Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My computer is infected with malware-virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My computer is infected with malware-virus

Unread postby kokats » July 12th, 2010, 6:38 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:18:01, on 12/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\umonit.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [cbxuusdrv] rundll32.exe "pmnonl.dll",s
O4 - HKLM\..\Run: [khecawsys] rundll32.exe "geeccc.dll",DllRegisterServer
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [iiijhedrv] rundll32.exe "pmnonl.dll",s
O4 - HKUS\S-1-5-18\..\Run: [yabxvusys] rundll32.exe "geeccc.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [vtusrodrv] rundll32.exe "pmnonl.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [yabxvusys] rundll32.exe "geeccc.dll",DllRegisterServer (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2220526828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Υπηρεσία Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Windows System Backup Dumper (winbackupdumper-id19l1OB4NHft0) - Unknown owner - C:\WINDOWS\system32\mousenh32.exe

--
End of file - 8214 bytes

UNINSTALL LIST:

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.2
AMD Processor Driver
Apple Software Update
avast! Free Antivirus
Belkin F6D4050 Enhanced Wireless USB Adapter
Browser Configuration Utility
BS.Player FREE
Canon Camera Access Library
Canon Camera Support Core Library
Canon CanoScan Toolbox 4.7
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3/E4 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
DiRT
DMIView B8.0717.01
Easy Tune 6 B08.1124.1
Empire: Total War
Genesys USB Mass Storage Device
Google Earth
Google Update Helper
Google Updater
HiJackThis
Hitman 2: Silent Assassin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java(TM) 6 Update 13
Logitech Vid
Logitech Webcam Software
Logitech® Camera Driver
Magic ISO Maker v5.5 (build 0276)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.6)
Mp3tag v2.37a
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Ultra Edition HD
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.0
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype™ 4.0
Sony Ericsson PC Suite 1.20.173
Spybot - Search & Destroy
Steam
Stellarium 0.8.2
System Requirements Lab
Tablet
The KMPlayer (remove only)
TuneUp Utilities 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB955759)
Update Manager B08.1027.1
VC 9.0 Runtime
WD Diagnostics
WD Firewire HID Driver
Windows Defender
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR 3.3 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων
Ε9 Δήλωση στοιχείων Ακινήτων 2009 v1
Συγκεντρωτικές καταστάσεις Πελατών-Προμηθευτών Έκδοση 2009 v1

DESCRIPTION:
My computer is infected with mousenh32, it may not show in the above list because I have killed the process... Also the windows defender will not start, I cannot update windows, and when I use a program to show me the startup entries, I see something like this efdayvsys rundll32.exe "geeccc.dll",DllRegisterServer, which whenever I try to prevent it from starting up, it cahnges its name with another series of letters...
I also get in the same program that a setup/install is also starting up, and when I kill it, it restarts by its own.

thank you!
kokats
Active Member
 
Posts: 12
Joined: July 12th, 2010, 6:20 am
Advertisement
Register to Remove

Re: My computer is infected with malware-virus

Unread postby xixo_12 » July 15th, 2010, 7:24 am

Hello and Welcome to Anti-Malware Forums.Image
Introduction and rules :
  • I'm xixo_12 and really glad to help you.
  • You're advised to refrain running any self fixes until I give the "All Clean Speech"
  • Instruction in this topic is special create for current problem and don't apply those on another system.
  • You're advised to ask for any uncertainty.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.

Please make sure you have done your reading on this topic : How to get help at this forum
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now, we will start the collaboration.
Do keep in mind, removing malware is one of hazardous undertaking. I'm ready to share what I have learn through years in removing malware but I'm also fallible.
You're advised to back up all the important data before we start.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

First,
P2P software.
IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

  • It's not a good idea to have them.
  • You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above.
  • If you do not wish to remove your P2P programs, don't proceed with the next instruction and please tell me to close this topic.

Next,
OTM by Old Timer.
Please download from HERE and save to the desktop.
  • Double-click on OTM.exe.
  • Copy the lines in the codebox below.
    :processes
    :files
    C:\Program Files\uTorrent
    :commands
    [emptytemp]
    [start explorer]
    [reboot]
  • Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar, Code box into OTMoveIt3 (1).) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.

Note:
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
  • If you are asked to reboot the machine choose Yes.
  • In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,
CKScanner.
Please download from HERE and save to the desktop.
  • Double click on CKScanner.exe to run it and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

What you need to post
Checklist.
  • Content of OTM log
  • Content of CKFiles.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: My computer is infected with malware-virus

Unread postby kokats » July 15th, 2010, 10:01 am

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Program Files\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Furious
->Temp folder emptied: 8587545 bytes
->Temporary Internet Files folder emptied: 45186864 bytes
->Java cache emptied: 8292430 bytes
->FireFox cache emptied: 38839278 bytes
->Flash cache emptied: 1988417 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 675420 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2238677 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5717828 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 25539100 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 21570130 bytes

Total Files Cleaned = 152,00 mb


OTM by OldTimer - Version 3.1.14.0 log created on 07152010_165133

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\steam\steamapps\common\empire total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
scanner sequence 3.NA.11
----- EOF -----
kokats
Active Member
 
Posts: 12
Joined: July 12th, 2010, 6:20 am

Re: My computer is infected with malware-virus

Unread postby xixo_12 » July 15th, 2010, 10:23 am

Hi,
Let's move on

First,
Registry related program.

Next,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Spybot - Search & Destroy

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next,
Reboot into the usual account.

Next
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to the desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Image
  • Refer to above image and then click Remove Selected to proceed.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


What you need to post
Checklist.
  • Content of MBAM log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: My computer is infected with malware-virus

Unread postby kokats » July 15th, 2010, 10:57 am

I have a major problem.

I have uninstalled TuneUp utilities, and the spybot search and destroy, (I recovered all the changes it has made) mistake???. Everything started OK when I rebooted the PC.
I downloaded the Malwarebyte's Anti-malware, I installed it, but it will not start... It is the same thing happening with the windows defender too, something is blocking it...

Is there something else I can do???
I believe the "malware" has messed up the registry and I cannot run any anti-malware programs.(my opinion...)

Thank you in advance, waiting for your reply.
kokats
Active Member
 
Posts: 12
Joined: July 12th, 2010, 6:20 am

Re: My computer is infected with malware-virus

Unread postby xixo_12 » July 16th, 2010, 3:11 am

Hi,
No worries, take it easy.
Malware try to protect itself. We have a lot of ways to overcome.

First,
exeHelper by raktor
Please download from HERE and save to the desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Next,
Malwarebytes' Anti-Malware
Please run it again. If fail to run it, reinstall, and run it.
Refer to previous post on how to run this program.

What you need to post
Checklist.
  • Content of exehelperlog.txt
  • Content of MBAM log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: My computer is infected with malware-virus

Unread postby kokats » July 16th, 2010, 5:33 am

exeHelper by Raktor
Build 20100414
Run at 12:29:25 on 07/16/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

The MBAM will still not run... (I uninstalled it-reboot-and installed it again)
Should I post you another HijackThis log in case something has changed???
In the process list of windows, I found that mousenh32.exe is running...

Waiting for your reply.
kokats
Active Member
 
Posts: 12
Joined: July 12th, 2010, 6:20 am

Re: My computer is infected with malware-virus

Unread postby xixo_12 » July 16th, 2010, 6:47 am

Hi,
Ok, we will proceed with different way.

First,
exeHelper by raktor
Please run it again. Refer to previous post for full instructions.

Next,
ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links)
Save as Combo-Fix.exe <<Please have a look on file name. You have to change.
Link 1
Link 2

**IMPORTANT !!! Save Combo-Fix.exe to your Desktop**

  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on Combo-Fix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


What you need to post
Checklist.
  • Content of ComboFix.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: My computer is infected with malware-virus

Unread postby kokats » July 16th, 2010, 7:24 am

ComboFix 10-07-15.03 - Furious 16/07/2010 14:06:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1033.18.2046.1641 [GMT 3:00]
Running from: c:\documents and settings\Furious\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\awuurs.dll
c:\windows\system32\geeccc.dll
c:\windows\system32\pmnonl.dll
c:\windows\system32\ursqrs.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-16 09:28 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 09:28 . 2010-07-16 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 09:28 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 09:22 . 2010-07-16 09:22 -------- d-----w- c:\documents and settings\Furious\Application Data\Malwarebytes
2010-07-15 14:51 . 2010-07-16 09:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 13:51 . 2010-07-15 13:51 -------- d-----w- C:\_OTM
2010-07-14 07:08 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 10:16 . 2010-07-12 10:16 -------- d-----w- c:\program files\Trend Micro
2010-07-09 12:58 . 2010-07-09 13:15 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-08 12:41 . 2010-07-08 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-06-29 11:21 . 2010-06-29 11:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-29 10:50 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 19:20 . 2010-06-28 19:20 76288 ---ha-w- c:\windows\system32\mliijg.dll
2010-06-28 18:57 . 2010-07-15 14:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-28 18:57 . 2010-07-15 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-24 08:30 . 2010-06-24 08:30 -------- d-----w- c:\program files\Windows Defender
2010-06-22 12:25 . 2010-06-22 12:38 -------- d-----w- c:\documents and settings\Furious\Application Data\Charles
2010-06-21 09:22 . 2010-06-21 09:22 -------- d-----w- c:\documents and settings\Furious\Local Settings\Application Data\CAPCOM
2010-06-21 09:07 . 2010-06-21 09:07 -------- d-----w- c:\documents and settings\Furious\Application Data\regsdkrl32
2010-06-21 09:07 . 2010-06-21 09:07 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-06-21 09:07 . 2010-06-28 18:18 -------- d-----w- c:\documents and settings\Furious\Local Settings\Application Data\Desktop Cleanup Wizard
2010-06-21 09:07 . 2010-06-21 09:07 11776 ----a-w- c:\windows\system32\mousenh32.exe
2010-06-21 08:59 . 2009-03-09 12:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-06-21 08:59 . 2009-03-09 12:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-06-21 08:59 . 2009-03-09 12:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-06-21 08:59 . 2009-03-16 11:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-06-21 08:59 . 2009-03-16 11:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-06-21 08:59 . 2009-03-16 11:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 11:13 . 2009-05-13 20:28 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-07-16 11:12 . 2009-05-13 20:39 17652 ----a-w- c:\windows\system32\tablet.dat
2010-07-16 11:12 . 2009-05-13 12:47 16608 ----a-w- c:\windows\gdrv.sys
2010-07-15 15:17 . 2009-05-14 14:47 1 ----a-w- c:\documents and settings\Furious\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-15 14:41 . 2009-06-11 12:34 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-07-15 11:42 . 2009-07-01 09:06 -------- d-----w- c:\documents and settings\Furious\Application Data\uTorrent
2010-07-15 09:47 . 2010-05-05 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-07-12 10:16 . 2010-07-12 10:16 388096 ----a-r- c:\documents and settings\Furious\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 20:57 . 2009-05-13 18:25 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-05-13 18:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-05-13 18:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-05-13 18:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-05-13 18:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-05-13 18:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-05-13 18:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-05-13 18:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 07:59 . 2010-01-30 16:58 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-21 09:07 . 2010-06-21 09:07 717671 ----a-w- c:\documents and settings\Furious\Application Data\regsdkrl32\regsdkrl29.exe
2010-06-15 11:44 . 2010-01-10 13:09 -------- d-----w- c:\documents and settings\Furious\Application Data\ZoomBrowser EX
2010-06-14 14:31 . 2009-05-13 12:16 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-09 10:48 . 2009-05-13 12:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-09 09:55 . 2010-06-09 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-06-09 09:54 . 2010-06-09 09:54 -------- d-----w- c:\documents and settings\Furious\Application Data\DAEMON Tools Pro
2010-06-09 09:53 . 2010-06-09 09:49 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-06-09 09:45 . 2010-06-09 09:45 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-05 15:54 . 2009-07-14 11:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 12:21 . 2009-12-11 18:05 -------- d-----w- c:\program files\DiRT
2010-06-01 17:06 . 2009-05-13 20:55 -------- d-----w- c:\documents and settings\Furious\Application Data\Canon
2010-05-26 14:08 . 2009-05-13 18:25 -------- d-----w- c:\program files\Alwil Software
2010-05-26 14:06 . 2010-05-26 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-21 11:14 . 2009-10-06 08:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-03-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"UMonit"="c:\windows\system32\umonit.exe" [2003-08-21 49152]
"WD Button Manager"="WDBtnMgr.exe" [2009-05-14 364544]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\Furious\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-5-13 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"iiijhedrv"=rundll32.exe "pmnonl.dll",s
"opommldrv"=rundll32.exe "pmnonl.dll",s
"yaawutdrv"=rundll32.exe "pmnonl.dll",s
"urpqpmdrv"=rundll32.exe "pmnonl.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"gedefddrv"=rundll32.exe "pmnonl.dll",s
"wvvvwvsys"=rundll32.exe "geeccc.dll",DllRegisterServer
"iiijkisys"=rundll32.exe "geeccc.dll",DllRegisterServer
"yabcawdrv"=rundll32.exe "pmnonl.dll",s
"efdayvsys"=rundll32.exe "geeccc.dll",DllRegisterServer
"fcbbxxdrv"=rundll32.exe "pmnonl.dll",s
"dddefesys"=rundll32.exe "geeccc.dll",DllRegisterServer
"urrpmndrv"=rundll32.exe "pmnonl.dll",s
"urrolmsys"=rundll32.exe "geeccc.dll",DllRegisterServer
"jkjjigdrv"=rundll32.exe "pmnonl.dll",s
"fccaaasys"=rundll32.exe "geeccc.dll",DllRegisterServer
"ljkhhgdrv"=rundll32.exe "pmnonl.dll",s
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"hgffgfdrv"=rundll32.exe "pmnonl.dll",s
"geeededrv"=rundll32.exe "pmnonl.dll",s
"awtsqnsys"=rundll32.exe "geeccc.dll",DllRegisterServer
"bywwtsdrv"=rundll32.exe "pmnonl.dll",s
"byyxyxdrv"=rundll32.exe "pmnonl.dll",s
"fcccdcsys"=rundll32.exe "geeccc.dll",DllRegisterServer
"urrqrssys"=rundll32.exe "geeccc.dll",DllRegisterServer
"vtrsrpdrv"=rundll32.exe "pmnonl.dll",s
"jkhefcdrv"=rundll32.exe "pmnonl.dll",s
"wvtroosys"=rundll32.exe "geeccc.dll",DllRegisterServer
"cbyvttdrv"=rundll32.exe "pmnonl.dll",s
"effdawsys"=rundll32.exe "geeccc.dll",DllRegisterServer
"geebcydrv"=rundll32.exe "pmnonl.dll",s
"nnmlmldrv"=rundll32.exe "pmnonl.dll",s
"mligfgsys"=rundll32.exe "geeccc.dll",DllRegisterServer
"opqopqdrv"=rundll32.exe "pmnonl.dll",s
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"cbbxvwdrv"=rundll32.exe "pmnonl.dll",s
"tuvvussys"=rundll32.exe "geeccc.dll",DllRegisterServer

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Gigabyte\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\DiRT\\DiRT.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20222:TCP"= 20222:TCP:BitComet 20222 TCP
"20222:UDP"= 20222:UDP:BitComet 20222 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/05/2009 21:25 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/05/2009 21:25 17744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [13/05/2009 23:36 6016]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [13/05/2009 23:28 24944]
S2 gupdate;Υπηρεσία Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/09/2009 18:17 133104]
S2 winbackupdumper-id19l1OB4NHft0;Windows System Backup Dumper;c:\windows\system32\mousenh32.exe [21/06/2010 12:07 11776]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/06/2010 12:45 685816]
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-12 15:13]

2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 15:16]

2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 15:16]

2010-07-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.gr/
FF - ProfilePath - c:\documents and settings\Furious\Application Data\Mozilla\Firefox\Profiles\bamfffq5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\OpenOffice\OpenOffice.org 3\program\npsoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.urlbar.autoFill - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-POINTER - point32.exe
HKLM-Run-khecawsys - geeccc.dll
HKLM-Run-yaaaxvdrv - awuurs.dll
HKU-Default-Run-yabxvusys - geeccc.dll
HKU-Default-Run-fccddedrv - awuurs.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 14:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?0xH$?\???8???????xH$?8????H$?6?US????8???UB????????????????????????????A~?H??????????tq4?l??? ??|`??|????]??|??D~?????????H$?F$?|??B~??B~*?,??H$???????????????????????????????B~????????????tq4?????T?????4?????tq4???????8????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:υwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\System32\l3codeca.acm

- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\Microsoft Hardware\Mouse\point32.exe
c:\windows\RTHDCPL.EXE
c:\program files\GIGABYTE\ET6\GUI.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\Tablet.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-07-16 14:17:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-16 11:17

Pre-Run: 78.545.231.872 bytes free
Post-Run: 78.404.636.672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer /TUTag=4JUNN2 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /fastdetect /NoExecute=OptIn /usepmtimer /TUTag=4JUNN2-BAK

- - End Of File - - 7BAC73552F46F5D536062B78BE4DF88A


Should I re-enable the avast antivirus??
kokats
Active Member
 
Posts: 12
Joined: July 12th, 2010, 6:20 am

Re: My computer is infected with malware-virus

Unread postby xixo_12 » July 16th, 2010, 9:31 am

Hi,
About avast, you can proceed to enable it after following my advice.

First,
Analyze file(s).
Please visit Jotti.
Click on browse > copy below link (one by one) and paste on the File name box > Click Open:
c:\windows\system32\mliijg.dll
c:\windows\system32\pcre3.dll
c:\windows\system32\mousenh32.exe

  • Press Submit file - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next,
CFScript
  • Close any open browsers.
  • Open notepad and copy/paste the text in the code box below into it:
    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?f=11&t=52288&start=0
    Folder::
    c:\documents and settings\Furious\Application Data\uTorrent
    c:\documents and settings\Furious\Application Data\regsdkrl32
    Suspect::
    c:\windows\system32\mliijg.dll
    c:\windows\system32\pcre3.dll
    c:\windows\system32\mousenh32.exe
    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "iiijhedrv"=-
    "opommldrv"=-
    "yaawutdrv"=-
    "urpqpmdrv"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "gedefddrv"=-
    "wvvvwvsys"=-
    "iiijkisys"=-
    "yabcawdrv"=-
    "efdayvsys"=-
    "fcbbxxdrv"=-
    "dddefesys"=-
    "urrpmndrv"=-
    "urrolmsys"=-
    "jkjjigdrv"=-
    "fccaaasys"=-
    "ljkhhgdrv"=-
    "hgffgfdrv"=-
    "geeededrv"=-
    "awtsqnsys"=-
    "bywwtsdrv"=-
    "byyxyxdrv"=-
    "fcccdcsys"=-
    "urrqrssys"=-
    "vtrsrpdrv"=-
    "jkhefcdrv"=-
    "wvtroosys"=-
    "cbyvttdrv"=-
    "effdawsys"=-
    "geebcydrv"=-
    "nnmlmldrv"=-
    "mligfgsys"=-
    "opqopqdrv"=-
    "cbbxvwdrv"=-
    "tuvvussys"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "20222:TCP"=-
    "20222:UDP"=-
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:?wjY*]
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. A guide to do this can be found here
    Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Malwarebytes' Anti-Malware
Please try to run it again.

What you need to post
Checklist.
  • Web links = 3
  • Content of ComboFix.txt
  • Content of MBAM log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: My computer is infected with malware-virus

Unread postby kokats » July 16th, 2010, 11:55 am

http://virusscan.jotti.org/en/scanresul ... 7136c941c4

http://virusscan.jotti.org/en/scanresul ... c620ac6c6a

http://virusscan.jotti.org/en/scanresul ... 332dea074b



ComboFix 10-07-15.03 - Furious 16/07/2010 17:41:26.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1033.18.2046.1471 [GMT 3:00]
Running from: c:\documents and settings\Furious\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Furious\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\mliijg.dll
file zipped: c:\windows\system32\mousenh32.exe
file zipped: c:\windows\system32\pcre3.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Furious\Application Data\regsdkrl32
c:\documents and settings\Furious\Application Data\regsdkrl32\config.ini
c:\documents and settings\Furious\Application Data\regsdkrl32\regsdkrl29.exe
c:\documents and settings\Furious\Application Data\uTorrent
c:\documents and settings\Furious\Application Data\uTorrent\(PC GAME) Hitman 2 Silent Assasin.iso.torrent
c:\documents and settings\Furious\Application Data\uTorrent\[HDTV - Xvid - ENG - SubITA] Grey's Anatomy S06E08-09 [CR-Bt].torrent
c:\documents and settings\Furious\Application Data\uTorrent\[HDTV - Xvid - ENG - SubITA] Grey's Anatomy S06E10-11-12 [CR-Bt].torrent
c:\documents and settings\Furious\Application Data\uTorrent\12 Monkeys.torrent
c:\documents and settings\Furious\Application Data\uTorrent\1453-1821 Η wra tis apeleytherwsis.exe.torrent
c:\documents and settings\Furious\Application Data\uTorrent\A Christmas Carol[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Adobe Photoshop CS4 + Keygen.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Adobe Photoshop CS4 Extended (PROPER FIXED) [blaze69].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Alice in Wonderland (2010) DVDRip XviD-JayBob.torrent
c:\documents and settings\Furious\Application Data\uTorrent\ALICE IN WONDERLAND 2010 Eng-DVDRIP-XviD-aXXo.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Alice In Wonderland 2010 TS XViD - IMAGiNE.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Antichrist [2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Archive - Controlling Crowds (2009).torrent
c:\documents and settings\Furious\Application Data\uTorrent\Archive.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Astor Piazzolla - Double Best Collection [2CDs][Others][2008][www.pctrecords.com].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Astor Piazzolla.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Avatar movie 2009.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Barnyard[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Best 1000 Family Games Pack -Classic PC Games.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Blood The Last Vampire.2009DvdRip.xvid.TugaBadBoy.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Cathedral.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Clan Destined - Abbracadamn [2007] [Hip Hop] [www.file24ever.com].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Clash.of.the.Titans.2010.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Criminal Minds Season 2.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Criminal Minds Season 4.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Cruachan [Ireland; Celtic Folk, Black].torrent
c:\documents and settings\Furious\Application Data\uTorrent\CSI-Miami.Season 5.torrent
c:\documents and settings\Furious\Application Data\uTorrent\CSI Miami 1-6.torrent
c:\documents and settings\Furious\Application Data\uTorrent\CSI Miami 1-7.torrent
c:\documents and settings\Furious\Application Data\uTorrent\CSI Miami Season 1.torrent
c:\documents and settings\Furious\Application Data\uTorrent\CSI Miami Season 4.torrent
c:\documents and settings\Furious\Application Data\uTorrent\csi miami season 6.torrent
c:\documents and settings\Furious\Application Data\uTorrent\CSI Miami Season 7.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Daemon.Tools.Pro.4.10.0218.Advanced.Version.rar.torrent
c:\documents and settings\Furious\Application Data\uTorrent\David Bowie - Complete Discography.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Death.Race[2008][Unrated.Edition]DvDrip-aXXo.1.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Death.Race[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Depeche Mode-Sounds Of The Universe [2009][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Furious\Application Data\uTorrent\dht.dat
c:\documents and settings\Furious\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Furious\Application Data\uTorrent\Doors,The - The Best Of The Doors [Disc 1 of 2].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Doors,The - The Best Of The Doors [Disc 2 of 2].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Giannis Xaroulis - Xeimonanthos.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Giannis Xaroulis_ Nyxta sto Aigaio.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Gran.Torino.2008.DvDRip-FxM.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Green Zone TS - IMAGINE XViD- 2010 (Repack).torrent
c:\documents and settings\Furious\Application Data\uTorrent\Grey's Anatomy - Season 1 DVD.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Grey's Anatomy - Season 1.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Grey's Anatomy S06e10 ENG Sub ITA ENG.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Grey's Anatomy S06E11.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Grey's Anatomy S06e14 ENG Sub ITA ENG.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Grey's Anatomy S06E16 Perfect Little Accident HDTV XviD LOL TORRENTFANTASIES NET.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Grey's Anatomy SE06 - E 13.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Grey's Anatomy.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys Anatomy S06E17 HDTV XviD-2HD.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys Anatomy S06E20 HDTV XviD-2HD.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys.Anatomy.S06E15.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys.Anatomy.S06E16.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys.Anatomy.S06E17.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys.Anatomy.S06E18.HDTV.XviD-FOON.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys.Anatomy.S06E18.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys.Anatomy.S06E19.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys.Anatomy.S06E22.HDTV.XviD-P0W4.avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys.Anatomy.S06E23.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Greys.Anatomy.S06E24.HDTV.XviD-2HD.[VTV].avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Haroulis.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Harry Potter and the Half-Blood Prince (2009) ENGLISH TS XviD-MAXSPEED.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Harry Potter and the Half-Blood Prince [2009 TS MD] XviD-STG.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Harry Potter and the Half Blood prince.2009.DvDRip-FxM.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Iron Maiden Discography.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Iron.Man[2008]DvDrip-aXXo.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Korpiklaani - Karkelo (2009) [MP3@320Kbps] [Rock City] (UF).torrent
c:\documents and settings\Furious\Application Data\uTorrent\Legion[2010]DvDrip-aXXo[Isohunt].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Madeleine Peyroux - Bare Bones [mp3-vbr-2009].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Malamas.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Manhunter - Soundtrack [1986].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Mikis Theodorakis - Serpico (1973) [Soundtrack][mp3 320][h33t][schon55].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Mikis Theodorakis_.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Movie Soundtracks.torrent
c:\documents and settings\Furious\Application Data\uTorrent\My Blueberry Nights.[2007] DVDRIP.XVID.[Eng]-DUQA.torrent
c:\documents and settings\Furious\Application Data\uTorrent\My Dying Bride - Sinamorata [DVDRip XViD - 2006].torrent
c:\documents and settings\Furious\Application Data\uTorrent\My Dying Bride - Sinamorata.1.torrent
c:\documents and settings\Furious\Application Data\uTorrent\My Dying Bride - Sinamorata.torrent
c:\documents and settings\Furious\Application Data\uTorrent\My Dying Bride -2009 Ep- Bring Me Victory.torrent
c:\documents and settings\Furious\Application Data\uTorrent\my dying bride Sinamorata dvd rip.torrent
c:\documents and settings\Furious\Application Data\uTorrent\My Dying Bride.torrent
c:\documents and settings\Furious\Application Data\uTorrent\N.A.S.A. - The Spirit Of Apollo (2009)[tRg music release].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Nero 8 Ultra HD Edidtion.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Nero Ultra Edition 8.3.2.1b Latest + Serial + Crack.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Norah Jones - The Fall [mp3-vbr-2009].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Opeth Studio Discography.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Paradise Lost - (2009) Faith Divides Us - Death Unites Us (Special Editon).torrent
c:\documents and settings\Furious\Application Data\uTorrent\Percy Jackson and the Olympians The Lightning Thief[2010]DvDrip-aXXo[Isohunt].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Percy.Jackson.And.the.Olympians.The.Lightning.Thief.2010.Eng.LU_4.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Public Enemies (2009) DvDRip XviD-FLAiTE.avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Public Enemies (2009) TS XviD-MAXSPEED.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Public Enemies (2009).torrent
c:\documents and settings\Furious\Application Data\uTorrent\Public Enemies [2009] Soundtrack OST.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Public Enemies 2009 TS XviD ORC.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Public.Enemies.2009.DvDRip-FxM.torrent
c:\documents and settings\Furious\Application Data\uTorrent\resume.dat
c:\documents and settings\Furious\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Furious\Application Data\uTorrent\rss.dat
c:\documents and settings\Furious\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Furious\Application Data\uTorrent\settings.dat
c:\documents and settings\Furious\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Furious\Application Data\uTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Sivert Hoyem - Moon Landing (2009).torrent
c:\documents and settings\Furious\Application Data\uTorrent\Sivert_Hoyem-Exiles-2006.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Skyclad - In The... All Together (2009).torrent
c:\documents and settings\Furious\Application Data\uTorrent\Skyclad - In The... All Together.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Skyclad Collection.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Snow Patrol - Up To Now [2cd-mp3-vbr-2009].torrent
c:\documents and settings\Furious\Application Data\uTorrent\Street.Fighter.IV-RELOADED.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Street_Fighter_IV.Crack.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Taken[2008]DvDrip-aXXo.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Tales from Earthsea.torrent
c:\documents and settings\Furious\Application Data\uTorrent\The Doors- The Best Of The Doors (2CD).torrent
c:\documents and settings\Furious\Application Data\uTorrent\The Doors - Discography [tRg Release].torrent
c:\documents and settings\Furious\Application Data\uTorrent\THE GIRL WHO KICKED THE HORNETS' NEST [2010] DVD Rip Xvid [StB].torrent
c:\documents and settings\Furious\Application Data\uTorrent\THE GIRL WHO PLAYED WITH FIRE [2009] DVD Rip Xvid [StB].torrent
c:\documents and settings\Furious\Application Data\uTorrent\THE GIRL WITH THE DRAGON TATTOO [2009] DVD Rip Xvid (8 Subs) [StB].torrent
c:\documents and settings\Furious\Application Data\uTorrent\The Princess And The Frog {2009} DVDRIP. Jaybob.torrent
c:\documents and settings\Furious\Application Data\uTorrent\The Princess and the Frog[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Furious\Application Data\uTorrent\THE WOLFMAN 2010 Eng-DVDRIP-XviD-aXXo.torrent
c:\documents and settings\Furious\Application Data\uTorrent\The Wolfman[2010]DvDrip-aXXo[Isohunt].torrent
c:\documents and settings\Furious\Application Data\uTorrent\The.Soloist.2009.DVDRIP.XviD-ZEKTORM.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Tom Waits - Glitter and doom live (2009).torrent
c:\documents and settings\Furious\Application Data\uTorrent\Tom Waits The Heart Of Saturday Night - Rock music album ~mahasonaz~.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Toy Story 3 (2010)DvDRiP-aXXo [RateD].avi.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Up.BDRip.XviD-DiAMOND.torrent
c:\documents and settings\Furious\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Furious\Application Data\uTorrent\VANGELIS COLLECTION (52 albums)-OZM.torrent
c:\documents and settings\Furious\Application Data\uTorrent\Watchmen[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Furious\Application Data\uTorrent\X-Men.Trilogy.Box.Set[2006]DvDrip-aXXo.torrent

.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-16 09:28 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 09:28 . 2010-07-16 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 09:28 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 09:22 . 2010-07-16 09:22 -------- d-----w- c:\documents and settings\Furious\Application Data\Malwarebytes
2010-07-15 14:51 . 2010-07-16 09:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 13:51 . 2010-07-15 13:51 -------- d-----w- C:\_OTM
2010-07-14 07:08 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 10:16 . 2010-07-12 10:16 388096 ----a-r- c:\documents and settings\Furious\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-12 10:16 . 2010-07-12 10:16 -------- d-----w- c:\program files\Trend Micro
2010-07-09 12:58 . 2010-07-09 13:15 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-08 12:41 . 2010-07-08 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-06-29 11:21 . 2010-06-29 11:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-29 10:50 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 19:20 . 2010-06-28 19:20 76288 ---ha-w- c:\windows\system32\mliijg.dll
2010-06-28 18:57 . 2010-07-15 14:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-28 18:57 . 2010-07-15 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-24 08:30 . 2010-06-24 08:30 -------- d-----w- c:\program files\Windows Defender
2010-06-22 12:25 . 2010-06-22 12:38 -------- d-----w- c:\documents and settings\Furious\Application Data\Charles
2010-06-21 09:22 . 2010-06-21 09:22 -------- d-----w- c:\documents and settings\Furious\Local Settings\Application Data\CAPCOM
2010-06-21 09:07 . 2010-06-21 09:07 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-06-21 09:07 . 2010-06-28 18:18 -------- d-----w- c:\documents and settings\Furious\Local Settings\Application Data\Desktop Cleanup Wizard
2010-06-21 09:07 . 2010-06-21 09:07 11776 ----a-w- c:\windows\system32\mousenh32.exe
2010-06-21 08:59 . 2009-03-09 12:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-06-21 08:59 . 2009-03-09 12:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-06-21 08:59 . 2009-03-09 12:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-06-21 08:59 . 2009-03-16 11:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-06-21 08:59 . 2009-03-16 11:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-06-21 08:59 . 2009-03-16 11:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 11:13 . 2009-05-13 20:28 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-07-16 11:12 . 2009-05-13 20:39 17652 ----a-w- c:\windows\system32\tablet.dat
2010-07-16 11:12 . 2009-05-13 12:47 16608 ----a-w- c:\windows\gdrv.sys
2010-07-15 15:17 . 2009-05-14 14:47 1 ----a-w- c:\documents and settings\Furious\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-15 14:41 . 2009-06-11 12:34 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-07-15 09:47 . 2010-05-05 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-06-28 20:57 . 2009-05-13 18:25 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-05-13 18:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-05-13 18:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-05-13 18:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-05-13 18:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-05-13 18:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-05-13 18:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-05-13 18:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 07:59 . 2010-01-30 16:58 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-15 11:44 . 2010-01-10 13:09 -------- d-----w- c:\documents and settings\Furious\Application Data\ZoomBrowser EX
2010-06-14 14:31 . 2009-05-13 12:16 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-09 10:48 . 2009-05-13 12:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-09 09:55 . 2010-06-09 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-06-09 09:54 . 2010-06-09 09:54 -------- d-----w- c:\documents and settings\Furious\Application Data\DAEMON Tools Pro
2010-06-09 09:53 . 2010-06-09 09:49 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-06-09 09:45 . 2010-06-09 09:45 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-05 15:54 . 2009-07-14 11:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 12:21 . 2009-12-11 18:05 -------- d-----w- c:\program files\DiRT
2010-06-01 17:06 . 2009-05-13 20:55 -------- d-----w- c:\documents and settings\Furious\Application Data\Canon
2010-05-26 14:08 . 2009-05-13 18:25 -------- d-----w- c:\program files\Alwil Software
2010-05-26 14:06 . 2010-05-26 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-21 11:14 . 2009-10-06 08:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-03-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-16_11.12.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-03-31 12:00 . 2010-07-16 11:05 78192 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2010-07-16 11:17 78192 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2010-07-16 11:17 461864 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2010-07-16 11:05 461864 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"UMonit"="c:\windows\system32\umonit.exe" [2003-08-21 49152]
"WD Button Manager"="WDBtnMgr.exe" [2009-05-14 364544]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\Furious\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-5-13 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Gigabyte\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\DiRT\\DiRT.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/05/2009 21:25 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/05/2009 21:25 17744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [13/05/2009 23:36 6016]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/06/2010 12:45 685816]
S2 gupdate;Υπηρεσία Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/09/2009 18:17 133104]
S2 winbackupdumper-id19l1OB4NHft0;Windows System Backup Dumper;c:\windows\system32\mousenh32.exe [21/06/2010 12:07 11776]
SUnknown GVTDrv;GVTDrv; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-12 15:13]

2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 15:16]

2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 15:16]

2010-07-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.gr/
FF - ProfilePath - c:\documents and settings\Furious\Application Data\Mozilla\Firefox\Profiles\bamfffq5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\OpenOffice\OpenOffice.org 3\program\npsoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.urlbar.autoFill - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?0xH$?\???8???????xH$?8????H$?6?US????8???UB????????????????????????????A~?H??????????tq4?l??? ??|`??|????]??|??D~?????????H$?F$?|??B~??B~*?,??H$???????????????????????????????B~????????????tq4?????T?????4?????tq4???????8????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:υwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\System32\l3codeca.acm
.
Completion time: 2010-07-16 17:47:51
ComboFix-quarantined-files.txt 2010-07-16 14:47
ComboFix2.txt 2010-07-16 11:17

Pre-Run: 78.612.582.400 bytes free
Post-Run: 78.596.857.856 bytes free

- - End Of File - - 3F61393562D1F9D8965E591FCD728AC5




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4319

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/07/2010 18:47:20
mbam-log-2010-07-16 (18-47-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 206161
Time elapsed: 31 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winbackupdumper-id19l1ob4nhft0 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Amnesiac (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\geeccc.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2A6D69F9-6716-4D4A-A3AB-ECB1435DE23B}\RP84\A0023654.dll (Trojan.Agent) -> Not selected for removal.
C:\System Volume Information\_restore{2A6D69F9-6716-4D4A-A3AB-ECB1435DE23B}\RP84\A0023662.dll (Trojan.Agent) -> Not selected for removal.
C:\WINDOWS\system32\mousenh32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mliijg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Just to inform you that the combofix log could not be uploaded to the bleepingcomputer server...

Thank you again, I am waiting for your reply.
kokats
Active Member
 
Posts: 12
Joined: July 12th, 2010, 6:20 am

Re: My computer is infected with malware-virus

Unread postby xixo_12 » July 16th, 2010, 6:03 pm

Hi,
Based on my observation, I think there is a lot of illegal software running in your system.
I will leave it alone for time being.
Do remember, keeping cracked/illegal software is one of the factor, your system is heavily infected.

Let's proceed.

First,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
DeFogger - Disable
Please download from HERE and save to the desktop.
  • Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK. If nothing appear, please do reboot manually.
.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

What you need to post
Checklist.
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: My computer is infected with malware-virus

Unread postby kokats » July 17th, 2010, 5:00 pm

info.txt logfile of random's system information tool 1.08 2010-07-17 21:43:29

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0008 -removeonly
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Belkin F6D4050 Enhanced Wireless USB Adapter-->C:\Program Files\InstallShield Installation Information\{B97A0C89-29C0-4682-902C-364109A9857C}\setup.exe -runfromtemp -l0x0409
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon CanoScan Toolbox 4.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{088A077A-8028-408C-AE7B-4512AE2A65A0}\setup.exe" -l0x9 anything
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MOV Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Decoder140\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Digital Photo Professional 3.8-->"C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities WFT-E1/E2/E3/E4 Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
DiRT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x9 -removeonly
DMIView B8.0717.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly
Easy Tune 6 B08.1124.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
Empire: Total War-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10500
Genesys USB Mass Storage Device-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4BF87C8-3EEC-4774-82A2-584F109187B1}\Setup.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hitman 2: Silent Assassin-->C:\GAMES\HITMAN~1\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Logitech Vid-->MsiExec.exe /I{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}
Logitech Webcam Software-->MsiExec.exe /I{AC96671C-2001-432C-9826-5266D84EF1DC}
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.37a-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8 Ultra Edition HD-->MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1032}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OpenOffice.org 3.0-->MsiExec.exe /I{3FF570B8-780C-47A4-BF27-09887867E251}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0008 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x8 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stellarium 0.8.2-->"C:\Program Files\Stellarium\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tablet-->C:\Program Files\Tablet\Remove.exe /u
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Manager B08.1027.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E25C468-7745-4051-8B37-4A2C6635BA8B}
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Firewire HID Driver-->MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInstx86.exe /u C:\WINDOWS\system32\DRVSTORE\ftdibus_153CD6A841FF919A2C6EABB2274572BD90AC0FDB\ftdibus.inf
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInstx86.exe /u C:\WINDOWS\system32\DRVSTORE\ftdiport_2AEF0DA7ACBB32405FF593226F4454A4D684E65B\ftdiport.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR 3.3 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων-->C:\Program Files\WinRAR\uninstall.exe
Ε9 Δήλωση στοιχείων Ακινήτων 2009 v1-->"C:\Program Files\E9App2009\unins000.exe"
Συγκεντρωτικές καταστάσεις Πελατών-Προμηθευτών Έκδοση 2009 v1-->"C:\Program Files\KVS2009\unins000.exe"

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: BEASTII
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 28808
Source Name: Tcpip
Time Written: 20100616000359.000000+180
Event Type: warning
User:

Computer Name: BEASTII
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 28807
Source Name: Tcpip
Time Written: 20100615233535.000000+180
Event Type: warning
User:

Computer Name: BEASTII
Event Code: 7000
Message: The adfs service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 28777
Source Name: Service Control Manager
Time Written: 20100615233304.000000+180
Event Type: error
User:

Computer Name: BEASTII
Event Code: 1002
Message: The IP address lease 192.168.1.5 for the Network Card with network address 001FD0DD1615 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 28776
Source Name: Dhcp
Time Written: 20100615233207.000000+180
Event Type: error
User:

Computer Name: BEASTII
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 28772
Source Name: Tcpip
Time Written: 20100615160251.000000+180
Event Type: warning
User:

=====Application event log=====

Computer Name: BEASTII
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 3431
Source Name: ASP.NET 1.1.4322.0
Time Written: 20100130185709.000000+120
Event Type: warning
User:

Computer Name: BEASTII
Event Code: 20
Message:
Record Number: 3420
Source Name: Google Update
Time Written: 20100129234605.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BEASTII
Event Code: 20
Message:
Record Number: 3419
Source Name: Google Update
Time Written: 20100129224605.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BEASTII
Event Code: 20
Message:
Record Number: 3418
Source Name: Google Update
Time Written: 20100129214605.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BEASTII
Event Code: 5000
Message: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Record Number: 3388
Source Name: MPSampleSubmission
Time Written: 20100128015601.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"DEFAULT_CA_NR"=CA6
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.08 (written by random/random)
Run by Furious at 2010-07-17 21:43:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 75 GB (25%) free of 305 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:43:27, on 17/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\umonit.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Furious\Desktop\RSIT.exe
C:\Program Files\trend micro\Furious.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2220526828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Υπηρεσία Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 6516 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-12 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"=C:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-22 94208]
"EasyTuneVI"=C:\Program Files\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]
"UMonit"=C:\WINDOWS\system32\umonit.exe [2003-08-21 49152]
"WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2009-05-14 364544]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Documents and Settings\Furious\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"MaxRecentDocs"=11
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Logitech\Logitech Vid\Vid.exe"="C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid"
"C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe"="C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War"
"C:\Program Files\Gigabyte\GBTUpd\RunUpd.exe"="C:\Program Files\Gigabyte\GBTUpd\RunUpd.exe:*:Enabled:RunUpd"
"C:\Program Files\DiRT\DiRT.exe"="C:\Program Files\DiRT\DiRT.exe:*:Disabled:DiRT Executable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-17 21:43:11 ----D---- C:\rsit
2010-07-16 17:47:51 ----A---- C:\ComboFix.txt
2010-07-16 17:40:23 ----D---- C:\ComboFix
2010-07-16 14:05:26 ----A---- C:\Boot.bak
2010-07-16 14:05:22 ----RASHD---- C:\cmdcons
2010-07-16 14:01:29 ----A---- C:\WINDOWS\zip.exe
2010-07-16 14:01:29 ----A---- C:\WINDOWS\SWSC.exe
2010-07-16 14:01:29 ----A---- C:\WINDOWS\SWREG.exe
2010-07-16 14:01:29 ----A---- C:\WINDOWS\sed.exe
2010-07-16 14:01:29 ----A---- C:\WINDOWS\PEV.exe
2010-07-16 14:01:29 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-16 14:01:29 ----A---- C:\WINDOWS\MBR.exe
2010-07-16 14:01:29 ----A---- C:\WINDOWS\grep.exe
2010-07-16 14:01:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-16 14:00:58 ----D---- C:\WINDOWS\ERDNT
2010-07-16 13:58:07 ----D---- C:\Qoobox
2010-07-16 12:28:15 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-16 12:28:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-16 12:28:13 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-16 12:22:38 ----D---- C:\Documents and Settings\Furious\Application Data\Malwarebytes
2010-07-15 17:51:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-15 17:40:39 ----D---- C:\Config.Msi
2010-07-15 16:51:33 ----D---- C:\_OTM
2010-07-14 12:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 15:09:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-13 15:00:29 ----A---- C:\WINDOWS\wininit.ini
2010-07-12 13:16:50 ----D---- C:\Program Files\Trend Micro
2010-07-09 15:58:10 ----D---- C:\Program Files\Windows Live Safety Center
2010-07-08 15:41:14 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2010-06-28 21:57:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-06-28 21:57:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-24 11:30:28 ----D---- C:\Program Files\Windows Defender
2010-06-22 15:25:37 ----D---- C:\Documents and Settings\Furious\Application Data\Charles
2010-06-21 12:07:15 ----A---- C:\WINDOWS\system32\pcre3.dll
2010-06-21 11:59:21 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-06-21 11:59:21 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-06-21 11:59:20 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-06-21 11:59:19 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-06-21 11:59:19 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-06-21 11:59:19 ----A---- C:\WINDOWS\system32\xactengine3_4.dll

======List of files/folders modified in the last 1 months======

2010-07-17 21:43:15 ----D---- C:\WINDOWS\Prefetch
2010-07-17 21:43:06 ----D---- C:\WINDOWS\Temp
2010-07-17 21:40:05 ----D---- C:\WINDOWS\system32
2010-07-17 21:40:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-17 21:38:50 ----SD---- C:\WINDOWS\Tasks
2010-07-16 18:48:57 ----D---- C:\WINDOWS\system32\drivers
2010-07-16 18:48:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-16 17:46:29 ----D---- C:\WINDOWS
2010-07-16 17:46:29 ----A---- C:\WINDOWS\system.ini
2010-07-16 17:46:24 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-16 17:44:24 ----D---- C:\WINDOWS\AppPatch
2010-07-16 17:44:21 ----D---- C:\Program Files\Common Files
2010-07-16 14:47:16 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-16 14:10:16 ----D---- C:\WINDOWS\system32\config
2010-07-16 14:05:26 ----RASH---- C:\boot.ini
2010-07-15 17:51:53 ----RD---- C:\Program Files
2010-07-15 17:41:26 ----SHD---- C:\WINDOWS\Installer
2010-07-15 17:41:09 ----D---- C:\Program Files\TuneUp Utilities 2009
2010-07-15 12:47:29 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2010-07-14 12:01:07 ----D---- C:\WINDOWS\inf
2010-07-14 12:01:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 12:00:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-09 18:45:53 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-09 15:58:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-02 22:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-29 17:16:47 ----D---- C:\Documents and Settings
2010-06-29 15:19:59 ----D---- C:\Program Files\Mozilla Firefox
2010-06-28 23:57:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-06-25 10:54:54 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-25 10:54:22 ----RSD---- C:\WINDOWS\assembly
2010-06-24 11:30:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-06-24 11:12:19 ----D---- C:\WINDOWS\Minidump
2010-06-24 11:12:16 ----SHD---- C:\System Volume Information
2010-06-24 11:12:16 ----D---- C:\WINDOWS\system32\Restore
2010-06-24 11:02:36 ----D---- C:\WINDOWS\WinSxS
2010-06-24 11:00:52 ----D---- C:\Program Files\Internet Explorer
2010-06-24 11:00:50 ----D---- C:\WINDOWS\ie8updates
2010-06-24 10:59:53 ----D---- C:\WINDOWS\Help
2010-06-24 10:59:53 ----D---- C:\Program Files\NVIDIA Corporation
2010-06-24 10:59:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-06-21 11:59:22 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PenClass;Pen Class; C:\WINDOWS\system32\Drivers\PenClass.sys [2001-04-09 8138]
R0 sbp2port;SBP-2 Transport/Protocol Bus Driver; C:\WINDOWS\system32\DRIVERS\sbp2port.sys [2008-04-13 43904]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-09 685816]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 39424]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-15 21361]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2003-08-21 6016]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\system32\DRIVERS\IPFilter.sys [2002-04-11 11136]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2009-04-30 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-04-30 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-11-11 40352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2009-04-30 13976]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-11-22 105088]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 awb5lq8s;awb5lq8s; C:\WINDOWS\system32\drivers\awb5lq8s.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-10-22 57800]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-10-22 72520]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-10-29 644096]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WD_FireWire_HID;WD FireWire Pseudo-HID driver; C:\WINDOWS\system32\DRIVERS\wdfwhid.sys [2006-03-22 17408]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-13 152984]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-10-20 749568]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 gupdate;Υπηρεσία Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-12 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-12 194032]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-14 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-17 23:46:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Furious\LOCALS~1\Temp\fxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB0228CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB0228B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB0229142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB022906C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB0228764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB0228C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB02286A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB0228708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB0228D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB0229210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB0228D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB0228EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB0235B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB02359C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB0235AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE TUKERNEL.EXE!ObInsertObject 8056DA64 2 Bytes JMP B0232F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE TUKERNEL.EXE!ObInsertObject + 3 8056DA67 2 Bytes [CC, 2F] {INT 3 ; DAS }
PAGE TUKERNEL.EXE!NtCreateSection 8056DB66 7 Bytes JMP B02359C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE TUKERNEL.EXE!ZwCreateProcessEx 8058B7CD 7 Bytes JMP B0235BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE TUKERNEL.EXE!ZwLoadDriver 805A8F96 7 Bytes JMP B0235AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE TUKERNEL.EXE!ObMakeTemporaryObject 805E6A6A 5 Bytes JMP B02315B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB2E11380, 0x566445, 0xE8000020]
init C:\WINDOWS\system32\drivers\fixustor.sys entry point in "init" section [0xF79D7E12]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[976] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[976] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\WINDOWS\Explorer.EXE[1872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02462F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02462C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02462CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02462CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAD 0x3F 0xF8 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFF 0xE1 0xA4 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0x04 0x74 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAD 0x3F 0xF8 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFF 0xE1 0xA4 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0x04 0x74 0x41 ...

---- EOF - GMER 1.0.15 ----


I am aware about the software you mention , and I will uninstall them when we are finished. Thank you for the advice.
Thank you again for the help.
Waiting for your reply.
kokats
Active Member
 
Posts: 12
Joined: July 12th, 2010, 6:20 am

Re: My computer is infected with malware-virus

Unread postby xixo_12 » July 17th, 2010, 7:16 pm

Hi,
Looking good.
Do let me know if you have others problem.
Meanwhile, proceed with these.

First.
ATF by Atribune
Please download HERE and save to the desktop. Double-click ATF Cleaner.exe to open it.
Under Main choose:
    choose: Select All
    Click the Empty Selected button.
if you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,
Kaspersky Online AV Scan
Note: Internet Explorer should be used.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next.

What you need to post
Checklist.
  • Content of Kaspersky scan log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: My computer is infected with malware-virus

Unread postby kokats » July 18th, 2010, 3:41 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 18, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, July 18, 2010 11:46:32
Records in database: 4231423
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 80904
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:35:13


File name / Threat / Threats count
C:\System Volume Information\_restore{2A6D69F9-6716-4D4A-A3AB-ECB1435DE23B}\RP66\A0020295.rbf Infected: Trojan-Downloader.Win32.AutoIt.mk 1

Selected area has been scanned.


Hi, here is the Kaspersky report...
I would like to ask you if Avast antivirus is OK or should I change into something better (free antivirus).
Also I would like to know if I can use any of the programs we used during the session such as MBAM.Or should I uninstall - delete them.
Something else that has ocuured is that when i change the volume with the buttons on my Microsoft Multimedia Keyboard, I do not have any response and I get the message :
"Microsoft IntelliType Pro has encountered a problem and needs to close. We are sorry for the inconvenience."
Is there something I can do? (I am also using the REALTEK drivers and sound control provided by the manufacturer of my onboard sound card.)

Thank you ...AGAIN!!!
Waiting for your reply,
Kostis
kokats
Active Member
 
Posts: 12
Joined: July 12th, 2010, 6:20 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware