive' started by synchrox, 2010/10/01.

Thread Status:
Not open for further replies.
  1. 2010/10/01
    synchrox

    synchrox Inactive Thread Starter

    Joined:
    2010/04/30
    Messages:
    37
    Likes Received:
    0
    synchrox,
    #1
  2. 2010/10/01
    synchrox

    synchrox Inactive Thread Starter

    Joined:
    2010/04/30
    Messages:
    37
    Likes Received:
    0
    DDS.txt



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Shifeng at 22:51:09.11 on Fri 01/10/2010
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.65.1033.18.3070.1593 [GMT 8:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Windows\System32\nvraidservice.exe
    D:\Program Files\Razer\Salmosa\razerhid.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    D:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    D:\Program Files\Razer\Salmosa\razertra.exe
    D:\Program Files\Razer\Salmosa\razerofa.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\Steam\Steam.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Steam\SteamService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\WUDFHost.exe
    D:\pipi\PIPIPlayer.exe
    C:\Users\Shifeng\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shifeng\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Shifeng\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Shifeng\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.facebook.com/
    mStart Page = hxxp://en.sg.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: PIPI Link Helper: {1a3440c6-f123-4cab-84ee-c814e1ae0d8f} - d:\pipi\JfCheck.dll
    BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: installnetworkworld: {9ee9dd02-e014-4b13-125a-f693a0f1dd44} - c:\windows\system32\M6bWv2P3xmxL_.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper
    BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - Google Toolbar Notifier BHO
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - No File
    BHO: XBTBPos00: {fcbccb87-9224-4b8d-b117-f56d924beb18} - Fast Browser Search Toolbar Helper
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
    TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [BitTorrent] "d:\program files\bittorrent\bittorrent.exe "
    uRun: [Google Update] "c:\users\shifeng\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
    mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
    mRun: [Salmosa] d:\program files\razer\salmosa\razerhid.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe "
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe "
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini "
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [jfproc] d:\pipi\jfCacheMgr.exe /background
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe "
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\ASETRES.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier/ChocolatierWeb.1.0.0.13.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-sg.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-sg.cab
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    AppInit_DLLs: c:\windows\system32\avgrsstx.dll,avgrsstx.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-23 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-23 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-23 243024]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-3-17 269448]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-16 176128]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-9-16 6380032]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-16 221696]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-9-16 99344]
    R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-16 552448]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2006-8-6 42528]
    R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [2008-12-18 9344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-23 430152]
    S3 GarenaPEngine;GarenaPEngine;c:\users\shifeng\appdata\local\temp\IIY2304.tmp [2010-8-17 25616]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
    S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2008-3-17 341504]
    S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2009-5-19 227072]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2010-7-16 75776]

    =============== Created Last 30 ================

    2010-09-30 23:25:37 0 d-----w- c:\users\shifeng\appdata\roaming\OpenCandy
    2010-09-29 13:33:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-16 13:35:27 0 d-----w- c:\programdata\ATI
    2010-09-16 13:27:10 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-09-16 13:27:06 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-09-16 13:27:06 221696 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2010-09-16 13:27:03 52736 ----a-w- c:\windows\system32\atimpc32.dll
    2010-09-16 13:27:03 52736 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-09-16 13:26:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
    2010-09-16 13:26:32 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-09-16 13:26:19 76216 ----a-w- c:\windows\system32\atiapfxx.blb
    2010-09-16 13:25:32 3914240 ----a-w- c:\windows\system32\atidxx32.dll
    2010-09-16 13:25:26 99344 ----a-w- c:\windows\system32\drivers\AtihdLH3.sys
    2010-09-16 13:25:25 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-09-16 13:25:21 278528 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-09-16 13:23:47 30208 ----a-w- c:\windows\system32\atiuxpag.dll
    2010-09-16 13:23:44 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-09-16 13:23:07 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2010-09-16 13:22:46 6380032 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-09-16 13:22:46 19968 ----a-w- c:\windows\system32\atigktxx.dll
    2010-09-16 13:22:45 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2010-09-16 13:22:36 4375552 ----a-w- c:\windows\system32\aticaldd.dll
    2010-09-16 13:22:27 583888 ----a-w- c:\windows\system32\atiumdva.cap
    2010-09-16 13:22:20 241664 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-09-16 13:22:19 380928 ----a-w- c:\windows\system32\atieclxx.exe
    2010-09-16 13:22:19 15830016 ----a-w- c:\windows\system32\atioglxx.dll
    2010-09-16 13:22:15 176128 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-09-16 13:22:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2010-09-16 13:21:59 21866 ----a-w- c:\windows\atiogl.xml
    2010-09-16 13:21:21 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-09-16 13:21:13 219348 ----a-w- c:\windows\system32\atiicdxx.dat
    2010-09-15 12:50:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-09-15 12:50:40 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-09-15 12:50:39 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-15 12:50:38 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-05 03:57:16 0 d-----w- c:\program files\iPod
    2010-09-02 14:09:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
    2010-09-02 14:09:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-09-02 14:09:05 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
    2010-09-02 14:09:04 4052 ----a-w- c:\windows\system32\wbem\Wdf01000.mof
    2010-09-02 14:09:04 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2010-09-02 14:09:04 118 ----a-w- c:\windows\system32\wbem\Wdf01000Uninstall.mof
    2010-09-02 14:09:03 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

    ==================== Find3M ====================

    2010-09-16 13:33:24 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-09-16 13:33:24 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-09-16 13:33:22 143360 ----a-w- c:\windows\inf\infstor.dat
    2010-09-16 13:26:46 4032512 ----a-w- c:\windows\system32\atiumdag.dll
    2010-09-16 13:26:30 65536 ----a-w- c:\windows\system32\coinst.dll
    2010-09-16 13:23:48 3392000 ----a-w- c:\windows\system32\atiumdva.dll
    2010-09-16 13:22:17 28160 ----a-w- c:\windows\system32\atiu9pag.dll
    2010-09-16 13:21:50 23040 ----a-w- c:\windows\system32\atitmpxx.dll
    2010-09-16 13:21:43 528384 ----a-w- c:\windows\system32\aticfx32.dll
    2010-07-16 21:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-15 23:05:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-25 11:59:41 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2010-06-02 08:23:19 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
    2010-06-02 08:23:19 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
    2010-06-02 08:23:19 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

    ============= FINISH: 22:52:52.51 ===============
     
    synchrox,
    #2


  3. to hide this advert.

  4. 2010/10/01
    synchrox

    synchrox Inactive Thread Starter

    Joined:
    2010/04/30
    Messages:
    37
    Likes Received:
    0
    Attach.txt



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 21/8/2008 19:24:00
    System Uptime: 10/1/2010 07:02:04 (6351 hours ago)

    Motherboard: ACER | | MCP73PV
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | SOCKET775 M/B | 2403/267mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 144 GiB total, 28.239 GiB free.
    D: is FIXED (NTFS) - 144 GiB total, 53.163 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    L: is FIXED (NTFS) - 932 GiB total, 657.941 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&8CB234F&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&8CB234F&0
    Service: i8042prt

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: PCI\VEN_10DE&DEV_07DC&SUBSYS_01371025&REV_A2\3&267A616A&0&78
    Manufacturer: NVIDIA
    Name: NVIDIA nForce Networking Controller
    PNP Device ID: PCI\VEN_10DE&DEV_07DC&SUBSYS_01371025&REV_A2\3&267A616A&0&78
    Service: NVENETFD

    ==== System Restore Points ===================

    RP680: 10/9/2010 17:41:52 - Scheduled Checkpoint
    RP681: 13/9/2010 14:29:45 - Scheduled Checkpoint
    RP682: 15/9/2010 20:54:26 - Windows Update
    RP683: 16/9/2010 21:30:26 - Device Driver Package Install: ATI Technologies Inc. Display adapters
    RP684: 16/9/2010 21:32:33 - Device Driver Package Install: ATI Sound, video and game controllers
    RP685: 17/9/2010 22:11:46 - Scheduled Checkpoint
    RP686: 18/9/2010 12:30:04 - Scheduled Checkpoint
    RP688: 24/9/2010 21:11:46 - Avg Update
    RP690: 24/9/2010 21:13:51 - Avg Update
    RP691: 26/9/2010 09:22:21 - Scheduled Checkpoint
    RP692: 27/9/2010 18:25:18 - Scheduled Checkpoint
    RP693: 29/9/2010 22:03:36 - Windows Update
    RP694: 1/10/2010 07:27:53 - Installed Registry Reviver.
    RP695: 1/10/2010 07:35:28 - Registry Reviver Backup

    ==== Installed Programs ======================


    Acer Arcade Live Main Page
    Acer DV Magician
    Acer DVDivine
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer ePerformance Management
    Acer eSettings Management
    Acer HomeMedia
    Acer HomeMedia Connect
    Acer HomeMedia Trial Creator
    Acer ScreenSaver
    Acer SlideShow DVD
    Acer VideoMagician
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.4
    Advertising Center
    Age of Chivalry
    Alien Swarm
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    AVG Free 9.0
    Belkin F5D8053 N Wireless USB Adapter
    BitTorrent
    Bonjour
    Brother MFL-Pro Suite DCP-145C
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    Command & Conquerâ„¢ 4 Tiberian Twilight
    Condition Zero
    DivX Plus DirectShow Filters
    DivX Version Checker
    DolbyFiles
    Garena 2010
    Ghostbusters: The Video Game
    Google Chrome
    Google Toolbar for Internet Explorer
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Junk Mail filter update
    Left 4 Dead
    LightScribe 1.4.142.1
    Media Player Codec Pack 3.2.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MobileMe Control Panel
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    Nero ControlCenter
    Nero Installer
    Nokia_Multimedia_Common_Components_2_5
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    NVIDIA Drivers
    NVIDIA PhysX v8.09.04
    OGA Notifier 2.0.0048.0
    PaperPort Image Printer
    PC Connectivity Solution
    PIPI 2.7.0.0
    QuickTime
    Razer Salmosa
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    ScanSoft PaperPort 11
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    StarCraft II
    Steam
    Team Fortress 2
    The KMPlayer (remove only)
    The Lord of the Rings FREE Trial
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Winamp
    Winamp Toolbar for Firefox
    Winamp Toolbar for Internet Explorer
    WinAVI MP4 Converter
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    26/9/2010 20:54:22, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001CDF927DBF. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    25/9/2010 22:39:01, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 001CDF927DBF has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    25/9/2010 22:18:44, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001CDF927DBF has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    1/10/2010 20:55:32, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001CDF927DBF. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    1/10/2010 07:25:01, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/10/2010 07:25:01, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.

    ==== End Of File ===========================
     
    synchrox,
    #3
  5. 2010/10/01
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #4
  6. 2010/10/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You abandoned malware topic in the past: http://www.windowsbbs.com/malware-virus-removal/92747-active-i-think-i-have-malware.html
    If it happens again in this topic, you'll never be able to receive any more help in malware forum.

    =================================================================

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...