Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

repost:Virus removal help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

repost:Virus removal help please

Unread postby missminxtress » September 11th, 2010, 3:13 pm

I have had a malware/phishing virus on my comp for a while now. I can not get rid of it no matter what I or my tech friends do.
I have performed a full re-install but it hid out somewhere.
I have tried to remove it to no avail.

Name: CAPTUR~4.EXE (2 appear in task manager, if you try to end the process there it multiplies0
Found in folder: C/Windows/Prefetch

I have listed here All the log files I have been asked to do
HijackThis
Uninstall list
MBAM
OTL
Extras
GMER



Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:51:10 PM, on 9/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinTV\WinTV7\WinTVTray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\WinTV\WinTV7\WinTV7Rec.exe
C:\Documents and Settings\Sx\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\WinTV\WinTV7\WinTV7.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: BBC iPlayer Desktop.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinTV Recording Status..lnk = C:\Program Files\WinTV\WinTV7\WinTVTray.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5504 bytes

Uninstall Log:

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
AVG Free 9.0
BBC Clock Screen Saver
BBC Globe Screen Saver
BBC iPlayer Desktop
BBC iPlayer Desktop
Belarc Advisor 8.1
CCleaner
CDDRV_Installer
DAEMON Tools Toolbar
Defraggler
DivX Setup
Giganews Accelerator
Google Talk Plugin
Hauppauge WinTV 7
Hauppauge WinTV Infrared Remote
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java(TM) 6 Update 21
KhalInstallWrapper
K-Lite Mega Codec Pack 4.9.0
Logitech SetPoint
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
NewsBin for Giganews
NVIDIA Drivers
NVIDIA nView Desktop Manager
O2 Cocoon Driver
OLYMPUS Master 2
PC Suite
PeerGuardian 2.0
PolarClock3 Screen Saver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Spotify
Spybot - Search & Destroy
Spyware Terminator
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.5
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB896626
XPC Tools

MBAM Log:
First scan revealed and removed 5 problems but not the main one I am trying to remove CAPTUR~4EXE
Second scan (today) revealed 1 problem, removed.
Still not found main issue.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4570

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9/11/2010 4:26:02 PM
mbam-log-2010-09-11 (16-26-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 180668
Time elapsed: 29 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\System Volume Information\_restore{E7D9C927-A8D2-4A97-AF13-D0B6B102F556}\RP74\A0019492.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.


OTL Log:

OTL logfile created on: 9/11/2010 4:35:06 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Sx\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 293.72 Gb Free Space | 63.06% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 23.44 Gb Free Space | 2.52% Space Free | Partition Type: NTFS
Drive E: | 56.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAGICBOX
Current User Name: Sx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Sx\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\WinTV\TVServer\CaptureGenUSB.exe (Hauppauge Computer Works)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
PRC - C:\Documents and Settings\Sx\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Sx\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\Program Files\NVIDIA Corporation\nView\nvwimg.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nView.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Inc.)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HauppaugeTVServer) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HCW99BDA) -- C:\WINDOWS\system32\drivers\hcw99bda.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw99rc) -- C:\WINDOWS\system32\drivers\hcw99rc.sys (Hauppauge Computer Works, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (ptO2_prt) -- C:\WINDOWS\system32\drivers\ptO2_prt.sys (PANTECH)
DRV - (ptO2_mdm) -- C:\WINDOWS\system32\drivers\ptO2_mdm.sys (PANTECH)
DRV - (ptO2_bus) -- C:\WINDOWS\system32\drivers\ptO2_bus.sys (PANTECH)
DRV - (ptO2_flt) -- C:\WINDOWS\system32\drivers\ptO2_flt.sys (PANTECH)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-854245398-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-854245398-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-854245398-484763869-839522115-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-854245398-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002


FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/09/11 14:11:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/09 17:23:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 17:23:34 | 000,000,000 | ---D | M]

[2010/04/16 16:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sx\Application Data\Mozilla\Extensions
[2010/09/11 16:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sx\Application Data\Mozilla\Firefox\Profiles\2syy4iso.default\extensions
[2010/04/28 20:40:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sx\Application Data\Mozilla\Firefox\Profiles\2syy4iso.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 18:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sx\Application Data\Mozilla\Firefox\Profiles\2syy4iso.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/07/19 21:25:10 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Sx\Application Data\Mozilla\Firefox\Profiles\2syy4iso.default\searchplugins\daemon-search.xml
[2010/09/11 16:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 18:32:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 13:31:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/02/28 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-854245398-484763869-839522115-1003\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-854245398-484763869-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-854245398-484763869-839522115-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-854245398-484763869-839522115-1003..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk = C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
O4 - Startup: C:\Documents and Settings\Sx\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Sx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/16 15:21:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/04/23 12:00:00 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/11 14:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sx\Local Settings\Application Data\AVG Security Toolbar
[2010/09/08 15:05:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 15:05:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 15:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/06 19:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sx\Application Data\MSNInstaller
[2010/08/21 22:39:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/11 16:32:13 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/11 16:32:13 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/11 16:32:13 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/11 16:28:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/11 16:27:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 16:27:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/11 16:27:10 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Sx\NTUSER.DAT
[2010/09/11 16:03:02 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-484763869-839522115-1003UA.job
[2010/09/11 14:09:12 | 064,526,509 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/11 00:03:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-484763869-839522115-1003Core.job
[2010/09/10 21:38:12 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/09/10 21:37:17 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/09/08 15:05:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/06 19:36:41 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/09/03 00:15:37 | 005,886,504 | -H-- | M] () -- C:\Documents and Settings\Sx\Local Settings\Application Data\IconCache.db
[2010/08/28 00:11:33 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\Sx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 00:08:18 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Sx\Desktop\Shortcut to HiJackThis.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/10 21:38:12 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/09/10 21:37:17 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/09/08 15:05:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/06 19:36:41 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/08/22 00:08:18 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Sx\Desktop\Shortcut to HiJackThis.lnk
[2010/08/04 17:05:05 | 000,010,563 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/07/19 21:20:00 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/07/17 20:01:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/05/28 18:54:33 | 000,002,244 | ---- | C] () -- C:\Documents and Settings\Sx\Application Data\filterclsid.dat
[2010/05/28 18:32:27 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2010/05/28 18:32:27 | 000,827,392 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4System.dll
[2010/05/28 18:32:27 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4Tools.dll
[2010/05/28 18:32:27 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4DSF.dll
[2010/05/28 18:32:26 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\AMR.dll
[2010/05/28 18:32:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\EvrcDecDll.dll
[2010/05/28 18:32:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\AMRDSF.dll
[2010/05/06 15:55:12 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/18 12:53:17 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Sx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/16 20:39:10 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/04/16 16:22:12 | 000,034,708 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/04/16 16:22:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2010/04/16 16:21:45 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/07 23:31:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >

Extras Log:

OTL Extras logfile created on: 9/11/2010 4:35:06 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Sx\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 293.72 Gb Free Space | 63.06% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 23.44 Gb Free Space | 2.52% Space Free | Partition Type: NTFS
Drive E: | 56.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAGICBOX
Current User Name: Sx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-854245398-484763869-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\NewsBinGN\newsbingn.exe" = C:\Program Files\NewsBinGN\newsbingn.exe:*:Enabled:NewsBin for Giganews -- (CMCEI)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- File not found
"C:\Documents and Settings\Sx\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Sx\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\WinTV\WinTV7\WinTV7.exe" = C:\Program Files\WinTV\WinTV7\WinTV7.exe:*:Enabled:WinTV7 -- (Hauppauge Computer Works, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FDA552D-7A11-408E-A17B-070C83F9B0FC}" = PC Suite
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8497AF19-C15B-497F-AA76-CB810573FFC6}" = PC Suite
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}" = Giganews Accelerator
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"BBC Clock" = BBC Clock Screen Saver
"BBC Globe" = BBC Globe Screen Saver
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX Setup
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NewsBinGN" = NewsBin for Giganews
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"O2 Cocoon Driver" = O2 Cocoon Driver
"PeerGuardian_is1" = PeerGuardian 2.0
"PolarClock3" = PolarClock3 Screen Saver
"Spotify" = Spotify
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPC Tools" = XPC Tools

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2010 12:03:05 PM | Computer Name = MAGICBOX | Source = Google Update | ID = 20
Description =

Error - 7/18/2010 2:07:28 PM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application spywareterminatorupdate.exe, version 2.6.0.40,
faulting module torentdll.dll, version 0.0.0.0, fault address 0x00064db2.

Error - 8/4/2010 1:12:36 PM | Computer Name = MAGICBOX | Source = Application Hang | ID = 1002
Description = Hanging application WinTV7.exe, version 1.0.28208.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2010 5:47:26 PM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x05729290.

Error - 8/27/2010 7:11:39 PM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x062a9290.

Error - 9/1/2010 12:59:12 PM | Computer Name = MAGICBOX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2010 10:47:55 AM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 9/10/2010 3:06:16 PM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 9/11/2010 11:26:21 AM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3000, faulting module
unknown, version 0.0.0.0, fault address 0x1009aa60.

Error - 9/11/2010 11:26:21 AM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application rthdcpl.exe, version 2.1.3.2, faulting module
unknown, version 0.0.0.0, fault address 0x10099e50.

[ Application Events ]
Error - 7/18/2010 12:03:05 PM | Computer Name = MAGICBOX | Source = Google Update | ID = 20
Description =

Error - 7/18/2010 2:07:28 PM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application spywareterminatorupdate.exe, version 2.6.0.40,
faulting module torentdll.dll, version 0.0.0.0, fault address 0x00064db2.

Error - 8/4/2010 1:12:36 PM | Computer Name = MAGICBOX | Source = Application Hang | ID = 1002
Description = Hanging application WinTV7.exe, version 1.0.28208.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2010 5:47:26 PM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x05729290.

Error - 8/27/2010 7:11:39 PM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x062a9290.

Error - 9/1/2010 12:59:12 PM | Computer Name = MAGICBOX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2010 10:47:55 AM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 9/10/2010 3:06:16 PM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 9/11/2010 11:26:21 AM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3000, faulting module
unknown, version 0.0.0.0, fault address 0x1009aa60.

Error - 9/11/2010 11:26:21 AM | Computer Name = MAGICBOX | Source = Application Error | ID = 1000
Description = Faulting application rthdcpl.exe, version 2.1.3.2, faulting module
unknown, version 0.0.0.0, fault address 0x10099e50.

[ System Events ]
Error - 7/18/2010 10:50:57 AM | Computer Name = MAGICBOX | Source = System Error | ID = 1003
Description = Error code 0000007f, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.


< End of report >

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-11 20:08:25
Windows 5.1.2600 Service Pack 2
Running: doh9evjy.exe; Driver: C:\DOCUME~1\Sx\LOCALS~1\Temp\pwryypog.sys


---- System - GMER 1.0.15 ----

SSDT spuj.sys ZwCreateKey [0xB7EA70E0]
SSDT spuj.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spuj.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT spuj.sys ZwOpenKey [0xB7EA70C0]
SSDT spuj.sys ZwQueryKey [0xB7EC610A]
SSDT spuj.sys ZwQueryValueKey [0xB7EC5F8A]
SSDT spuj.sys ZwSetValueKey [0xB7EC619C]

INT 0x62 ? 8A47EBF8
INT 0x63 ? 8A2DEF00
INT 0x63 ? 8A2DEF00
INT 0x63 ? 8A2DEF00
INT 0x73 ? 8A47EBF8
INT 0x73 ? 8A47EBF8
INT 0x73 ? 8A47EBF8
INT 0x74 ? 8A2DEF00
INT 0x84 ? 8A2DEF00
INT 0x94 ? 8A2DEF00
INT 0xA4 ? 8A2DEF00

---- Kernel code sections - GMER 1.0.15 ----

? spuj.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B774062C 5 Bytes JMP 8A2DE4E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6BE13A0, 0x59FFE5, 0xE8000020]
.text aoi0fsh9.SYS B6B7E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aoi0fsh9.SYS B6B7E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aoi0fsh9.SYS B6B7E3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aoi0fsh9.SYS B6B7E3C9 1 Byte [30]
.text aoi0fsh9.SYS B6B7E3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[444] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3720] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 1040098F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spuj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spuj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spuj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spuj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spuj.sys
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\aoi0fsh9.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A47D1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\1565499124 spuj.sys
Device \Driver\usbohci \Device\USBPDO-0 8A2E01F8
Device \Driver\PCI_PNP4124 \Device\00000044 spuj.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4EF1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A4EF1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A4EF1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A4EF1F8
Device \Driver\usbehci \Device\USBPDO-1 8A2E51F8
Device \Driver\usbohci \Device\USBPDO-2 8A2E01F8
Device \Driver\usbehci \Device\USBPDO-3 8A2E51F8
Device \Driver\usbehci \Device\USBPDO-4 8A2E51F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 8A27A1F8
Device \Driver\usbuhci \Device\USBPDO-6 8A27A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A47F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A47F1F8
Device \Driver\Cdrom \Device\CdRom0 8A2E31F8
Device \Driver\Cdrom \Device\CdRom1 8A2E31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A47E1F8
Device \Driver\atapi \Device\Ide\IdePort0 8A47E1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A47E1F8
Device \Driver\atapi \Device\Ide\IdePort2 8A47E1F8
Device \Driver\atapi \Device\Ide\IdePort3 8A47E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8A47E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8A47E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{99F7F58E-9F6C-4CF7-A6BF-A8F08FB88EB1} 8A2301F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2301F8
Device \Driver\NetBT \Device\NetbiosSmb 8A2301F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 8A2E01F8
Device \Driver\usbehci \Device\USBFDO-1 8A2E51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88F26500
Device \Driver\usbohci \Device\USBFDO-2 8A2E01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88F26500
Device \Driver\usbehci \Device\USBFDO-3 8A2E51F8
Device \Driver\usbuhci \Device\USBFDO-4 8A27A1F8
Device \Driver\Ftdisk \Device\FtControl 8A47F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8A27A1F8
Device \Driver\usbehci \Device\USBFDO-6 8A2E51F8
Device \Driver\aoi0fsh9 \Device\Scsi\aoi0fsh91Port4Path0Target0Lun0 8A1591F8
Device \Driver\aoi0fsh9 \Device\Scsi\aoi0fsh91 8A1591F8
Device \FileSystem\Cdfs \Cdfs 88F6F500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0xCF 0x89 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0xBB 0x34 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAC 0xD1 0xDE 0x2E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0xCF 0x89 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0xBB 0x34 0xEC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAC 0xD1 0xDE 0x2E ...

---- EOF - GMER 1.0.15 ----

I hope this is all the information you need
Msg me if you need more or need me to do anything

Please help me get rid of this nasty little bug that is collecting ALL my info for nefarious means.
(It also randomly puts the volume right down, why, just to annoy you!)
Thank you for your time

Suzanne
missminxtress
Active Member
 
Posts: 7
Joined: August 24th, 2010, 1:59 pm
Advertisement
Register to Remove

Re: repost:Virus removal help please

Unread postby deltalima » September 12th, 2010, 4:10 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: repost:Virus removal help please

Unread postby deltalima » September 12th, 2010, 4:34 pm

Hi missminxtress,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download SystemLook and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    CAPTU*.EXE
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: repost:Virus removal help please

Unread postby missminxtress » September 13th, 2010, 12:45 pm

Dear Deltalima

Thank you for assisting me.

SystemLook Log:

SystemLook 04.09.10 by jpshortstuff
Log created at 17:40 on 13/09/2010 by Sx
Administrator - Elevation successful

========== filefind ==========

Searching for "CAPTU*.EXE"
C:\Program Files\WinTV\TVServer\CaptureBase.exe --a---- 44544 bytes [16:05 04/08/2010] [17:28 14/06/2010] 8AD7FAC0EBFD3B326943E4B9EB246BAF
C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe --a---- 311808 bytes [16:05 04/08/2010] [16:48 20/07/2010] A5E9C787A8BA76D6C7626EFE503A9413
C:\Program Files\WinTV\TVServer\CaptureGenUSB.exe --a---- 310784 bytes [16:05 04/08/2010] [16:48 20/07/2010] 2B6049BB3B43EA06FC0A409D160A5F3F
C:\Program Files\WinTV\TVServer\CaptureHDPVR.exe --a---- 115200 bytes [16:05 04/08/2010] [17:16 15/06/2010] D5CF9261033BDC336ECB2E63CBB59C66

-= EOF =-

MBR Check Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EA6000 spgp.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E8E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E60000 ACPI.sys
0xB7E4F000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7E30000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E0A000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7DF2000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DD3000 fltMgr.sys
0xB7DC1000 sr.sys
0xB8118000 PxHelp20.sys
0xB7DAA000 KSecDD.sys
0xB7D97000 WudfPf.sys
0xB7D0A000 Ntfs.sys
0xB7CDD000 NDIS.sys
0xB7CC2000 Mup.sys
0xB8148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8288000 \SystemRoot\system32\DRIVERS\processr.sys
0xB83C8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB76CB000 \SystemRoot\system32\DRIVERS\parport.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB76A8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8298000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7685000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7660000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB757E000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB6B61000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6B4D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6B15000 \SystemRoot\System32\Drivers\asklw75j.SYS
0xB857C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB874A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8580000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6AE7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8448000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6AD6000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8308000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8450000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8458000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6A05000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8460000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8468000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85BC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB69D1000 \SystemRoot\system32\DRIVERS\update.sys
0xB859C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8188000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB81B8000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB3F1A000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB3EF8000 \SystemRoot\system32\drivers\portcls.sys
0xB81D8000 \SystemRoot\system32\drivers\drmk.sys
0xB8488000 \SystemRoot\system32\drivers\nvhda32.sys
0xB85C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8794000 \SystemRoot\System32\Drivers\Null.SYS
0xB85C6000 \SystemRoot\System32\Drivers\Beep.SYS
0xB84A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB84B0000 \SystemRoot\System32\drivers\vga.sys
0xB85CA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85CC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8340000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8348000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8574000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3E75000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3E1D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3DE3000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB3DC2000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB8208000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB69B5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8218000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8378000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB69B1000 \SystemRoot\System32\Drivers\BdaSup.SYS
0xB69AD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3CAE000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3C8C000 \SystemRoot\System32\drivers\afd.sys
0xB8248000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3C60000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3BF1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8258000 \SystemRoot\System32\Drivers\Fips.SYS
0xB875F000 \SystemRoot\System32\Drivers\BANTExt.sys
0xB8388000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB3BBD000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB8390000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xB8268000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xB3B42000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB3EDC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB83A0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB83A8000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB3B1E000 \SystemRoot\System32\Drivers\hcw99bda.sys
0xB3ECC000 \SystemRoot\System32\Drivers\hcw99rc.sys
0xB8158000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB3ADE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8622000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB69B9000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8418000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8763000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB2E0D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB29E8000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2FCD000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2676000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB860E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB243F000 \SystemRoot\system32\DRIVERS\srv.sys
0xB85B8000 \SystemRoot\system32\drivers\MSPQM.sys
0xB1EFE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8636000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0xB1208000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
684 C:\WINDOWS\system32\smss.exe
736 csrss.exe
760 C:\WINDOWS\system32\winlogon.exe
804 C:\WINDOWS\system32\services.exe
816 C:\WINDOWS\system32\lsass.exe
980 C:\WINDOWS\system32\nvsvc32.exe
1028 C:\WINDOWS\system32\svchost.exe
1072 svchost.exe
1188 C:\WINDOWS\system32\svchost.exe
1224 C:\WINDOWS\system32\svchost.exe
1256 C:\Program Files\AVG\AVG9\avgchsvx.exe
1264 C:\Program Files\AVG\AVG9\avgrsx.exe
1444 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1460 svchost.exe
1716 svchost.exe
1864 C:\WINDOWS\explorer.exe
216 C:\WINDOWS\system32\spoolsv.exe
532 C:\PROGRA~1\AVG\AVG9\avgtray.exe
560 C:\WINDOWS\RTHDCPL.exe
572 C:\WINDOWS\system32\rundll32.exe
596 C:\Program Files\Common Files\Java\Java Update\jusched.exe
628 C:\WINDOWS\system32\rundll32.exe
652 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
672 C:\WINDOWS\system32\ctfmon.exe
704 C:\Program Files\Messenger\msmsgs.exe
780 C:\Program Files\WinTV\Ir.exe
884 C:\Program Files\Logitech\SetPoint\SetPoint.exe
820 C:\Program Files\WinTV\WinTV7\WinTVTray.exe
1340 C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
2144 svchost.exe
2192 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2228 C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
2264 C:\Program Files\Java\jre6\bin\jqs.exe
2752 C:\Program Files\AVG\AVG9\avgemc.exe
2764 CAPTUR~4.EXE
2828 C:\Program Files\AVG\AVG9\avgnsx.exe
2928 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3076 CAPTUR~4.EXE
3324 C:\WINDOWS\system32\svchost.exe
3876 alg.exe
2436 C:\WINDOWS\system32\wuauclt.exe
3592 C:\Program Files\WinTV\WinTV7\WinTV7.exe
1580 C:\Program Files\Mozilla Firefox\firefox.exe
2368 C:\Program Files\Mozilla Firefox\plugin-container.exe
524 C:\Documents and Settings\Sx\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
3484 C:\Documents and Settings\Sx\My Documents\Downloads\SystemLook.exe
296 C:\WINDOWS\NOTEPAD.EXE
1412 C:\Documents and Settings\Sx\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-12
PhysicalDrive1 Model Number: SAMSUNGHD103UJ, Rev: 1AA01112

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



Hope this helps

Thank you

Suzanne
missminxtress
Active Member
 
Posts: 7
Joined: August 24th, 2010, 1:59 pm

Re: repost:Virus removal help please

Unread postby deltalima » September 13th, 2010, 1:05 pm

Hi missminxtress,

CAPTUR~4.EXE is part of WinTV , what leads you believe that this process is part of a virus?

Please describe the symptoms of the virus on your computer.

We need to remove Spybot - Search & Destroy and PeerGuardian 2.0. They can be reinstalled later if required.

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Spybot - Search & Destroy
    click Remove
    highlight PeerGuardian 2.0
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Now reboot the computer.

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: repost:Virus removal help please

Unread postby missminxtress » September 14th, 2010, 2:41 pm

Dear deltalima

I noticed an unidentified process (CAPTUR~4.EXE) in task manager one day and google'd it. The results said that it was a kelogger/trojan virus, no mention of Win tv, hence the attempts to remove it. When I try to stop the process it multiplies, which is an odd way for a normal system to behave. I had never seen it before and have had Win tv running for several years.
(Usual answers I've found before http://www.securemost.com/prs_lib/capture_exe.htm)
I have just done another search for CAPTUR~4.EXE and indeed there are many pages on Win tv, so it does indeed look like it is part of win tv, strange taht it runs when win tv is not on? And runs two of itself?
If it is indeed part of Win tv that would explain why it is not recognised by anti virus scans!

I am going to be so annoyed if it turn out not to be a virus as I have wasted much time & stress, my own and others, including this website! (although one piece of software did find and remove 5 virus's that got past avg and spybot)
My comp guru guy (ha!) said it was a virus and with so many results coming back that it was a keylogging virus I of course have tried everything to remove it. And as it works in the background it does not really effect functionality so no symptoms to describe.
I will also be very happy if it is Not a virus as I can relax knowing that my information and computer are
safe

I do not want to waste any more of your time if it is not a virus
So I will wait for your response before running the above instructions.
If they will tell me once and for all what it is then great, if you have already found out that it is indeed Not a virus then I will say thank you and leave you to help the next poor numskull. (I'm sure their not but I feel like one right now!)

Thank you again for your time


Suzanne
missminxtress
Active Member
 
Posts: 7
Joined: August 24th, 2010, 1:59 pm

Re: repost:Virus removal help please

Unread postby deltalima » September 14th, 2010, 2:53 pm

Hi missminxtress,

I do not want to waste any more of your time if it is not a virus
So I will wait for your response before running the above instructions.
If they will tell me once and for all what it is then great, if you have already found out that it is indeed Not a virus then I will say thank you


OK, let's make sure. Please run the scans and post the logs.

We still have a few jobs to do to make your computer more secure even if no more infections are found.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: repost:Virus removal help please

Unread postby missminxtress » September 15th, 2010, 4:04 pm

Thank you so much
I'm glad I'm not wasting your time and especially that you want to get my computer running squeeky clean not just solve the initial problem.
You're good people.

I ran that scans, the second one took ages but came back totally clean-yippee!
Did not check "Viruses, worms, Trojans, rootkits", it was the only one not checked and not on your list either.
If I needed to have it checked I will run the scan again.

So no logs to post

What next?

Suzanne
missminxtress
Active Member
 
Posts: 7
Joined: August 24th, 2010, 1:59 pm

Re: repost:Virus removal help please

Unread postby deltalima » September 15th, 2010, 4:59 pm

Hi missminxtress,

the second one took ages but came back totally clean


Then your system appears clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

Make sure you follow the instructions below to update Microsoft Windows to ensure you update to Service Pack 3

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: repost:Virus removal help please

Unread postby missminxtress » September 17th, 2010, 12:00 pm

WONDERFUL News!!!

All your advice and instructions done done and done.

I can now relax knowing that my computer is safe.

Thank you so much.
Thank you and the others who have helped.
This really is a great site indeed

I hope I never have to return but now I know where to go if I need to :-)
missminxtress
Active Member
 
Posts: 7
Joined: August 24th, 2010, 1:59 pm

Re: repost:Virus removal help please

Unread postby deltalima » September 17th, 2010, 4:17 pm

You're welcome!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: repost:Virus removal help please

Unread postby Carolyn » September 17th, 2010, 5:19 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware