[Resolved] Infected by Trojan

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Resolved] Infected by Trojan

Options

Arrone View Member Profile	Jun 26 2009, 05:14 PM Post #1
Authentic Member Group: Authentic Member Posts: 50 Joined: 21-November 07 Member No.: 74,544 Operating System: Windows Vista	Hey, out of no where I started getting weird audio sounds on my computer and it sounds like advertisements, except there wasn't any program running. I look under processes and found msa.exe and whenever I would end that process, the audio would go away. It would always come back however. And out of no where internet explorer just pops up with advertisements. I ran ad-aware and malwarebytes anti-malware, it picked up a few trojans and deleted them, but the problem still continues. Kinda wish I could determine which registries are bad and which are good, but I'm guessing I gotta take classes and no way am I gonna mess with them now heh. Your help is much appreciated, thanks. Hijack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:10:35, on 6/26/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\FlashGet\flashget.exe C:\Windows\vVX3000.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark 7300 Series\lxcimon.exe C:\Program Files\Lexmark 7300 Series\ezprint.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\explorer.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\msa.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iTunes\iTunes.exe C:\Users\Arrone\Documents\Junk\Killer.exe.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{AF79B0ED-FF34-4635-AE35-50ECB6D48C1A}: NameServer = 192.168.0.106 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9be07ca20ada7) (gupdate1c9be07ca20ada7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8723 bytes

Replies

Arrone View Member Profile	Jun 28 2009, 07:18 PM Post #2
Authentic Member Group: Authentic Member Posts: 50 Joined: 21-November 07 Member No.: 74,544 Operating System: Windows Vista	Ok, when I tried running GMER.exe I got the bluescreen of death. I'm running DDS again and here are the logs. I'm gonna attempt to run GMER.exe again. DDS: DDS (Ver_09-06-26.01) - NTFSx86 Run by Arrone at 21:15:15.87 on Sun 06/28/2009 Internet Explorer: 7.0.6001.18000 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1750 [GMT -4:00] AV: Lavasoft Ad-Watch Live! Anti-Virus On-access scanning disabled (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} SP: Lavasoft Ad-Watch Live! enabled (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\lxcicoms.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\FlashGet\flashget.exe C:\Windows\vVX3000.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark 7300 Series\lxcimon.exe C:\Program Files\Lexmark 7300 Series\ezprint.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Arrone\Desktop\dds.pif C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = .local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.2.0.7\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [Steam] "c:\program files\steam\Steam.exe" -silent uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe" mRun: [Flashget] c:\program files\flashget\FlashGet.exe /min mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [VX3000] c:\windows\vVX3000.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16 mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe" mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe" mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab TCP: {AF79B0ED-FF34-4635-AE35-50ECB6D48C1A} = 192.168.0.106 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\arrone\appdata\roaming\mozilla\firefox\profiles\5evcv0o7.default\ FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\extensions\npmozax@real.com\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\programdata\realarcade\npraclient.dll FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll ============= SERVICES / DRIVERS =============== R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-1-20 4608] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-5 64160] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2009-2-21 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2009-2-21 362544] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090303.001\IDSvix86.sys [2009-3-4 292912] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1003344] R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.2.0.7\ccSvcHst.exe [2009-2-21 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nav\1002000.007\symndisv.sys [2009-2-21 40496] S2 gupdate1c9be07ca20ada7;Google Update Service (gupdate1c9be07ca20ada7);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904] =============== Created Last 30 ================ 2009-06-28 10:38 <DIR> --d----- c:\program files\DivX 2009-06-28 10:38 <DIR> --d----- c:\program files\common files\DivX Shared 2009-06-22 20:07 <DIR> --d----- c:\programdata\RealArcade 2009-06-22 20:07 <DIR> --d----- c:\progra~2\RealArcade 2009-06-22 20:07 <DIR> --d----- c:\programdata\Zylom 2009-06-22 20:07 <DIR> --d----- c:\program files\Zylom Games 2009-06-22 20:07 <DIR> --d----- c:\progra~2\Zylom 2009-06-22 20:04 <DIR> --d----- c:\program files\RealArcade 2009-06-19 00:57 691 a------- c:\users\arrone\appdata\roaming\GetValue.vbs 2009-06-19 00:57 35 a------- c:\users\arrone\appdata\roaming\SetValue.bat 2009-06-19 00:15 122,372 a------- c:\windows\msa.exe 2009-06-14 10:49 428,544 a------- c:\windows\system32\EncDec.dll 2009-06-14 10:49 293,376 a------- c:\windows\system32\psisdecd.dll 2009-06-14 10:49 217,088 a------- c:\windows\system32\psisrndr.ax 2009-06-14 10:49 177,664 a------- c:\windows\system32\mpg2splt.ax 2009-06-14 10:49 80,896 a------- c:\windows\system32\MSNP.ax 2009-06-09 08:14 <DIR> --d----- c:\programdata\WindowsSearch 2009-06-05 22:47 15,688 a------- c:\windows\system32\lsdelete.exe 2009-06-05 22:01 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-06-05 21:59 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-06-05 21:59 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-06-05 21:58 <DIR> --d----- c:\programdata\Lavasoft 2009-06-05 21:58 <DIR> --d----- c:\program files\Lavasoft 2009-06-05 17:07 <DIR> --d----- c:\program files\Funcom 2009-06-04 19:39 <DIR> --d----- c:\program files\iPod 2009-06-04 19:39 <DIR> --d----- c:\program files\iTunes 2009-06-03 14:32 <DIR> --d----- c:\users\arrone\appdata\roaming\GARMIN 2009-06-03 14:30 <DIR> --d----- c:\program files\Garmin GPS Plugin 2009-06-03 14:29 <DIR> --d----- c:\program files\Garmin ==================== Find3M ==================== 2009-06-19 00:57 4,088 a------- c:\windows\system32\tmp.reg 2009-06-11 12:45 281,760 a------- c:\windows\system32\drivers\atksgt.sys 2009-06-11 12:45 25,888 a------- c:\windows\system32\drivers\lirsgt.sys 2009-06-04 19:35 51,200 a------- c:\windows\inf\infpub.dat 2009-06-04 19:35 86,016 a------- c:\windows\inf\infstrng.dat 2009-06-04 19:35 86,016 a------- c:\windows\inf\infstor.dat 2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe 2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll 2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll 2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe 2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll 2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll 2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys 2009-03-01 21:11 22,328 a------- c:\users\arrone\appdata\roaming\PnkBstrK.sys 2008-06-11 20:03 665,600 a------- c:\windows\inf\drvindex.dat 2008-01-20 22:41 174 a--sh--- c:\program files\desktop.ini 2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll 2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll 2008-03-16 09:30 216,064 ---shr-- c:\windows\system32\nbDX.dll ============= FINISH: 21:15:46.00 =============== Attach: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 2/20/2009 15:18:50 System Uptime: 6/28/2009 21:07:38 (0 hours ago) Motherboard: ASUSTek Computer INC. \| \| NODUSM Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ \| Socket AM2 \| 2200/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 298 GiB total, 32.88 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is CDROM (UDF) J: is CDROM () K: is CDROM () Z: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== ==== Installed Programs ====================== µTorrent 2007 Microsoft Office Suite Service Pack 1 (SP1) 501 Ready-to-Use Acrobat.com Ad-Aware Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 9 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Anarchy Online Apple Mobile Device Support Apple Software Update Bonjour Call of Duty® 4 - Modern Warfare™ Choice Guard Compatibility Pack for the 2007 Office system Crysis® DAEMON Tools Toolbar Digital Photo Navigator 1.5 DivX Web Player DVD Architect Pro 5.0 FlashGet 1.9.6.1073 Flight Simulator X Flight Simulator X Service Pack 1 G.H.O.S.T. Hunters GameSpy Arcade GameSpy Comrade Garmin Communicator Plugin Garmin USB Drivers Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Guitar Pro 5.2 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iTunes K-Lite Codec Pack 4.7.0 (Full) Keylight 1.2v8 for After Effects CS3 Lexmark 7300 Series LIVE gaming on Windows Runtime Version 1.0.6027 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB929729) Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Corporation Microsoft Flight Simulator X Microsoft Flight Simulator X: Acceleration Microsoft Halo Microsoft LifeCam Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.11) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser and SDK Norton AntiVirus NVIDIA Drivers PacSteamT PDF Settings PowerCinema NE for Everio PowerDirector Express PowerISO PunkBuster Services QuickTime R-Word Demo 1.2 RealArcade Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office Word 2007 (KB969604) Sins of a Solar Empire Skype™ 4.0 Soft Data Fax Modem with SmartCP Sony Vegas Pro 8.0 Starsiege Steam SUPER © Version 2009.bld.35 (Jan 5, 2009) TubeTilla Free Ultimate Extras sounds from Microsoft® Tinker™ Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB969907) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (kb970012) VC80CRTRedist - 8.0.50727.762 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Web Games Player Plugin Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Player Firefox Plugin Windows Sound Schemes WinMorph™ 3.01 WinRAR archiver X Plugin Manager 2.12 X3 Terran Conflict v2.0 Xilisoft DVD Ripper Platinum 5 ==== End Of File =========================== This post has been edited by Arrone: Jun 28 2009, 07:28 PM Attached File(s)* ark.txt ( 17.66K ) Number of downloads: 152

Posts in this topic

Arrone [Resolved] Infected by Trojan Jun 26 2009, 05:14 PM

CatByte Hi, Please do the following: STEP #1 Please dow... Jun 28 2009, 03:22 PM

Arrone Ok, when I tried running GMER.exe I got the bluesc... Jun 28 2009, 07:18 PM

CatByte Hi, Please do the following: Download Combofix f... Jun 28 2009, 07:33 PM

Arrone ComboFix 09-06-26.02 - Arrone 06/28/2009 21:36.1 -... Jun 28 2009, 07:52 PM

CatByte Hi, Please do the following: Download TFC to you... Jun 28 2009, 08:11 PM

Arrone Alright, ran everything and scanners picked up not... Jun 29 2009, 09:10 PM

CatByte Hi, Please post a fresh HJT log and advise in det... Jun 30 2009, 01:01 AM

Arrone Computer runs just as fine and msa.exe is no longe... Jun 30 2009, 08:20 AM

CatByte Hi, Please do the following: I would like you to... Jun 30 2009, 10:26 AM

Arrone Actually the Killer.exe is Hijackthis, it's ju... Jun 30 2009, 04:37 PM

CatByte aha...it was the double exe.exe that I was curious... Jun 30 2009, 05:19 PM

Arrone Hey thanks a lot and really do appreciate your hel... Jun 30 2009, 05:21 PM

CatByte You are more than welcome stay safe CB Jun 30 2009, 05:22 PM

CatByte Since this issue appears to be resolved ... this T... Jul 4 2009, 01:19 PM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal am i infected?	0	heragoddess	11	Today, 03:01 AM Last post by: heragoddess
Infections Removal AIM Trojan won't let me access AOL?	26	HHHisthegame	346	Yesterday, 10:42 PM Last post by: HHHisthegame
Infections Removal [Resolved] Pesky Virus - Need help to be sure it is removed	8	3streamMusic	206	Yesterday, 06:18 PM Last post by: LDTate
Infections Removal [Resolved] please help	16	jester421	338	Yesterday, 09:18 AM Last post by: CatByte