Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Might this be a trojan?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Might this be a trojan?

Unread postby Saoirse » March 20th, 2011, 8:21 pm

Hello all! It's been quite a while since I've been here and the last time I was here, I was presented a nifty solution to my nagging problem so I'm back because I know you provide good services. My problem is that there's a pesky RECYCLER and Autorun.inf that pop up every time I plug in my flash drives. They bother me because I did not create these files and it is detected by the virus scan in my school but not with mine (V3 Internet Security Engine). Now if I try to manually delete them, it says I can't because "It is being used by another person or program." I don't know where the problem lies and I can still access my files but I'm afraid of long-term damage as this might progress into something worse. (Sorry I'm too paranoid but I can't afford to lose my files now.) So here is my DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by bimbim at 7:37:21.92 on Mon 03/21/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.893.107 [GMT 8:00]
.
AV: AhnLab V3 Internet Security 8.0 *Enabled/Updated* {D881C1F7-6566-4C80-82F8-BA5258DDD50E}
FW: AhnLab V3 Internet Security 8.0 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AhnLab\V3IS80\V3Svc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AhnLab\V3IS80\V3SP.exe
C:\WINDOWS\system32\wscntfy.exe
D:\HP Software Update\HPWuSchd2.exe
D:\iTunesHelper.exe
C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\ASRock Utility\IES\AsrIes.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
D:\Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\tbNCH.dll
mWinlogon: Taskman=c:\documents and settings\bimbim\fswagz.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\tbNCH.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\tbNCH.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
uRun: [ASRockIES] "c:\program files\asrock utility\ies\AsrIes.exe"
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [RockMelt Update] "c:\documents and settings\bimbim\local settings\application data\rockmelt\update\RockMeltUpdate.exe" /c
uRun: [ChikkaV5] d:\chikkasetup\ChikkaLauncher.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [V3 Session Process] "c:\program files\ahnlab\v3is80\V3SP.exe"
mRun: [HP Software Update] d:\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TrayServer] c:\program files\magix\movie_edit_pro_15_plus_download_version\TrayServer.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\bimbim\startm~1\programs\startup\mojichi.lnk - c:\program files\mojikan\mojichi\MojiChi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {175975F5-C68F-0875-C827-9225E76EAC65} - CMd /Q /c sTaRT "" /i /b jAvaw -classpath "c:\documents and settings\bimbim\local settings\temp\jar_cache4481237363299825664.tmp" a
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\bimbim\applic~1\mozilla\firefox\profiles\yjtp4lut.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox ... S:official
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\bimbim\application data\mozilla\firefox\profiles\yjtp4lut.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\bimbim\application data\mozilla\firefox\profiles\yjtp4lut.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\bimbim\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\bimbim\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\bimbim\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\documents and settings\bimbim\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
FF - plugin: d:\vlc\npvlc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AMonTDNt.sys [2010-6-15 95880]
R1 ATamptNt_V3IS80;ATamptNt_V3IS80;c:\progra~1\ahnlab\v3is80\ATamptNt.sys [2010-6-15 154208]
R1 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [2010-6-15 1916752]
R1 V3Flt2K;V3Flt2K;c:\progra~1\ahnlab\v3is80\V3Flt2K.sys [2010-6-15 168032]
R2 AMonHKnt;AMonHKnt;c:\windows\system32\drivers\AMonHKNT.sys [2010-6-15 53224]
R2 V3 Service;V3 Service;c:\program files\ahnlab\v3is80\V3Svc.exe [2010-6-15 212184]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2k.sys [2010-6-15 52960]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2k.sys [2010-6-15 20320]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [2010-6-15 53728]
R3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [2010-6-15 1441104]
R3 ASZFltNt;ASZFltNt;c:\progra~1\ahnlab\v3is80\ASZFltNt.sys [2010-6-15 127072]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2010-6-15 19608]
R3 IesDrv;IesDrv;\??\c:\windows\system32\drivers\iesdrv.sys --> c:\windows\system32\drivers\IesDrv.sys [?]
R3 ISFWEnt;ISFWEnt;c:\program files\ahnlab\v3is80\ISFWENt.sys [2010-6-15 143928]
R3 ISIPSEnt;ISIPSEnt;c:\program files\ahnlab\v3is80\ISIPSENt.sys [2010-6-15 139720]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-9-4 45056]
R3 TfFRegNt;TfFRegNt;c:\program files\ahnlab\v3is80\TFFREGNT.SYS [2010-6-15 55520]
R3 TfProcNt;TfProcNt;c:\program files\ahnlab\v3is80\AHAWKENT.SYS [2010-6-15 29280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 136176]
S3 AhnActNt;AhnActNt;c:\progra~1\ahnlab\v3is80\AhnActNt.sys [2010-6-15 88544]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2011-3-17 1527900]
S3 ISPIBEnt;ISPIBEnt;c:\program files\ahnlab\v3is80\ISPIBENt.sys [2010-6-15 128384]
S3 ISPrxEnt;ISPrxEnt;c:\program files\ahnlab\v3is80\ISPrxENt.sys [2010-6-15 77152]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 V3Flu2k_V3IS80;V3Flu2k_V3IS80;c:\progra~1\ahnlab\v3is80\V3Flu2k.sys [2010-6-15 120928]
S3 V3IFt2K;V3IFt2K;c:\progra~1\ahnlab\v3is80\V3IFt2K.sys [2010-6-15 77664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-20 23:34:56 -------- d-----w- c:\docume~1\bimbim\applic~1\WinPatrol
2011-03-20 23:34:39 -------- d-----w- c:\program files\BillP Studios
2011-03-20 23:34:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\InstallMate
2011-03-19 16:29:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\LightScribe
2011-03-19 16:06:53 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\Ahead
2011-03-19 16:00:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero
2011-03-19 16:00:19 -------- d-----w- c:\program files\Nero
2011-03-17 03:58:35 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-03-16 23:36:40 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\Xara
2011-03-16 23:33:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\MAGIX
2011-03-16 23:31:46 -------- d-----w- c:\program files\MAGIX
2011-03-16 23:31:45 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2011-03-16 23:28:02 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2011-03-16 23:28:02 -------- d-----w- c:\windows\system32\MAGIX
2011-03-16 22:35:35 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\Sony
2011-03-16 22:24:49 -------- d-----w- c:\program files\Sony
2011-03-16 22:22:20 -------- d-----w- C:\aa6f37e37610b6f6b01a80
2011-03-16 22:15:39 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-16 22:14:36 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-16 22:14:15 14048 ------w- c:\windows\system32\spmsg2.dll
2011-03-08 21:58:28 -------- d-----w- C:\logs
2011-03-08 21:58:17 -------- d-----w- c:\documents and settings\bimbim\Speedbit
2011-03-03 08:13:09 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\WMTools Downloaded Files
.
==================== Find3M ====================
.
2011-03-16 10:30:00 1880144 ----a-w- c:\windows\system32\BTScan.exe
2011-03-07 08:33:18 117760 --sh--r- c:\documents and settings\bimbim\fswagz.exe
2011-01-03 14:03:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-30 13:22:11 255497 ----a-w- c:\program files\RMPly00.exe
2006-05-03 03:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 04:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 06:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 7:37:48.46 ===============



and here is my Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 6/14/2010 6:30:15 PM
System Uptime: 3/21/2011 6:43:45 AM (1 hours ago)
.
Motherboard: ASRock | | G41M-VS2
Processor: Intel Pentium III Xeon processor | CPUSocket | 1588/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 20.506 GiB free.
D: is FIXED (NTFS) - 110 GiB total, 8.299 GiB free.
E: is FIXED (NTFS) - 34 GiB total, 1.528 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP66: 12/22/2010 7:35:26 AM - System Checkpoint
RP67: 12/23/2010 12:55:48 PM - Removed MobileMe Control Panel
RP68: 12/26/2010 9:49:24 AM - System Checkpoint
RP69: 12/28/2010 6:14:58 PM - System Checkpoint
RP70: 12/30/2010 12:53:18 PM - System Checkpoint
RP71: 1/2/2011 6:26:30 AM - System Checkpoint
RP72: 1/3/2011 7:01:36 PM - System Checkpoint
RP73: 1/6/2011 4:32:53 AM - System Checkpoint
RP74: 1/16/2011 12:35:06 PM - System Checkpoint
RP75: 1/18/2011 12:42:40 AM - System Checkpoint
RP76: 1/20/2011 7:50:08 AM - System Checkpoint
RP77: 1/22/2011 10:50:33 AM - System Checkpoint
RP78: 1/24/2011 8:03:24 AM - System Checkpoint
RP79: 1/25/2011 6:59:30 PM - System Checkpoint
RP80: 1/27/2011 12:41:24 PM - System Checkpoint
RP81: 2/3/2011 9:54:13 PM - System Checkpoint
RP82: 2/6/2011 8:30:26 AM - System Checkpoint
RP83: 2/7/2011 11:15:29 PM - System Checkpoint
RP84: 2/8/2011 11:25:36 PM - System Checkpoint
RP85: 2/10/2011 3:29:32 PM - System Checkpoint
RP86: 2/12/2011 3:37:07 PM - System Checkpoint
RP87: 2/14/2011 6:37:25 PM - System Checkpoint
RP88: 2/15/2011 6:47:57 PM - System Checkpoint
RP89: 2/17/2011 6:58:56 PM - System Checkpoint
RP90: 2/19/2011 12:21:48 AM - System Checkpoint
RP91: 2/21/2011 5:25:51 AM - System Checkpoint
RP92: 2/22/2011 7:57:38 PM - System Checkpoint
RP93: 2/23/2011 11:54:09 PM - System Checkpoint
RP94: 2/25/2011 5:57:24 PM - System Checkpoint
RP95: 2/26/2011 8:01:20 PM - System Checkpoint
RP96: 2/27/2011 8:11:35 PM - System Checkpoint
RP97: 3/1/2011 12:06:58 AM - System Checkpoint
RP98: 3/2/2011 1:49:05 AM - System Checkpoint
RP99: 3/3/2011 7:25:43 AM - System Checkpoint
RP100: 3/5/2011 8:24:47 AM - System Checkpoint
RP101: 3/6/2011 8:26:24 AM - System Checkpoint
RP102: 3/7/2011 4:48:06 PM - System Checkpoint
RP103: 3/9/2011 7:45:23 PM - System Checkpoint
RP104: 3/10/2011 8:21:40 PM - System Checkpoint
RP105: 3/15/2011 7:57:15 AM - System Checkpoint
RP106: 3/17/2011 6:14:14 AM - Installed %1 %2.
RP107: 3/17/2011 6:14:23 AM - Printer Driver Microsoft XPS Document Writer Installed
RP108: 3/17/2011 6:20:18 AM - Installed Windows XP KB942288-v3.
RP109: 3/17/2011 6:21:07 AM - Installed Windows Media Format Runtime
RP110: 3/17/2011 6:22:10 AM - Installed Windows XP Wudf01000.
RP111: 3/17/2011 11:57:32 AM - Installed Adobe After Effects 7.0
RP112: 3/19/2011 12:47:46 AM - System Checkpoint
RP113: 3/20/2011 12:00:11 AM - Installed Nero 7 Essentials
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
Adobe After Effects 7.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Photoshop Lightroom 2
Adobe Reader 9.1
AhnLab V3 Internet Security 8.0
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASRock IES v2.0.8
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bonjour
BufferChm
calibre
Chikka Messenger
Conduit Engine
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DocProc
DocProcQFolder
Download Accelerator Plus (DAP)
eSupportQFolder
Express Scribe
F4100
F4100_doccd
F4100_Help
Facebook Plug-In
Firebird SQL Server - MAGIX Edition
Freemake Video Converter version 2.0.0
Google Chrome
Google Earth
Google Update Helper
Hotfix for Windows XP (KB942288-v3)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Solution Center 9.0
HP Update
HPProductAssistant
incredibox
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 14
K-Lite Mega Codec Pack 5.8.3
LightScribe 1.8.13.1
MAGIX 3D Maker (embeded)
MAGIX Movie Edit Pro 15 Plus Download version 8.0.5.8 (UK)
MAGIX Screenshare 4.3.6.1987 (UK)
ManyCam 2.6.1 (remove only)
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Morgan Stream Switcher
Mozilla Firefox (3.6.13)
MSVCRT
MSVCRT Redists
MSXML 6.0 Parser (KB925673)
NCH Toolbar
Nero 7 Essentials
Picasa 3
Poladroid
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Robo.to Maker
RockMelt
Scan
Segoe UI
Skype Toolbars
Skype™ 5.0
SolutionCenter
Status
Sun ODF Plugin for Microsoft Office 3.1
Timershot Powertoy for Windows XP
Toolbox
TrayApp
UnloadSupport
v2010.build.42
Vegas Pro 10.0
VLC media player 1.1.4
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Searchqu Toolbar
Windows Workflow Foundation
WinPatrol
WinRAR archiver
Xilisoft iPod Video Converter 6
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.6.5
.
==== Event Viewer Messages From Past Week ========
.
3/21/2011 6:54:44 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 12:07:19 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
3/17/2011 6:58:49 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
3/17/2011 6:58:49 AM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
3/17/2011 6:58:49 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================


I really hope someone could diagnose my problem. Thank you! =]
Saoirse
Active Member
 
Posts: 5
Joined: February 9th, 2009, 8:19 pm
Location: Cebooze.
Advertisement
Register to Remove

Re: Might this be a trojan?

Unread postby Blade81 » March 21st, 2011, 12:35 pm

Hi,

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

uTorrent

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.

You can uninstall these programs in the Control Panel -> Add/remove Programs. Please do so and post fresh dds logs. Is there any specific reason why you're still using Internet Explorer 6 there?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Might this be a trojan?

Unread postby Saoirse » March 22nd, 2011, 4:00 pm

Hello! Thank you for being my savior!! :D I don't really use Internet Explorer that's why it was never updated. I already removed uTorrent and here are my fresh logs. =]

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by bimbim at 3:54:13.09 on Wed 03/23/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.893.400 [GMT 8:00]
.
AV: AhnLab V3 Internet Security 8.0 *Enabled/Updated* {D881C1F7-6566-4C80-82F8-BA5258DDD50E}
FW: AhnLab V3 Internet Security 8.0 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AhnLab\V3IS80\V3Svc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AhnLab\V3IS80\V3SP.exe
C:\WINDOWS\system32\wscntfy.exe
D:\HP Software Update\HPWuSchd2.exe
D:\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ASRock Utility\IES\AsrIes.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
D:\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Digital Imaging\bin\hpqSTE08.exe
D:\VLC\vlc.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\bimbim\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
D:\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
D:\Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\tbNCH.dll
mWinlogon: Taskman=c:\documents and settings\bimbim\fswagz.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\tbNCH.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\tbNCH.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ASRockIES] "c:\program files\asrock utility\ies\AsrIes.exe"
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [RockMelt Update] "c:\documents and settings\bimbim\local settings\application data\rockmelt\update\RockMeltUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [V3 Session Process] "c:\program files\ahnlab\v3is80\V3SP.exe"
mRun: [HP Software Update] d:\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\bimbim\startm~1\programs\startup\mojichi.lnk - c:\program files\mojikan\mojichi\MojiChi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {175975F5-C68F-0875-C827-9225E76EAC65} - cMD /Q /C starT "" /I /B jAvAw -classpath "c:\documents and settings\bimbim\local settings\temp\jar_cache4481237363299825664.tmp" a
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\bimbim\applic~1\mozilla\firefox\profiles\yjtp4lut.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox ... S:official
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\bimbim\application data\mozilla\firefox\profiles\yjtp4lut.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\bimbim\application data\mozilla\firefox\profiles\yjtp4lut.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\bimbim\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\bimbim\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\bimbim\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\documents and settings\bimbim\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
FF - plugin: d:\vlc\npvlc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AMonTDNt.sys [2010-6-15 95880]
R1 ATamptNt_V3IS80;ATamptNt_V3IS80;c:\progra~1\ahnlab\v3is80\ATamptNt.sys [2010-6-15 154208]
R1 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [2010-6-15 1916752]
R1 V3Flt2K;V3Flt2K;c:\progra~1\ahnlab\v3is80\V3Flt2K.sys [2010-6-15 168032]
R2 AMonHKnt;AMonHKnt;c:\windows\system32\drivers\AMonHKNT.sys [2010-6-15 53224]
R2 V3 Service;V3 Service;c:\program files\ahnlab\v3is80\V3Svc.exe [2010-6-15 212184]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2k.sys [2010-6-15 52960]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2k.sys [2010-6-15 20320]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [2010-6-15 53728]
R3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [2010-6-15 1441104]
R3 ASZFltNt;ASZFltNt;c:\progra~1\ahnlab\v3is80\ASZFltNt.sys [2010-6-15 127072]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2010-6-15 19608]
R3 IesDrv;IesDrv;\??\c:\windows\system32\drivers\iesdrv.sys --> c:\windows\system32\drivers\IesDrv.sys [?]
R3 ISFWEnt;ISFWEnt;c:\program files\ahnlab\v3is80\ISFWENt.sys [2010-6-15 143928]
R3 ISIPSEnt;ISIPSEnt;c:\program files\ahnlab\v3is80\ISIPSENt.sys [2010-6-15 139720]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-9-4 45056]
R3 TfFRegNt;TfFRegNt;c:\program files\ahnlab\v3is80\TFFREGNT.SYS [2010-6-15 55520]
R3 TfProcNt;TfProcNt;c:\program files\ahnlab\v3is80\AHAWKENT.SYS [2010-6-15 29280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 136176]
S3 AhnActNt;AhnActNt;c:\progra~1\ahnlab\v3is80\AhnActNt.sys [2010-6-15 88544]
S3 ISPIBEnt;ISPIBEnt;c:\program files\ahnlab\v3is80\ISPIBENt.sys [2010-6-15 128384]
S3 ISPrxEnt;ISPrxEnt;c:\program files\ahnlab\v3is80\ISPrxENt.sys [2010-6-15 77152]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 V3Flu2k_V3IS80;V3Flu2k_V3IS80;c:\progra~1\ahnlab\v3is80\V3Flu2k.sys [2010-6-15 120928]
S3 V3IFt2K;V3IFt2K;c:\progra~1\ahnlab\v3is80\V3IFt2K.sys [2010-6-15 77664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-21 02:19:44 -------- d-----w- c:\windows\system32\appmgmt
2011-03-20 23:34:56 -------- d-----w- c:\docume~1\bimbim\applic~1\WinPatrol
2011-03-20 23:34:39 -------- d-----w- c:\program files\BillP Studios
2011-03-20 23:34:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\InstallMate
2011-03-19 16:29:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\LightScribe
2011-03-19 16:06:53 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\Ahead
2011-03-19 16:00:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero
2011-03-19 16:00:19 -------- d-----w- c:\program files\Nero
2011-03-17 03:58:35 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-03-16 23:36:40 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\Xara
2011-03-16 23:33:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\MAGIX
2011-03-16 23:31:46 -------- d-----w- c:\program files\MAGIX
2011-03-16 23:31:45 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2011-03-16 23:28:02 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2011-03-16 23:28:02 -------- d-----w- c:\windows\system32\MAGIX
2011-03-16 22:35:35 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\Sony
2011-03-16 22:24:49 -------- d-----w- c:\program files\Sony
2011-03-16 22:22:20 -------- d-----w- C:\aa6f37e37610b6f6b01a80
2011-03-16 22:15:39 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-16 22:14:36 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-16 22:14:15 14048 ------w- c:\windows\system32\spmsg2.dll
2011-03-08 21:58:28 -------- d-----w- C:\logs
2011-03-08 21:58:17 -------- d-----w- c:\documents and settings\bimbim\Speedbit
2011-03-03 08:13:09 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\WMTools Downloaded Files
.
==================== Find3M ====================
.
2011-03-21 05:12:06 112640 --sh--r- c:\documents and settings\bimbim\fswagz.exe
2011-03-16 10:30:00 1880144 ----a-w- c:\windows\system32\BTScan.exe
2011-01-03 14:03:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-30 13:22:11 255497 ----a-w- c:\program files\RMPly00.exe
2006-05-03 03:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 04:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 06:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 3:55:06.96 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 6/14/2010 6:30:15 PM
System Uptime: 3/22/2011 2:40:41 PM (13 hours ago)
.
Motherboard: ASRock | | G41M-VS2
Processor: Intel Pentium III Xeon processor | CPUSocket | 1588/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 20.955 GiB free.
D: is FIXED (NTFS) - 110 GiB total, 7.328 GiB free.
E: is FIXED (NTFS) - 34 GiB total, 1.528 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP67: 12/23/2010 12:55:48 PM - Removed MobileMe Control Panel
RP68: 12/26/2010 9:49:24 AM - System Checkpoint
RP69: 12/28/2010 6:14:58 PM - System Checkpoint
RP70: 12/30/2010 12:53:18 PM - System Checkpoint
RP71: 1/2/2011 6:26:30 AM - System Checkpoint
RP72: 1/3/2011 7:01:36 PM - System Checkpoint
RP73: 1/6/2011 4:32:53 AM - System Checkpoint
RP74: 1/16/2011 12:35:06 PM - System Checkpoint
RP75: 1/18/2011 12:42:40 AM - System Checkpoint
RP76: 1/20/2011 7:50:08 AM - System Checkpoint
RP77: 1/22/2011 10:50:33 AM - System Checkpoint
RP78: 1/24/2011 8:03:24 AM - System Checkpoint
RP79: 1/25/2011 6:59:30 PM - System Checkpoint
RP80: 1/27/2011 12:41:24 PM - System Checkpoint
RP81: 2/3/2011 9:54:13 PM - System Checkpoint
RP82: 2/6/2011 8:30:26 AM - System Checkpoint
RP83: 2/7/2011 11:15:29 PM - System Checkpoint
RP84: 2/8/2011 11:25:36 PM - System Checkpoint
RP85: 2/10/2011 3:29:32 PM - System Checkpoint
RP86: 2/12/2011 3:37:07 PM - System Checkpoint
RP87: 2/14/2011 6:37:25 PM - System Checkpoint
RP88: 2/15/2011 6:47:57 PM - System Checkpoint
RP89: 2/17/2011 6:58:56 PM - System Checkpoint
RP90: 2/19/2011 12:21:48 AM - System Checkpoint
RP91: 2/21/2011 5:25:51 AM - System Checkpoint
RP92: 2/22/2011 7:57:38 PM - System Checkpoint
RP93: 2/23/2011 11:54:09 PM - System Checkpoint
RP94: 2/25/2011 5:57:24 PM - System Checkpoint
RP95: 2/26/2011 8:01:20 PM - System Checkpoint
RP96: 2/27/2011 8:11:35 PM - System Checkpoint
RP97: 3/1/2011 12:06:58 AM - System Checkpoint
RP98: 3/2/2011 1:49:05 AM - System Checkpoint
RP99: 3/3/2011 7:25:43 AM - System Checkpoint
RP100: 3/5/2011 8:24:47 AM - System Checkpoint
RP101: 3/6/2011 8:26:24 AM - System Checkpoint
RP102: 3/7/2011 4:48:06 PM - System Checkpoint
RP103: 3/9/2011 7:45:23 PM - System Checkpoint
RP104: 3/10/2011 8:21:40 PM - System Checkpoint
RP105: 3/15/2011 7:57:15 AM - System Checkpoint
RP106: 3/17/2011 6:14:14 AM - Installed %1 %2.
RP107: 3/17/2011 6:14:23 AM - Printer Driver Microsoft XPS Document Writer Installed
RP108: 3/17/2011 6:20:18 AM - Installed Windows XP KB942288-v3.
RP109: 3/17/2011 6:21:07 AM - Installed Windows Media Format Runtime
RP110: 3/17/2011 6:22:10 AM - Installed Windows XP Wudf01000.
RP111: 3/17/2011 11:57:32 AM - Installed Adobe After Effects 7.0
RP112: 3/19/2011 12:47:46 AM - System Checkpoint
RP113: 3/20/2011 12:00:11 AM - Installed Nero 7 Essentials
RP114: 3/21/2011 10:19:42 AM - Removed Timershot Powertoy for Windows XP
RP115: 3/21/2011 10:20:30 AM - Removed Sun ODF Plugin for Microsoft Office 3.1
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Photoshop Lightroom 2
Adobe Reader 9.1
AhnLab V3 Internet Security 8.0
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASRock IES v2.0.8
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bonjour
BufferChm
calibre
Conduit Engine
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DocProc
DocProcQFolder
Download Accelerator Plus (DAP)
eSupportQFolder
F4100
F4100_doccd
F4100_Help
Facebook Plug-In
Freemake Video Converter version 2.0.0
Google Chrome
Google Earth
Google Update Helper
Hotfix for Windows XP (KB942288-v3)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Solution Center 9.0
HP Update
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 14
K-Lite Mega Codec Pack 5.8.3
LightScribe 1.8.13.1
ManyCam 2.6.1 (remove only)
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Morgan Stream Switcher
Mozilla Firefox (3.6.13)
MSVCRT
MSVCRT Redists
MSXML 6.0 Parser (KB925673)
NCH Toolbar
Nero 7 Essentials
Picasa 3
Poladroid
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Robo.to Maker
RockMelt
Scan
Segoe UI
Skype Toolbars
Skype™ 5.0
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
v2010.build.42
Vegas Pro 10.0
VLC media player 1.1.4
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Workflow Foundation
WinPatrol
WinRAR archiver
Xilisoft iPod Video Converter 6
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.6.5
.
==== Event Viewer Messages From Past Week ========
.
3/21/2011 6:54:44 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 12:07:19 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
3/17/2011 8:01:29 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
3/17/2011 8:01:29 AM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
3/17/2011 8:01:29 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================
Saoirse
Active Member
 
Posts: 5
Joined: February 9th, 2009, 8:19 pm
Location: Cebooze.

Re: Might this be a trojan?

Unread postby Blade81 » March 22nd, 2011, 4:30 pm

I don't really use Internet Explorer that's why it was never updated.

IE engine is used by many programs background and that's why it has to be up-to-date. Let's deal with that a bit later :)

Have all those affected flash drives plugged in.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Might this be a trojan?

Unread postby Saoirse » March 23rd, 2011, 3:16 pm

ComboFix 11-03-22.09 - bimbim 03/23/2011 22:43:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.893.549 [GMT 8:00]
Running from: c:\documents and settings\bimbim\Desktop\ComboFix.exe
AV: AhnLab V3 Internet Security 8.0 *Disabled/Updated* {D881C1F7-6566-4C80-82F8-BA5258DDD50E}
FW: AhnLab V3 Internet Security 8.0 *Disabled* {6CBF11B7-327F-4AB6-BBD3-AE8650A9D64C}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-22 20:14 . 2011-03-22 20:14 108544 ------w- c:\documents and settings\bimbim\Application Data\Qcmamq.exe
2011-03-20 23:34 . 2011-03-20 23:34 -------- d-----w- c:\documents and settings\bimbim\Application Data\WinPatrol
2011-03-20 23:34 . 2011-03-20 23:34 -------- d-----w- c:\program files\BillP Studios
2011-03-20 23:34 . 2011-03-20 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2011-03-19 16:29 . 2011-03-19 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2011-03-19 16:08 . 2011-03-19 16:08 -------- d-----w- c:\program files\Common Files\LightScribe
2011-03-19 16:06 . 2011-03-19 16:29 -------- d-----w- c:\documents and settings\bimbim\Local Settings\Application Data\Ahead
2011-03-19 16:02 . 2011-03-19 16:31 -------- d-----w- c:\documents and settings\bimbim\Application Data\Ahead
2011-03-19 16:00 . 2011-03-19 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-03-19 16:00 . 2011-03-19 16:06 -------- d-----w- c:\program files\Common Files\Ahead
2011-03-19 16:00 . 2011-03-19 16:00 -------- d-----w- c:\program files\Nero
2011-03-18 16:01 . 2011-03-18 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2011-03-17 03:58 . 2011-03-17 03:58 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2011-03-16 23:36 . 2011-03-16 23:36 -------- d-----w- c:\documents and settings\bimbim\Local Settings\Application Data\Xara
2011-03-16 23:33 . 2011-03-21 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2011-03-16 23:31 . 2011-03-21 02:19 -------- d-----w- c:\program files\MAGIX
2011-03-16 23:31 . 2007-04-27 01:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2011-03-16 23:28 . 2011-03-22 19:52 -------- d-----w- c:\windows\system32\MAGIX
2011-03-16 23:28 . 2008-04-15 07:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2011-03-16 22:41 . 2011-03-18 20:34 -------- d-----w- c:\documents and settings\bimbim\Application Data\Publish Providers
2011-03-16 22:35 . 2011-03-16 22:35 -------- d-----w- c:\documents and settings\bimbim\Local Settings\Application Data\Sony
2011-03-16 22:24 . 2011-03-16 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2011-03-16 22:24 . 2011-03-16 22:24 -------- d-----w- c:\program files\Sony
2011-03-16 22:22 . 2011-03-16 22:23 -------- d-----w- C:\aa6f37e37610b6f6b01a80
2011-03-16 22:22 . 2011-03-16 22:23 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-03-16 22:18 . 2011-03-16 22:18 -------- d-----w- c:\program files\MSBuild
2011-03-16 22:15 . 2011-03-16 22:15 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-16 22:14 . 2011-03-16 22:14 -------- d-----w- c:\program files\Reference Assemblies
2011-03-16 22:14 . 2006-10-14 08:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-16 22:14 . 2006-06-29 05:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-03-16 21:27 . 2011-03-16 22:41 -------- d-----w- c:\documents and settings\bimbim\Application Data\Sony
2011-03-08 21:58 . 2011-03-08 21:58 -------- d-----w- C:\logs
2011-03-08 21:58 . 2011-03-08 21:58 -------- d-----w- c:\documents and settings\bimbim\Speedbit
2011-03-03 08:13 . 2011-03-03 08:13 -------- d-----w- c:\documents and settings\bimbim\Local Settings\Application Data\WMTools Downloaded Files
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 10:30 . 2010-06-15 09:38 1916752 ----a-w- c:\windows\system32\drivers\v3engine.sys
2011-03-16 10:30 . 2010-06-15 09:38 1880144 ----a-w- c:\windows\system32\BTScan.exe
2011-03-02 03:04 . 2010-06-15 09:39 1441104 ----a-w- c:\windows\system32\drivers\ahnsze.sys
2011-01-03 14:03 . 2010-06-15 09:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-30 13:22 . 2010-12-30 13:21 255497 ----a-w- c:\program files\RMPly00.exe
2006-05-03 03:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 04:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 06:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\tbNCH.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 07:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2010-09-12 07:02 3863136 ----a-w- c:\program files\NCH\tbNCH.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\tbNCH.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}"= "c:\program files\NCH\tbNCH.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASRockIES"="c:\program files\ASRock Utility\IES\AsrIes.exe" [2009-09-16 7135752]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-06-15 2815488]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2010-10-15 1721640]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-11-04 6174008]
"RockMelt Update"="c:\documents and settings\bimbim\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe" [2011-02-13 136336]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V3 Session Process"="c:\program files\AhnLab\V3IS80\V3SP.exe" [2010-08-27 354008]
"HP Software Update"="d:\hp software update\HPWuSchd2.exe" [2007-03-11 49152]
"iTunesHelper"="D:\iTunesHelper.exe" [2010-09-23 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-03 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
.
c:\documents and settings\bimbim\Start Menu\Programs\Startup\
MojiChi.lnk - c:\program files\MojiKan\MojiChi\MojiChi.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - d:\digital imaging\bin\hpqtra08.exe [2007-3-11 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Btscan.exe c:\program files\AhnLab\V3IS80\BTScan.opt
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 09:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-06-14 11:19 178712 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-06-14 11:19 150040 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-11-04 13:04 6174008 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-06-14 11:19 150040 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-28 09:18 17331200 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-06-15 09:45 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AMonTDNt.sys [6/15/2010 5:39 PM 95880]
R1 ATamptNt_V3IS80;ATamptNt_V3IS80;c:\progra~1\AhnLab\V3IS80\ATamptNt.sys [6/15/2010 5:39 PM 154208]
R2 AMonHKnt;AMonHKnt;c:\windows\system32\drivers\AMonHKNT.sys [6/15/2010 5:39 PM 53224]
R2 V3 Service;V3 Service;c:\program files\AhnLab\V3IS80\V3Svc.exe [6/15/2010 5:39 PM 212184]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2k.sys [6/15/2010 5:39 PM 52960]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2k.sys [6/15/2010 5:39 PM 20320]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [6/15/2010 5:39 PM 53728]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [6/15/2010 5:39 PM 19608]
R3 IesDrv;IesDrv;\??\c:\windows\system32\Drivers\IesDrv.sys --> c:\windows\system32\Drivers\IesDrv.sys [?]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9/4/2009 1:46 PM 45056]
R3 TfFRegNt;TfFRegNt;c:\program files\AhnLab\V3IS80\TFFREGNT.SYS [6/15/2010 5:39 PM 55520]
R3 TfProcNt;TfProcNt;c:\program files\AhnLab\V3IS80\AHAWKENT.SYS [6/15/2010 5:39 PM 29280]
S1 V3Flt2K;V3Flt2K;c:\progra~1\AhnLab\V3IS80\V3Flt2K.sys [6/15/2010 5:39 PM 168032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/8/2010 10:24 AM 136176]
S3 AhnActNt;AhnActNt;c:\progra~1\AhnLab\V3IS80\AhnActNt.sys [6/15/2010 5:39 PM 88544]
S3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [6/15/2010 5:39 PM 1441104]
S3 ASZFltNt;ASZFltNt;c:\progra~1\AhnLab\V3IS80\ASZFltNt.sys [6/15/2010 5:39 PM 127072]
S3 ISFWEnt;ISFWEnt;c:\program files\AhnLab\V3IS80\ISFWENt.sys [6/15/2010 5:39 PM 143928]
S3 ISIPSEnt;ISIPSEnt;c:\program files\AhnLab\V3IS80\ISIPSENt.sys [6/15/2010 5:39 PM 139720]
S3 ISPIBEnt;ISPIBEnt;c:\program files\AhnLab\V3IS80\ISPIBENt.sys [6/15/2010 5:39 PM 128384]
S3 ISPrxEnt;ISPrxEnt;c:\program files\AhnLab\V3IS80\ISPrxENt.sys [6/15/2010 5:39 PM 77152]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 PM 21632]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 PM 227232]
S3 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [6/15/2010 5:38 PM 1916752]
S3 V3Flu2k_V3IS80;V3Flu2k_V3IS80;c:\progra~1\AhnLab\V3IS80\V3Flu2k.sys [6/15/2010 5:39 PM 120928]
S3 V3IFt2K;V3IFt2K;c:\progra~1\AhnLab\V3IS80\V3IFt2K.sys [6/15/2010 5:39 PM 77664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IESDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 04:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 02:23]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 02:23]
.
2011-03-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1993962763-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33]
.
2011-03-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1993962763-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33]
.
2011-03-22 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1292428093-1993962763-1801674531-1003Core.job
- c:\documents and settings\bimbim\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-02-13 20:26]
.
2011-03-23 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1292428093-1993962763-1801674531-1003UA.job
- c:\documents and settings\bimbim\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2011-02-13 20:26]
.
2011-03-22 c:\windows\Tasks\WebReg Deskjet F4100 series.job
- d:\digital imaging\bin\hpqwrg.exe [2007-03-11 13:27]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\bimbim\Application Data\Mozilla\Firefox\Profiles\yjtp4lut.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox ... S:official
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 22:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2740)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-23 22:48:57
ComboFix-quarantined-files.txt 2011-03-23 14:48
ComboFix2.txt 2011-03-23 14:37
.
Pre-Run: 23,950,200,832 bytes free
Post-Run: 23,934,304,256 bytes free
.
- - End Of File - - 58297B5534F37459B91DF940A538B819



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by bimbim at 3:06:06.35 on Thu 03/24/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.893.466 [GMT 8:00]
.
AV: AhnLab V3 Internet Security 8.0 *Enabled/Updated* {D881C1F7-6566-4C80-82F8-BA5258DDD50E}
FW: AhnLab V3 Internet Security 8.0 *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AhnLab\V3IS80\V3Svc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
D:\HP Software Update\HPWuSchd2.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASRock Utility\IES\AsrIes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\bimbim\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\tbNCH.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\tbNCH.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\nch\tbNCH.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ASRockIES] "c:\program files\asrock utility\ies\AsrIes.exe"
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [RockMelt Update] "c:\documents and settings\bimbim\local settings\application data\rockmelt\update\RockMeltUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [V3 Session Process] "c:\program files\ahnlab\v3is80\V3SP.exe"
mRun: [HP Software Update] d:\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\bimbim\startm~1\programs\startup\mojichi.lnk - c:\program files\mojikan\mojichi\MojiChi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\bimbim\applic~1\mozilla\firefox\profiles\yjtp4lut.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox ... S:official
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\bimbim\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\bimbim\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\bimbim\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\documents and settings\bimbim\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
FF - plugin: d:\vlc\npvlc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AMonTDNt.sys [2010-6-15 95880]
R1 ATamptNt_V3IS80;ATamptNt_V3IS80;c:\progra~1\ahnlab\v3is80\ATamptNt.sys [2010-6-15 154208]
R1 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [2010-6-15 1916752]
R1 V3Flt2K;V3Flt2K;c:\progra~1\ahnlab\v3is80\V3Flt2K.sys [2010-6-15 168032]
R2 AMonHKnt;AMonHKnt;c:\windows\system32\drivers\AMonHKNT.sys [2010-6-15 53224]
R2 V3 Service;V3 Service;c:\program files\ahnlab\v3is80\V3Svc.exe [2010-6-15 212184]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2k.sys [2010-6-15 52960]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2k.sys [2010-6-15 20320]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [2010-6-15 53728]
R3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [2010-6-15 1441104]
R3 ASZFltNt;ASZFltNt;c:\progra~1\ahnlab\v3is80\ASZFltNt.sys [2010-6-15 127072]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2010-6-15 19608]
R3 IesDrv;IesDrv;\??\c:\windows\system32\drivers\iesdrv.sys --> c:\windows\system32\drivers\IesDrv.sys [?]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-9-4 45056]
R3 TfFRegNt;TfFRegNt;c:\program files\ahnlab\v3is80\TFFREGNT.SYS [2010-6-15 55520]
R3 TfProcNt;TfProcNt;c:\program files\ahnlab\v3is80\AHAWKENT.SYS [2010-6-15 29280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 136176]
S3 AhnActNt;AhnActNt;c:\progra~1\ahnlab\v3is80\AhnActNt.sys [2010-6-15 88544]
S3 ISFWEnt;ISFWEnt;c:\program files\ahnlab\v3is80\ISFWENt.sys [2010-6-15 143928]
S3 ISIPSEnt;ISIPSEnt;c:\program files\ahnlab\v3is80\ISIPSENt.sys [2010-6-15 139720]
S3 ISPIBEnt;ISPIBEnt;c:\program files\ahnlab\v3is80\ISPIBENt.sys [2010-6-15 128384]
S3 ISPrxEnt;ISPrxEnt;c:\program files\ahnlab\v3is80\ISPrxENt.sys [2010-6-15 77152]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 V3Flu2k_V3IS80;V3Flu2k_V3IS80;c:\progra~1\ahnlab\v3is80\V3Flu2k.sys [2010-6-15 120928]
S3 V3IFt2K;V3IFt2K;c:\progra~1\ahnlab\v3is80\V3IFt2K.sys [2010-6-15 77664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-23 14:42:51 -------- d-----w- C:\ComboFix
2011-03-23 14:30:32 -------- d-sha-r- C:\cmdcons
2011-03-23 14:25:58 98816 ----a-w- c:\windows\sed.exe
2011-03-23 14:25:58 89088 ----a-w- c:\windows\MBR.exe
2011-03-23 14:25:58 256512 ----a-w- c:\windows\PEV.exe
2011-03-23 14:25:58 161792 ----a-w- c:\windows\SWREG.exe
2011-03-22 20:14:44 108544 ------w- c:\docume~1\bimbim\applic~1\Qcmamq.exe
2011-03-21 02:19:44 -------- d-----w- c:\windows\system32\appmgmt
2011-03-20 23:34:56 -------- d-----w- c:\docume~1\bimbim\applic~1\WinPatrol
2011-03-20 23:34:39 -------- d-----w- c:\program files\BillP Studios
2011-03-20 23:34:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\InstallMate
2011-03-19 16:29:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\LightScribe
2011-03-19 16:06:53 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\Ahead
2011-03-19 16:00:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero
2011-03-19 16:00:19 -------- d-----w- c:\program files\Nero
2011-03-17 03:58:35 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-03-16 23:36:40 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\Xara
2011-03-16 23:33:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\MAGIX
2011-03-16 23:31:46 -------- d-----w- c:\program files\MAGIX
2011-03-16 23:31:45 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2011-03-16 23:28:02 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2011-03-16 23:28:02 -------- d-----w- c:\windows\system32\MAGIX
2011-03-16 22:35:35 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\Sony
2011-03-16 22:24:49 -------- d-----w- c:\program files\Sony
2011-03-16 22:22:20 -------- d-----w- C:\aa6f37e37610b6f6b01a80
2011-03-16 22:15:39 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-16 22:14:36 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-16 22:14:15 14048 ------w- c:\windows\system32\spmsg2.dll
2011-03-08 21:58:28 -------- d-----w- C:\logs
2011-03-08 21:58:17 -------- d-----w- c:\documents and settings\bimbim\Speedbit
2011-03-03 08:13:09 -------- d-----w- c:\docume~1\bimbim\locals~1\applic~1\WMTools Downloaded Files
.
==================== Find3M ====================
.
2011-03-16 10:30:00 1880144 ----a-w- c:\windows\system32\BTScan.exe
2011-01-03 14:03:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-30 13:22:11 255497 ----a-w- c:\program files\RMPly00.exe
2006-05-03 03:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 04:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 06:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 3:06:16.04 ===============
Saoirse
Active Member
 
Posts: 5
Joined: February 9th, 2009, 8:19 pm
Location: Cebooze.

Re: Might this be a trojan?

Unread postby Blade81 » March 24th, 2011, 9:56 am

Hi,

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Might this be a trojan?

Unread postby Saoirse » March 25th, 2011, 7:54 pm

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6160

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/26/2011 7:44:52 AM
mbam-log-2011-03-26 (07-44-52).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|)
Objects scanned: 235579
Time elapsed: 58 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
h:\aftereffects\crack(after)\KEYGEN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
h:\flash pro 8.0\crack(flash)\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
h:\sony vegas pro 10\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
Saoirse
Active Member
 
Posts: 5
Joined: February 9th, 2009, 8:19 pm
Location: Cebooze.

Re: Might this be a trojan?

Unread postby Blade81 » March 26th, 2011, 8:06 am

Hi again,

These don't seem to be legit so you have to delete them:
h:\aftereffects
h:\flash pro 8.0
h:\sony vegas pro 10

Also, you have to uninstall this:
Vegas Pro 10.0


Disable WinPatrol's realtime protection.
  • Right-click the running icon of Winpatrol in the system tray
  • Choose exit. It will automatically restart at next boot.



Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=56186
Collect::
c:\documents and settings\bimbim\Application Data\Qcmamq.exe
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Firefox::
FF - ProfilePath - c:\documents and settings\bimbim\Application Data\Mozilla\Firefox\Profiles\yjtp4lut.default\
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Install Internet Explorer 8 here.


Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is not checked. Scan your flash drives too.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Might this be a trojan?

Unread postby Blade81 » March 29th, 2011, 12:47 pm

Are you still there?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Might this be a trojan?

Unread postby Blade81 » April 1st, 2011, 11:58 am

Due to inactivity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware