Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

tried the dds report and here it is...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

tried the dds report and here it is...

Unread postby dragonmaster61 » May 13th, 2011, 9:43 pm

.My netbook has QFO.exe stucked in the AVG so i'm not sure how to get rid of it. And i don't know what report is needed so i'll just copy and paste everything...

DDS (Ver_11-03-05.01) - NTFSx86
Run by Darrell at 9:29:17.71 on Sat 05/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1168 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WTouch\WTouchUser.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mobile Broadband Modem\Mobile Broadband Modem.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Darrell\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... aspire_one
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... aspire_one
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3600-4600 series\ezprint.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {6908AC34-C558-4CFD-85E0-0BFA02F97C66} = 203.116.1.94 203.116.254.150
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\darrell\applic~1\mozilla\firefox\profiles\4mzwkf21.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mangafox.com/
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-7 214664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-7 88176]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-7 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-7 144704]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-7 237568]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2011-4-18 4497704]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2011-4-18 113448]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-4-17 102656]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-4 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2011-4-18 145152]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-7 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-7 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-7 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-7 40552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2011-4-18 98984]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-7 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-7 24064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-17 136176]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-7 34248]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-4-18 16168]
.
=============== Created Last 30 ================
.
2011-05-10 09:54:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-10 09:54:34 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-10 05:57:08 -------- d-----w- c:\documents and settings\darrell\Bluetooth Software
2011-05-04 08:21:33 -------- d-----w- C:\Games
2011-05-04 07:35:51 -------- d--h--w- c:\windows\PIF
2011-04-21 06:11:07 -------- d-----w- c:\docume~1\darrell\applic~1\AVG10
2011-04-21 05:57:24 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-04-21 05:54:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-21 05:54:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-04-21 05:53:09 -------- d-----w- c:\program files\AVG
2011-04-21 04:15:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-04-19 05:10:44 4633632 ----a-w- c:\windows\system32\GameMon.des
2011-04-18 13:30:26 -------- d-----w- c:\documents and settings\all users\Lx_cats
2011-04-18 13:29:43 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-04-18 13:29:43 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-04-18 13:26:30 -------- d-----w- C:\logs
2011-04-18 13:26:00 40960 ----a-w- c:\windows\system32\lxdxvs.dll
2011-04-18 13:25:51 360448 ----a-w- c:\windows\system32\lxdxcoin.dll
2011-04-18 13:25:49 115200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdxdrpp.dll
2011-04-18 13:24:52 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-18 13:24:52 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-18 13:24:43 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-04-18 13:24:43 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-04-18 13:24:31 81920 ----a-w- c:\windows\system32\lxdxcaps.dll
2011-04-18 13:24:31 782336 ----a-w- c:\windows\system32\lxdxdrs.dll
2011-04-18 13:24:30 69632 ----a-w- c:\windows\system32\lxdxcnv4.dll
2011-04-18 13:23:18 -------- d-----w- c:\program files\Lexmark Toolbar
2011-04-18 13:21:45 -------- d-----w- c:\program files\Lexmark 3600-4600 Series
2011-04-18 09:57:40 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-04-18 09:57:40 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-04-18 09:52:00 -------- d-----w- c:\program files\common files\INCA Shared
2011-04-18 09:41:19 -------- d-----w- c:\docume~1\darrell\locals~1\applic~1\Identities
2011-04-18 09:27:05 -------- d-----w- c:\program files\CABAL Online (SG MY)
2011-04-18 06:19:49 -------- d-----w- c:\program files\uTorrent
2011-04-18 06:19:22 -------- d-----w- c:\docume~1\darrell\applic~1\uTorrent
2011-04-18 04:43:43 -------- d-----w- c:\docume~1\darrell\applic~1\WTablet
2011-04-18 04:43:36 -------- d-----w- c:\docume~1\darrell\applic~1\WTouch
2011-04-18 04:43:35 245032 ------w- c:\windows\system32\Touch_Tablet.dll
2011-04-18 04:43:17 -------- d-----w- c:\program files\WTouch
2011-04-18 04:43:10 -------- d-----w- c:\program files\TabletPlugins
2011-04-18 04:42:05 6393640 ------w- c:\windows\system32\PenTablet.cpl
2011-04-18 04:41:35 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-04-18 04:41:29 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-04-18 04:41:23 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-04-18 04:41:17 -------- d-----w- c:\windows\system32\WTablet
2011-04-18 04:41:15 284160 ------w- c:\windows\system32\Wintab32.dll
2011-04-18 04:41:14 416040 ------w- c:\windows\system32\Pen_Tablet.dll
2011-04-18 04:41:09 4497704 ------w- c:\windows\system32\Pen_Tablet.exe
2011-04-18 04:40:53 -------- d-----w- c:\program files\Tablet
2011-04-18 04:29:09 -------- d-----w- c:\docume~1\darrell\applic~1\Adobe Mini Bridge CS5
2011-04-18 04:29:08 -------- d-----w- c:\docume~1\darrell\applic~1\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-18 04:22:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-04-18 04:10:00 -------- d-----w- c:\docume~1\darrell\locals~1\applic~1\Adobe
2011-04-18 03:15:49 -------- d-----w- c:\program files\Adobe Photoshop CS5 Extended Edition
2011-04-17 22:18:00 -------- d-----w- c:\windows\Screensavers
2011-04-17 22:14:38 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-04-17 22:14:38 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-04-17 22:13:14 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-04-17 22:13:14 106557 ----a-w- c:\windows\system32\btw_ci.dll
2011-04-17 22:13:13 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2011-04-17 22:13:12 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2011-04-17 22:13:12 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2011-04-17 22:13:12 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-04-17 22:13:11 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-04-17 22:13:11 534312 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-04-17 22:12:58 -------- d-----w- c:\program files\WIDCOMM
2011-04-17 22:12:13 106496 ----a-w- c:\windows\FixUVC.exe
2011-04-17 22:07:02 91136 ----a-w- c:\windows\kswdmcap.ax
2011-04-17 22:07:02 28672 ----a-w- c:\windows\vidcap.ax
2011-04-17 22:07:01 61952 ----a-w- c:\windows\kstvtune.ax
2011-04-17 22:07:01 53760 ----a-w- c:\windows\vfwwdm32.dll
2011-04-17 22:06:59 43008 ----a-w- c:\windows\ksxbar.ax
2011-04-17 22:06:55 53248 ----a-w- c:\windows\system\M3000Rmv.dll
2011-04-17 22:06:55 147456 ----a-w- c:\windows\system\M3000Vex.dll
2011-04-17 22:06:55 145152 ----a-w- c:\windows\system32\drivers\M3000KNT.sys
2011-04-17 22:06:55 -------- d-----w- c:\windows\WebCam
2011-04-17 22:06:54 331776 ----a-w- c:\windows\system\M3000Dex.dll
2011-04-17 22:06:54 233472 ----a-w- c:\windows\system32\M3000DIF.dll
2011-04-17 22:06:54 -------- d-----w- c:\windows\M30Setup
2011-04-17 22:06:54 -------- d-----w- c:\program files\ALi
2011-04-17 22:06:49 -------- d-----w- c:\program files\AcerDriverInstaller
2011-04-17 22:01:57 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-04-17 21:57:50 -------- d-----w- c:\windows\3G
2011-04-17 21:57:48 -------- d-----w- c:\windows\WLAN
2011-04-17 21:57:47 -------- d-----w- c:\windows\system32\oem
2011-04-17 15:24:48 -------- d-----w- c:\program files\VideoLAN
2011-04-17 14:24:29 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-04-17 14:24:29 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-04-17 14:24:27 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-04-17 14:24:27 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-04-17 09:10:59 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-17 09:10:59 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-04-17 09:10:59 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-17 09:10:59 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2011-04-17 08:52:32 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-04-17 08:52:32 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-17 08:52:31 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-17 08:52:31 102656 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-04-17 08:52:31 102400 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-17 08:51:42 -------- d-----w- c:\program files\Mobile Broadband Modem
2011-04-17 08:50:53 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-04-17 08:50:53 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-04-17 08:50:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-04-17 07:42:43 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-17 07:42:07 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-17 07:41:53 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-17 07:41:53 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-17 07:41:53 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-17 07:41:53 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-17 07:41:53 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-04-17 07:41:53 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-04-17 07:41:53 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-04-17 07:41:53 117760 ------w- c:\windows\system32\prntvpt.dll
2011-04-17 07:41:52 -------- d-----w- C:\e46c63700f8066bfd47a7f2991
2011-04-17 07:33:58 -------- d-sh--w- c:\documents and settings\darrell\IECompatCache
2011-04-17 07:33:40 -------- d-sh--w- c:\documents and settings\darrell\PrivacIE
2011-04-17 07:32:08 -------- d-sh--w- c:\documents and settings\darrell\IETldCache
2011-04-17 07:29:30 -------- d-----w- c:\windows\ServicePackFiles
2011-04-17 07:13:57 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-04-17 07:13:39 -------- d-----w- c:\windows\ie8updates
2011-04-17 07:13:29 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-04-17 07:13:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-17 07:13:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-17 07:12:32 -------- dc-h--w- c:\windows\ie8
2011-04-17 06:57:03 78336 -c----w- c:\windows\system32\dllcache\ieencode.dll
2011-04-17 06:57:03 78336 ------w- c:\windows\system32\ieencode.dll
2011-04-17 06:46:46 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-04-17 06:43:51 -------- d-----w- c:\windows\system32\PreInstall
2011-04-17 06:39:14 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-04-17 06:36:45 -------- d-----w- c:\program files\CCleaner
2011-04-17 06:35:58 -------- d-----w- c:\docume~1\darrell\locals~1\applic~1\Temp
.
==================== Find3M ====================
.
2011-04-17 22:14:51 2296 ----a-w- c:\windows\CLEANUP.CMD
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 9:37:56.64 ===============
dragonmaster61
Active Member
 
Posts: 5
Joined: May 13th, 2011, 10:06 am
Location: Singapore
Advertisement
Register to Remove

Re: tried the dds report and here it is...

Unread postby melboy » May 15th, 2011, 5:53 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==============================================================


With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate uTorrent and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.



CKScanner

Download CKScanner from here

  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Please also post the attach.txt from when you ran DDS.


In your next reply:
  1. Attach.txt
  2. CKFiles.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: tried the dds report and here it is...

Unread postby dragonmaster61 » May 15th, 2011, 6:43 pm

"C:/WINDOWS/system32/rundll32.exe Application not found."
that's what it says after clicking on the Add or Remove programs.
So i did the 'Shift + Del' to delete the uTorrent...and DDS points out i still have the program...
Actually most of the programs i click on comes out a "open with"

And thanks for the help
Here's the attach.txt,
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/18/2011 6:05:03 AM
System Uptime: 5/16/2011 5:43:25 AM (1 hours ago)
.
Motherboard: Acer | | Aspire one
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 104.357 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 4/18/2011 6:05:07 AM - System Checkpoint
RP2: 4/18/2011 6:06:49 AM - Installed AcerDriverInstaller
RP3: 4/18/2011 6:06:54 AM - Installed Webcam
RP4: 4/18/2011 6:09:36 AM - Installed Atheros Driver Installation Program
RP5: 4/18/2011 6:10:27 AM - Installed Realtek High Definition Audio Driver
RP6: 4/18/2011 6:12:12 AM - Installed Acer Crystal Eye webcam
RP7: 4/18/2011 6:16:17 AM - Installed Acer eRecovery Management
RP8: 4/17/2011 2:42:51 PM - Software Distribution Service 3.0
RP9: 4/17/2011 2:57:37 PM - Software Distribution Service 3.0
RP10: 4/17/2011 3:36:11 PM - Software Distribution Service 3.0
RP11: 4/18/2011 12:17:34 AM - Software Distribution Service 3.0
RP12: 4/19/2011 1:54:29 AM - Software Distribution Service 3.0
RP13: 4/21/2011 1:52:34 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP14: 4/21/2011 1:53:07 PM - Installed AVG 2011
RP15: 4/21/2011 1:54:25 PM - Installed AVG 2011
RP16: 4/22/2011 5:34:11 PM - System Checkpoint
RP17: 4/24/2011 6:17:29 PM - System Checkpoint
RP18: 4/27/2011 11:58:40 AM - System Checkpoint
RP19: 4/28/2011 12:46:46 PM - System Checkpoint
RP20: 4/28/2011 1:28:11 PM - Software Distribution Service 3.0
RP21: 5/7/2011 11:39:42 PM - System Checkpoint
RP22: 5/11/2011 9:43:43 AM - System Checkpoint
RP23: 5/13/2011 8:09:26 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 9.20
Acer Crystal Eye webcam Ver:1.1.81.402
Acer eRecovery Management
Acer ScreenSaver
Acer VCM
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9
Alice Greenfingers
ArtMoney SE v7.36
AVG 2011
Bamboo
Bookworm Adventures
C:\Program Files\Acer GameZone\GameConsole
CABAL Online
Cake Mania 2
CCleaner
Chicken Invaders 2
Choice Guard
Compatibility Pack for the 2007 Office system
Dream Day First Home
eSobi v2
Fizzball
Galapago
Gold Miner Vegas
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Jewelleria
Junk Mail filter update
Launch Manager
Lexmark 3600-4600 Series
Luxor - Amun Rising
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobile Broadband Modem
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Settings CS5
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Supercow
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
VLC media player 1.1.9
Webcam
WebFldrs XP
WebTablet IE Plugin
WebTablet Netscape Plugin
WIDCOMM Bluetooth Software
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 7:56:32 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
5/10/2011 9:54:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdxCATSCustConnectService service to connect.
5/10/2011 9:54:12 AM, error: Service Control Manager [7000] - The lxdxCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

And the CKfiles.txt

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_boom_v1.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_boom_v2.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_boom_v3.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_f1.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_f2.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_f3.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_f4.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_f5.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_gound_low.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_grav.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_grav2.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_ground.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_ice_1.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_ice_2.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_ice_3.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_in.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_mid.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_out.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_piece_fire1.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_piece_fire1_low.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\crack_piece_fire2.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\dx2_trainup_crack.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\dx2_trainup_nocrack.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\icepillar_crack_t1.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\icepillar_crack_t2.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\icepillar_crack_t3.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\ncrack_001.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\ncrack_001_1.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\ncrack_002.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\ncrack_002_1.ebm
c:\program files\cabal online (sg my)\data\fx\src\ebm\ncrack_003.ebm
c:\program files\cabal online (sg my)\data\fx\src\efx\crack_circle.efx
c:\program files\cabal online (sg my)\data\fx\src\efx\exploe_crack3.efx
c:\program files\cabal online (sg my)\data\fx\src\efx\exploe_crack4.efx
c:\program files\cabal online (sg my)\data\fx\src\efx\expole_crack.efx
c:\program files\cabal online (sg my)\data\fx\src\efx\expole_crack2.efx
c:\program files\cabal online (sg my)\data\fx\src\efx\expole_crack_np.efx
c:\program files\cabal online (sg my)\data\object\object\object_fx\fearofd\crackegg_a.efx
c:\program files\cabal online (sg my)\data\object\object\object_fx\fearofd\crackegg_a_add.ebm
c:\program files\cabal online (sg my)\data\object\object\object_fx\fearofd\fearofd_crackegg_a.ebm
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
scanner sequence 3.ZZ.11
----- EOF -----
dragonmaster61
Active Member
 
Posts: 5
Joined: May 13th, 2011, 10:06 am
Location: Singapore

Re: tried the dds report and here it is...

Unread postby melboy » May 16th, 2011, 8:11 am

Cracks, Keygens, Warez etc.

As the log(s) you've posted indicate, you've used one or more of the above.

>> Forum Policy <<

The software will have to be removed before we can continue. Be aware that the tools we use can and will detect such software. If there are more such new findings after this, the topic will also be closed.

Along with P2P filesharing, this is a surefire way to get your computer infected. Downloading cracks via P2P or visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

Additionally, cracked programs are illegal. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.

The distribution and use of cracked copies is illegal in almost every developed country.


Please post back to confirm the removal of the cracked Adobe items.

If you are having problems uninstalling the items, I can remove them for you - Let me know what you want to do.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: tried the dds report and here it is...

Unread postby dragonmaster61 » May 19th, 2011, 6:25 am

So the prob. is with the Adobe huh...didn't thought of that...
Well, the problem is still with the malware though, i can't open up the add/remove program from the control panel, and there's no uninstall so i can't really do anything (unless Shift+Del)...I'll try Shift+Del 1st...
I have deleted adobe related stuff ('cept for reader 9.0) with Shift+Del. Still can't go into add/remove program in control panel.

Can i just search for the word adobe, find everything and then delete all?
Or you just tell me what you would do, then teach me step by step...
Last edited by dragonmaster61 on May 19th, 2011, 8:55 pm, edited 1 time in total.
dragonmaster61
Active Member
 
Posts: 5
Joined: May 13th, 2011, 10:06 am
Location: Singapore

Re: tried the dds report and here it is...

Unread postby melboy » May 19th, 2011, 7:11 pm

I'll remove it for you.



OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: tried the dds report and here it is...

Unread postby dragonmaster61 » May 19th, 2011, 9:13 pm

Downloaded OTL.exe but cannot open the file with the same problem, can't open files. It just wrote there, application not found.
dragonmaster61
Active Member
 
Posts: 5
Joined: May 13th, 2011, 10:06 am
Location: Singapore

Re: tried the dds report and here it is...

Unread postby melboy » May 20th, 2011, 8:08 am

OK

Run this and then try to run OTL again. Please be patient and allow the tool time to run.


Rkill

Please download Rkill from here and save to your Desktop:

  • Double click on Rkill.
  • A command window will open then disappear upon completion. This is normal, and your desktop may temporarily disappear. Do not be alarmed.
  • Notepad will open, please post the contents in your next reply. (The log can also be found at C:\Rkill.txt)
  • Please leave Rkill on the Desktop until otherwise advised.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: tried the dds report and here it is...

Unread postby melboy » May 22nd, 2011, 7:39 am

Hi dragonmaster61

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: tried the dds report and here it is...

Unread postby Cypher » May 23rd, 2011, 1:32 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware