Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware

Unread postby Scoffer » June 6th, 2012, 5:38 am

Hi,

Seems I have the same problem as a lot of people do who come to this forum.

Bottom right of the browser shows a "Recommended for you" advert, most of which leads to ib.adnxs.com. I also get occasional redirects when clicking links.

I've tried spybot search and destroy and AVG, neither of which found anything.

DDS File:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Christopher at 10:31:51 on 2012-06-06
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.1804 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\DNA\btdna.exe
svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyServer = 192.168.1.165:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\christopher\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [KPeerNexonEU] c:\nexon\nexon_eu_downloader\nxEULauncher.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WTClient] WTClient.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Launch LGDCore] "c:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: cutlass.be
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/n ... uncher.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: Interfaces\{123470C6-D05D-46D1-BA7B-9E46DEFC2CD9} : NameServer = 192.168.1.254,192.168.1.255
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\christopher\application data\mozilla\firefox\profiles\undql2bm.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.co.uk
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0b ... &sap=ku&q=
FF - component: c:\program files\avg\avg2012\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\documents and settings\christopher\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\christopher\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\christopher\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\christopher\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\onlive\plugin\npolgdet.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg2012\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Do Not Track: {F53C93F1-07D5-430c-86D4-C9531B27DFAF} - c:\program files\avg\avg2012\firefox\DoNotTrack
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\documents and settings\all users\application data\avg secure search\11.0.0.9
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 3011f188000000000000001fc66a31cf
FF - user.js: extensions.BabylonToolbar_i.hardId - 3011f188000000000000001fc66a31cf
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15318
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:27:45
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-15 20968]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-6 932736]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2012-1-3 56424]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2010-8-4 31744]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2009-5-7 18944]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2008-7-15 733184]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2008-7-15 1656576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
S3 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
S3 cpuz132;cpuz132;\??\c:\docume~1\christ~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\christ~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2009-5-7 10752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\xdva332.sys --> c:\windows\system32\XDva332.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-06 10:33:30 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 10:33:30 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-10-16 14:13:03 585 ----a-w- c:\program files\Delete.bat
.
============= FINISH: 10:33:10.60 ===============


Attach File:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/07/2008 14:37:39
System Uptime: 28/05/2012 21:27:21 (205 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Rampage Formula
Processor: Intel Pentium III Xeon processor | LGA775 | 2671/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 52.464 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&B6AFFD&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&B6AFFD&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1277: 08/03/2012 08:22:28 - System Checkpoint
RP1278: 09/03/2012 09:21:22 - System Checkpoint
RP1279: 10/03/2012 10:21:22 - System Checkpoint
RP1280: 11/03/2012 11:21:22 - System Checkpoint
RP1281: 12/03/2012 20:34:57 - System Checkpoint
RP1282: 13/03/2012 21:23:40 - System Checkpoint
RP1283: 15/03/2012 01:48:59 - System Checkpoint
RP1284: 16/03/2012 02:22:34 - System Checkpoint
RP1285: 17/03/2012 03:22:36 - System Checkpoint
RP1286: 18/03/2012 03:29:48 - System Checkpoint
RP1287: 19/03/2012 04:22:35 - System Checkpoint
RP1288: 20/03/2012 04:22:42 - System Checkpoint
RP1289: 21/03/2012 05:23:48 - System Checkpoint
RP1290: 21/03/2012 14:17:44 - Software Distribution Service 3.0
RP1291: 22/03/2012 16:52:38 - System Checkpoint
RP1292: 23/03/2012 17:58:23 - System Checkpoint
RP1293: 24/03/2012 18:40:56 - System Checkpoint
RP1294: 24/03/2012 20:34:45 - Installed DirectX
RP1295: 25/03/2012 19:03:43 - Installed DirectX
RP1296: 25/03/2012 19:04:42 - Installed DirectX
RP1297: 25/03/2012 19:08:14 - Installed DirectX
RP1298: 26/03/2012 22:51:36 - System Checkpoint
RP1299: 27/03/2012 23:51:19 - System Checkpoint
RP1300: 29/03/2012 00:51:22 - System Checkpoint
RP1301: 30/03/2012 01:10:25 - System Checkpoint
RP1302: 31/03/2012 01:51:22 - System Checkpoint
RP1303: 01/04/2012 02:52:15 - System Checkpoint
RP1304: 02/04/2012 02:53:29 - System Checkpoint
RP1305: 03/04/2012 02:55:32 - System Checkpoint
RP1306: 04/04/2012 03:55:32 - System Checkpoint
RP1307: 05/04/2012 03:57:49 - System Checkpoint
RP1308: 06/04/2012 04:57:49 - System Checkpoint
RP1309: 07/04/2012 05:25:50 - System Checkpoint
RP1310: 08/04/2012 06:24:48 - System Checkpoint
RP1311: 09/04/2012 07:24:48 - System Checkpoint
RP1312: 10/04/2012 08:23:38 - System Checkpoint
RP1313: 11/04/2012 08:25:26 - System Checkpoint
RP1314: 12/04/2012 08:32:48 - System Checkpoint
RP1315: 13/04/2012 14:58:29 - System Checkpoint
RP1316: 14/04/2012 20:04:30 - System Checkpoint
RP1317: 15/04/2012 21:00:01 - System Checkpoint
RP1318: 16/04/2012 22:06:22 - System Checkpoint
RP1319: 17/04/2012 22:36:31 - System Checkpoint
RP1320: 19/04/2012 00:01:11 - System Checkpoint
RP1321: 20/04/2012 01:07:08 - System Checkpoint
RP1322: 21/04/2012 01:19:10 - System Checkpoint
RP1323: 22/04/2012 01:58:41 - System Checkpoint
RP1324: 23/04/2012 01:59:40 - System Checkpoint
RP1325: 24/04/2012 02:00:46 - System Checkpoint
RP1326: 25/04/2012 02:04:46 - System Checkpoint
RP1327: 26/04/2012 02:59:41 - System Checkpoint
RP1328: 27/04/2012 03:59:40 - System Checkpoint
RP1329: 28/04/2012 04:00:47 - System Checkpoint
RP1330: 29/04/2012 04:01:18 - System Checkpoint
RP1331: 30/04/2012 04:02:22 - System Checkpoint
RP1332: 01/05/2012 05:02:13 - System Checkpoint
RP1333: 02/05/2012 05:02:21 - System Checkpoint
RP1334: 03/05/2012 05:03:26 - System Checkpoint
RP1335: 04/05/2012 06:03:25 - System Checkpoint
RP1336: 05/05/2012 06:03:54 - System Checkpoint
RP1337: 06/05/2012 06:04:20 - System Checkpoint
RP1338: 06/05/2012 18:19:41 - Installed AVG 2012
RP1339: 07/05/2012 22:23:00 - System Checkpoint
RP1340: 08/05/2012 23:12:52 - System Checkpoint
RP1341: 10/05/2012 01:35:35 - System Checkpoint
RP1342: 11/05/2012 01:44:10 - System Checkpoint
RP1343: 12/05/2012 02:13:13 - System Checkpoint
RP1344: 13/05/2012 03:13:12 - System Checkpoint
RP1345: 14/05/2012 04:13:13 - System Checkpoint
RP1346: 15/05/2012 05:13:13 - System Checkpoint
RP1347: 16/05/2012 06:16:33 - System Checkpoint
RP1348: 17/05/2012 07:13:13 - System Checkpoint
RP1349: 18/05/2012 08:13:12 - System Checkpoint
RP1350: 19/05/2012 08:15:01 - System Checkpoint
RP1351: 20/05/2012 08:16:18 - System Checkpoint
RP1352: 21/05/2012 09:16:17 - System Checkpoint
RP1353: 22/05/2012 09:18:27 - System Checkpoint
RP1354: 23/05/2012 21:00:59 - System Checkpoint
RP1355: 24/05/2012 23:41:04 - System Checkpoint
RP1356: 26/05/2012 00:31:04 - System Checkpoint
RP1357: 27/05/2012 03:17:41 - System Checkpoint
RP1358: 28/05/2012 03:20:36 - System Checkpoint
RP1359: 29/05/2012 03:27:18 - System Checkpoint
RP1360: 30/05/2012 04:27:19 - System Checkpoint
RP1361: 31/05/2012 05:27:19 - System Checkpoint
RP1362: 01/06/2012 05:29:33 - System Checkpoint
RP1363: 02/06/2012 06:28:26 - System Checkpoint
RP1364: 03/06/2012 06:29:29 - System Checkpoint
RP1365: 04/06/2012 06:31:49 - System Checkpoint
RP1366: 05/06/2012 06:32:06 - System Checkpoint
RP1367: 06/06/2012 07:32:06 - System Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
==== Installed Programs ======================
.
32 Bit HP BiDi Channel Components Installer
3DMark06
AAC Decoder
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Combat Tracker (remove only)
Advertising Center
Akamai NetSession Interface Service
Alganon
Alganon Parser Utility
Alganon PTS
Amazon MP3 Downloader 1.0.8
AMD APP SDK Runtime
AMD Dual-Core Optimizer
Amnesia - The Dark Descent
Anarchy Online
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Army Builder 3.3b
Asheron's Call
ASUS VGA Driver
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Parental Control & Encoder
ATI Problem Report Wizard
Atomica Deluxe 2.52
Auto Macro Recorder V5.1 (Pro V5.2) Trial Version
AutoUpdate
AVG 2012
AVG PC Tuneup
Bandisoft MPEG-1 Decoder
Blood Bowl version 1.2.0.1
Build-a-lot 2: Town of the Year
ByteFX .Data Provider
Cake Mania 3
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CCScore
Champions Online
Connect
ConvertXtoDVD 3.8.0.193f
CPUID CPU-Z 1.54
Creative Software AutoUpdate
Creeper World
Creeper World 2
Creeper World 2 Demo
Creeper World DEMO
Creeper World Map Editor
Crystal Report ActiveX Viewer
DAEMON Tools Toolbar
Dawn of War - Dark Crusade
Dawn of War - Soulstorm
Defender of the Crown - Digitally Remastered Edition
Dell Driver Download Manager
Devart dotConnect for MySQL Express
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DNA
DolbyFiles
Download Manager 2.3.6
Driver Detective
Dungeon Crawl Stone Soup
Dungeon Keeper 2
Dungeon Lords
Dungeon Runners
Dungeons & Dragons Online - Eberron Unlimited™
DUNGEONS Demo
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 6.2.1.8 (31/12/2009)
DVDFab 7.0.2.5 Beta (20/03/2010)
DVDFab 8.1.3.3 (12/11/2011) Qt Beta
DVDFab Platinum 4.0.3.0 Final Registered
Dynasty Warriors Online
EA Download Manager
EA Shared Game Component: Activation
Empire: Total War
EPSON Scan
Epson Stylus SX110_TX110 Manual
EPSON SX110 Series Printer Uninstall
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
EverQuest II
FastCGI x86
fflink
FileZilla Client 3.5.0
FlashFXP v3
Free Realms Installer
Free Ride Games Player
Game Maker 6.1
Game Maker 7.0
GIMP 2.6.6
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Guild Wars
H.264 Decoder
Horizons Crafting Calculator
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
HPSSupply
IIS 7.5 Express
ImagXpress
Insider Tales - Vanished in Rome
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 29
Java(TM) 6 Update 7
K-Lite Codec Pack 5.6.1 (Basic)
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
kuler
Kyodai Mahjongg 2006 v1.42
Logitech G11 Keyboard Software 1.03
MAFIA II
Magic: The Gathering — Duels of the Planeswalkers 2012
Marvell Miniport Driver
MeasureUp Certification Preparation
MeasureUp Practice Tests
MechCommander Desperate Measures
MechCommander Mission Editor
Menu Templates - Starter Kit
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft ActiveSync 4.0
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 3
Microsoft ASP.NET Web Pages
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Expression Blend
Microsoft Expression Design
Microsoft Expression Media 1.0 SP1
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office XP Professional with FrontPage
Microsoft Press Training Kit Exam Prep Suite 70-515
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2000 Sample Database Scripts
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 4.0 Web Tools ENU
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Standard Edition - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Web Platform Installer 3.0
Microsoft WebMatrix
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XNA Framework Redistributable 2.0
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Game Studio 2.0
Microsoft XNA Game Studio 2.0 (ARP entry)
Microsoft XNA Game Studio 2.0 (Redists)
Microsoft XNA Game Studio 2.0 (shared components)
Microsoft XNA Game Studio 2.0 (spacewar)
Microsoft XNA Game Studio 2.0 (xnaliveproxy)
Microsoft XNA Game Studio 2.0 Documentation
mIRC
MKV Splitter
Movie Templates - Starter Kit
Movy Timer
Mozilla Firefox (3.5.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MySQL Workbench 5.2 CE
Napoleon: Total War
NCsoft Launcher
Need for Speed(TM) Hot Pursuit
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Suite
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
netbrdg
Neverwinter Nights 2
Neverwinter Nights Platinum Edition
Nexon Game Manager
NVIDIA Drivers
NVIDIA PhysX
Oblivion
Octoshape add-in for Adobe Flash Player
OfotoXMI
OnLive
OpenAL
OpenGL Extensions Viewer 3.0
Orcs Must Die!
Pacific Poker
Pando Media Booster
PDF Reader
PDF Settings CS4
PFPortChecker 1.0.32
Photoshop Camera Raw
PHP 5.2.10
Pixel Bender Toolkit
PowerISO
PunkBuster Services
Puzzle Quest Galactrix
QuickTime
Rapture3D 2.3.26 Game
redist
Revenge of the Titans (remove only)
RPG Maker VX
RPG Maker VX RTP
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Self Test Practice Test Engine
Self Test Software: Exam 70-536CSHP
SFR
SHASTA
Sid Meier's Alpha Centauri
Sid Meier's Alpha Centauri 2000/XP Compatibility Update
skin0001
Skins
SKINXSDK
Sound Blaster X-Fi
SoundTrax
Spiral Knights
Spybot - Search & Destroy
Star Wars: The Old Republic
Starcraft
StarCraft II
staticcr
Station Launcher
Steam
Suite Shared Configuration CS4
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
TeamSpeak 3 Client
test
TGEA 1.7.1 SDK (remove only)
The Forge
The Lord of the Rings Online™ v03.05.01.8027
The Map Pack 3.3e
The Treasures of Montezuma
tooltips
Total War: SHOGUN 2
Ultima Online 2D Client
Ultima Online Classic Client
Ultima Online: Kingdom Reborn
Unigine Heaven Benchmark v2.0
Unity Web Player
Unlocker 1.8.7
UO Auto-Map
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 System (KB2539530)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
VASSAL (3.1.15)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Ventrilo Server
VideoLAN VLC media player 0.8.6i
Vindictus EU
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VPRINTOL
Warhammer 40,000 Space Marine
Warhammer Mark of Chaos
Warhammer Online - Age of Reckoning
WARRIORS OROCHI
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WindowsFormsApplication1
WinRAR archiver
WIRELESS
Yahoo! Messenger
.
==== End Of File ===========================




Any help would be greatly appreciated.
Scoffer
Active Member
 
Posts: 3
Joined: June 6th, 2012, 5:28 am
Advertisement
Register to Remove

Re: Malware

Unread postby askey127 » June 6th, 2012, 2:52 pm

Looking at your log.
Be right back.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware

Unread postby askey127 » June 6th, 2012, 3:03 pm

Hi scoffer,
There's a lot to do, but you're a gamer, so you can handle it.
Please do things in this sequence. If any trouble, stop and ask.
-----------------------------------------------------------
Since it is a System protective program, TeaTimer might interfere with the orderly removal of certain system infections.
Temporarily Disable Spybot's TeaTimer Protection
Start Spybot Search & Destroy
In the top menu, click Mode
Check Advanced Mode if it is not already checked. OK the selection if necessary.
In the bottom of the left pane, click on Tools
From the new left pane list, click on Resident
Uncheck the box in the middle labeled "Resident "TeaTimer"(Protection of overall system settings) active.
From the top menu, click on File, Exit.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Adobe Reader 9.1
BitTorrent DNA
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 29
Java(TM) 6 Update 7
Pando Media Booster

Take extra care in answering questions posed by any Uninstaller.
Poker sites will track you and shovel adware. I would suggest you Uninstall Pacific Poker as well. Your call.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Under Java Platform, Standard Edition, labeled Java SE 7u4, click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK". If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x86 offline for 32-bit, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1011_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
---------------------------------------------
Please download SystemLook from the link below and save it to your Desktop.
Download Mirror
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *eoengine*
    *eobho*
    *EoRezo*
    
    :Regfind
    AFBB7970-789A-4264-BA70-E8127DECE400
    18AF7201-4F14-4BCF-93FE-45617CF259FF
    DF76E9B7-35EC-46FC-AF56-5B79DED9D64F
    C10DC1F4-CCDF-4224-A24D-B23AFC3573C8
    EoRezo
    eobho
    ieobho
    eoengine
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

So we are looking for the contents of CKFiles.txt and SystemLook.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware

Unread postby Scoffer » June 7th, 2012, 12:09 am

Thanks for the help! here are the requested files:

ckfiles:


CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\start menu\programs\knucklecracker\creeper world 2 demo.lnk
c:\documents and settings\all users\start menu\programs\knucklecracker\creeper world demo.lnk
c:\documents and settings\all users\start menu\programs\knucklecracker\creeper world.lnk
c:\documents and settings\all users\start menu\programs\knucklecracker\creepermap.lnk
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\sounds\11\11_glass_crack.snt
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\sounds\11\11_glass_crack01.ogg
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\sounds\11\11_glass_crack02.ogg
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\sounds\11\11_glass_crack03.ogg
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.dds
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.mat
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.dds
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.mat
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.dds
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.mat
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.dds
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.mat
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_nrm.dds
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\decals\cracks_spec.dds
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.msh
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.dae
c:\documents and settings\christopher\desktop\amnesia.the.dark.descent_epidemz.net\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.msh
c:\documents and settings\christopher\desktop\cd keys\keygens\hotu-keygen.exe
c:\documents and settings\christopher\desktop\cd keys\keygens\nwn-keygen.exe
c:\documents and settings\christopher\desktop\cd keys\keygens\sou-keygen.exe
c:\documents and settings\christopher\desktop\games\adobe\adobe.flash.cs4.crack.only-core.www.media-zone.net.rar
c:\documents and settings\christopher\desktop\games\adobe\af-cs4\crack.zip
c:\documents and settings\christopher\desktop\heroquest\brpg\audio\ambient sound loops\crackling campfire.aif
c:\documents and settings\christopher\desktop\nfs\nfshp.crack_epidemz.net.rar
c:\documents and settings\christopher\desktop\nfs\nfshp.crack_epidemz.net\nfs11.exe
c:\documents and settings\christopher\desktop\projects\adobe.flash.cs4.crack.only-core.www.media-zone.net\core.nfo
c:\documents and settings\christopher\desktop\projects\adobe.flash.cs4.crack.only-core.www.media-zone.net\core10k.exe
c:\documents and settings\christopher\desktop\projects\adobe.flash.cs4.crack.only-core.www.media-zone.net\file_id.diz
c:\documents and settings\christopher\desktop\projects\adobe.flash.cs4.crack.only-core.www.media-zone.net\keygen.exe
c:\documents and settings\christopher\desktop\projects\adobe.flash.cs4.crack.only-core.www.media-zone.net\media-zone.net.nfo
c:\documents and settings\christopher\desktop\projects\adobe.flash.cs4.crack.only-core.www.media-zone.net\media-zone.net.txt
c:\documents and settings\christopher\desktop\projects\adobe.flash.cs4.crack.only-core.www.media-zone.net\media-zone.net.url
c:\documents and settings\christopher\my documents\downloads\[web seed] neverwinter nights 2 - update 1.22.1587 crack works.torrent
c:\documents and settings\christopher\my documents\downloads\bfvietnam\battlefield_vietnam_crackfix.nfo
c:\documents and settings\christopher\my documents\my downloads\dvdfab platinum 5.0.3.0\crack.bat
c:\documents and settings\christopher\my documents\my downloads\ony-ventsrv231-17\ventrilo-server-windows-2.3.1\crack\ventrilo_srv.exe
c:\documents and settings\christopher\my documents\my downloads\poweriso v3.8 with working keygen\poweriso38.exe
c:\documents and settings\christopher\my documents\my downloads\poweriso v3.8 with working keygen\poweriso_keygen.exe
c:\documents and settings\christopher\my documents\my downloads\winrar version 3.61 + crack (by cff)\wrar361.exe
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1.ac
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1.kfm
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1.nif
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsattack1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsattack2.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsbwait1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbscridamage1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsdamage1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsdie1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsmagic1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbstired1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbswait1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbswalk1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2.ac
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2.kfm
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2.nif
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsattack1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsattack2.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsbwait1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbscridamage1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsdamage1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsdie1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsmagic1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbstired1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbswait1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbswalk1.kf
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf1.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf2.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf3.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf4.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf5.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf6.xml
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf1_map00.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf1_map01.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf1_map02.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf2_map00.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf2_map01.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf2_map02.dds
c:\ndoors\atlantica\nmap\hwangho2_1\defaulttexture\dun_hwangho1_crack.dds
c:\ndoors\atlantica\nmap\hwangho2_1\lowertexture\dun_hwangho1_crack.dds
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack.snt
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack01.ogg
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack02.ogg
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack03.ogg
c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.dae
c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.msh
c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.dae
c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_nrm.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_spec.dds
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.dae
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.msh
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.dae
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.msh
c:\program files\fallen earth\feupdater\download\envgrfx\dcl_crack.dds
c:\program files\fallen earth\feupdater\download\objects\-shrdtext\intwall\cracked_paint.dds
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\istaria\resources\models\effects\effect_rift_crack.agf
c:\program files\istaria\resources\textures\structures\dragon\dragon_lava_cracks_01.sha
c:\program files\istaria\resources\textures\structures\dragon\dragon_lava_cracks_01.tga
c:\program files\istaria\resources\textures\structures\eight_towers\eight_towers_crack_ice_top.sha
c:\program files\istaria\resources\textures\terrain\terrain_dirt_cracked_alpha_reg.sha
c:\program files\istaria\resources\textures\terrain\terrain_mud_crackedhard_alpha_reg.sha
c:\program files\istaria\resources\textures\terrain\terrain_mud_cracked_alpha_reg.sha
c:\program files\istaria\resources\textures\terrain\terrain_rock_crackeddark_alpha_grey.sha
c:\program files\istaria\resources\textures\terrain\terrain_undead_dry_rock_crack_alpha.sha
c:\program files\istaria\resources\textures_agh\detail\terrain_detail_cracks_reg_reg.agh
c:\program files\istaria\resources\textures_agh\structures\dragon\dragon_dry_rock_crack.agh
c:\program files\istaria\resources\textures_agh\structures\dragon\dragon_lava_cracks_01.agh
c:\program files\istaria\resources\textures_agh\structures\eight_towers\eight_towers_crack_ice_top.agh
c:\program files\istaria\resources\textures_agh\structures\goblin\goblin_rock_dark_cracked_grey.agh
c:\program files\istaria\resources\textures_agh\structures\orc\orc_rock_cracks_reg_gray.agh
c:\program files\istaria\resources\textures_agh\structures\tazoon\tazoon_sandstone_cracking_wall_orange.agh
c:\program files\istaria\resources\textures_agh\terrain\terrain_dirt_cracked_reg_reg.agh
c:\program files\istaria\resources\textures_agh\terrain\terrain_mud_cracked_hard.agh
c:\program files\istaria\resources\textures_agh\terrain\terrain_mud_cracked_soft.agh
c:\program files\istaria\resources\textures_agh\terrain\terrain_rock_crackeddark_reg_grey.agh
c:\program files\istaria\resources\textures_agh\terrain\terrain_undead_dry_rock_crack.agh
c:\program files\knucklecracker\creeper world\creeper world.exe
c:\program files\knucklecracker\creeper world\main.swf
c:\program files\knucklecracker\creeper world\mimetype
c:\program files\knucklecracker\creeper world\meta-inf\signatures.xml
c:\program files\knucklecracker\creeper world\meta-inf\air\application.xml
c:\program files\knucklecracker\creeper world\meta-inf\air\hash
c:\program files\knucklecracker\creeper world\meta-inf\air\publisherid
c:\program files\knucklecracker\creeper world 2\creeper world 2.exe
c:\program files\knucklecracker\creeper world 2\main-app.xml.bak
c:\program files\knucklecracker\creeper world 2\main.swf
c:\program files\knucklecracker\creeper world 2\mimetype
c:\program files\knucklecracker\creeper world 2\meta-inf\signatures.xml
c:\program files\knucklecracker\creeper world 2\meta-inf\air\application.xml
c:\program files\knucklecracker\creeper world 2\meta-inf\air\hash
c:\program files\knucklecracker\creeper world 2 demo\creeper world 2 demo.exe
c:\program files\knucklecracker\creeper world 2 demo\main.swf
c:\program files\knucklecracker\creeper world 2 demo\mimetype
c:\program files\knucklecracker\creeper world 2 demo\meta-inf\signatures.xml
c:\program files\knucklecracker\creeper world 2 demo\meta-inf\air\application.xml
c:\program files\knucklecracker\creeper world 2 demo\meta-inf\air\hash
c:\program files\knucklecracker\creeper world 2 demo\meta-inf\air\publisherid
c:\program files\knucklecracker\creeper world demo\creeper world demo.exe
c:\program files\knucklecracker\creeper world demo\main.swf
c:\program files\knucklecracker\creeper world demo\mimetype
c:\program files\knucklecracker\creeper world demo\meta-inf\signatures.xml
c:\program files\knucklecracker\creeper world demo\meta-inf\air\application.xml
c:\program files\knucklecracker\creeper world demo\meta-inf\air\hash
c:\program files\knucklecracker\creeper world demo\meta-inf\air\publisherid
c:\program files\knucklecracker\creepermap\creepermap.exe
c:\program files\knucklecracker\creepermap\creepermap.swf
c:\program files\knucklecracker\creepermap\mimetype
c:\program files\knucklecracker\creepermap\meta-inf\signatures.xml
c:\program files\knucklecracker\creepermap\meta-inf\air\application.xml
c:\program files\knucklecracker\creepermap\meta-inf\air\hash
c:\program files\knucklecracker\creepermap\meta-inf\air\publisherid
c:\program files\razor\crypt.dll
c:\program files\sony online entertainment\installed games\free realms\resources\bs_cracked_claw_cavernsareas.xml
c:\program files\sony online entertainment\installed games\free realms\resources\sky\sky_cracked_claw_caverns.xml
c:\program files\steam\steamapps\common\empire total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
c:\program files\steam\steamapps\common\napoleon total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
scanner sequence 3.ZZ.11.OQNAAM
----- EOF -----

System look broke the first time and came up with the JIT debugger. Ran it a second time and it seemed to work fine.

Systemlook:
SystemLook 30.07.11 by jpshortstuff
Log created at 05:02 on 07/06/2012 by Christopher
Administrator - Elevation successful

========== filefind ==========

Searching for "*eoengine*"
No files found.

Searching for "*eobho*"
No files found.

Searching for "*EoRezo*"
No files found.

========== Regfind ==========

Searching for "AFBB7970-789A-4264-BA70-E8127DECE400"
No data found.

Searching for "18AF7201-4F14-4BCF-93FE-45617CF259FF"
No data found.

Searching for "DF76E9B7-35EC-46FC-AF56-5B79DED9D64F"
No data found.

Searching for "C10DC1F4-CCDF-4224-A24D-B23AFC3573C8"
No data found.

Searching for "EoRezo"
No data found.

Searching for "eobho"
No data found.

Searching for "ieobho"
No data found.

Searching for "eoengine"
No data found.
Scoffer
Active Member
 
Posts: 3
Joined: June 6th, 2012, 5:28 am

Re: Malware

Unread postby askey127 » June 7th, 2012, 6:47 am

You still need to reset or remove your HOSTS file, which has been hijacked.

Your machine shows evidence of many cracked or otherwise illegal software packages, so in accordance with our policy, we will not provide any further help.
http://malwareremoval.com/forum/viewtop ... 95#p491395
This thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware