Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Malwarebytes Crashes, hijackthis log checkup


  • This topic is locked This topic is locked
30 replies to this topic

#1 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 09 October 2009 - 08:43 PM

Hello, I haven't been in these forums in awhile since my Vista got installed all since to be good :)

But recently i decided to use malwarebytes instead of A-Squared Anti-malware(its faster), it kept on crashing 6 min into the program

I just want to check whether it is a malware issue, if not then don't worry :thumbup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:12 p.m., on 10/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
A:\Program Files\Portable Apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vsnpstd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\ViGlance\ViGlance.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Opera 10 Beta\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dvdcopyrip.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Grid] "C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe"
O4 - HKCU\..\Run: [HydraVisionMDEngine] "C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: WS_IO_UPS_Check.lnk = A:\Program Files\Weather\WS_IO_UPS_Check.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.giga...bject/Dldrv.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9be63ae08ecb0) (gupdate1c9be63ae08ecb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10477 bytes

Doug: Edited to Remove Triple posting and return post to zero replies

Edited by Doug, 09 October 2009 - 09:24 PM.

No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

    Advertisements

Register to Remove


#2 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 10 October 2009 - 08:37 PM

Hello and :welcome: Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I am checking over your log , I will post back shortly with instructions.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#3 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 10 October 2009 - 10:57 PM

Thats ok ;) I'm not really that worried as my anti-virus didn't pick up anything, although it might just be a compatibility issue
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#4 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 12 October 2009 - 05:13 PM

Hi lichking21st,

I will be helping you on removing malwares on your computer. Log research takes time, so please be patient and I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Do not install/uninstall anything on your computer unless advised.
  • Do not run any other scanning tools other than those instructed for you to use.
  • Follow the instructions on the order they are given.
  • Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
  • If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
  • And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.

_________________________________________________


FOR VISTA

As a Vista user, you will need to right click and choose "Run as Administrator" to run the tools we will use.


You have two anti pyware running on your computer, Windows Defender and Spybot S/D with Tea Timer on. Running more than one anti spyware at the same time does not only slow down your computer but provides less protection than they are programmed to do, due to the fact that they will be conflicting with each other rather than providing sufficient protection for your computer. Please uninstall one of your anti spyware before proceeding with any of the fixes.

--Next--

Please download ERUNT from here. A free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click erunt-setup.
  • Choose a language then press Enter or click OK to continue.
  • Install it using the default settings and choose yes when asked to add ERUNT to the start up folder.
  • Once installed, open ERUNT.exe if it hasn't opened yet then create a registry back up.
--Next--

We Need to check for Rootkits with RootRepeal
Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here
  • Right click Posted Image then choose Run as Administrator on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check just these boxes:
  • Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:, and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
--Next--

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Right click DDS icon then choose Run as Administrator to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel.
  • Browse for the attachment file you want to upload, then click the green Upload button.
  • Once it has uploaded, click the Manage Current Attachments drop down box.
  • Click on to insert the attachment into your post

Please post both DDS logs in your next reply.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#5 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 13 October 2009 - 12:00 AM

ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/13 18:53 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA2119000 Size: 49152 File Visible: No Signed: - Status: - Name: spgc.sys Image Path: C:\Windows\System32\Drivers\spgc.sys Address: 0x8068C000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1328 Status: Locked to the Windows API! ==EOF== DDS: DDS (Ver_09-10-13.01) - NTFSx86 Run by OEM at 18:54:11.90 on Tue 13/10/2009 Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.64.1033.18.3326.1766 [GMT 13:00] SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k apphost C:\Windows\system32\inetsrv\inetinfo.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\mqsvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PSIService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\mqtgsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE A:\Program Files\Portable Apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\vsnpstd.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe C:\Windows\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATnotes\ATnotes.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\ViGlance\ViGlance.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\SMART Technologies Inc\Notebook Software\Notebook.exe C:\Program Files\Opera 10 Beta\Opera.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\OEM\Desktop\Downloads\dds.pif C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = uStart Page = hxxp://www.dvdcopyrip.com uSearch Bar = mWindow Title = Your a sucker if you like IE mSearchAssistant = uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Grid] "c:\program files\ati technologies\hydravision\HydraGrd.exe" uRun: [HydraVisionMDEngine] "c:\program files\ati technologies\hydravision\HydraMD.exe" uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\hydravision\HydraDM.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: &Save Flash In This Page by Flash Saver - c:\progra~1\flashs~1\save.htm IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net/ FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\bluepojo@gmail.com\components\dwmxpcom.dll FF - component: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\NPOFFICE.DLL FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll FF - plugin: c:\users\oem\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - fales FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 ============= SERVICES / DRIVERS =============== R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-10 40560] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-13 114768] R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2009-4-19 95592] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-13 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-13 53328] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-19 92296] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-7-20 935208] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-16 1153368] R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-6-5 97808] S2 gupdate1c9be63ae08ecb0;Google Update Service (gupdate1c9be63ae08ecb0);c:\program files\google\update\GoogleUpdate.exe [2009-4-16 133104] S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-15 9728] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-15 3072] S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-17 33176] S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2009-9-9 55176] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-23 28592] =============== Created Last 30 ================ 2009-10-11 16:13 742,220 a------- c:\windows\system32\xvidcore.dll 2009-10-11 16:13 139,264 a------- c:\windows\system32\xvidvfw.dll 2009-10-11 16:13 53,248 a------- c:\windows\system32\xvid.ax 2009-10-10 14:33 <DIR> --d----- c:\programdata\Paragon 2009-10-10 14:33 <DIR> --d----- c:\progra~2\Paragon 2009-10-10 14:10 40,560 a------- c:\windows\system32\drivers\hotcore3.sys 2009-10-09 19:43 <DIR> -cd----- c:\users\oem\appdata\roaming\Malwarebytes 2009-10-09 19:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-09 19:43 <DIR> --d----- c:\programdata\Malwarebytes 2009-10-09 19:43 <DIR> --d----- c:\progra~2\Malwarebytes 2009-10-09 19:43 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-09 19:43 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 15:25 4,254,224 a------- c:\windows\system32\qtp-mt334.dll 2009-10-08 15:25 249,872 a------- c:\windows\system32\prgiso.dll 2009-10-06 16:44 2,421,760 a------- c:\windows\system32\wucltux.dll 2009-10-06 16:44 87,552 a------- c:\windows\system32\wudriver.dll 2009-10-06 16:44 171,608 a------- c:\windows\system32\wuwebv.dll 2009-10-06 16:44 33,792 a------- c:\windows\system32\wuapp.exe 2009-10-05 17:51 <DIR> -cd----- c:\users\oem\appdata\roaming\Autoplay Menu Designer 2009-10-03 13:28 183 a------- c:\windows\ws_io_ups_check.ini 2009-10-03 13:05 <DIR> -cd----- c:\program files\ViStart 2009-10-03 12:54 195,440 -------- c:\windows\system32\MpSigStub.exe 2009-10-01 15:48 25,280 a------- c:\windows\system32\drivers\hamachi.sys 2009-10-01 15:48 <DIR> -cd----- c:\program files\Hamachi 2009-10-01 15:42 <DIR> -cd----- c:\program files\Bitvise Tunnelier 2009-10-01 14:10 108,336 a------- c:\windows\system32\MSWINSCK.OCX 2009-09-30 17:55 526,184 a------- c:\windows\system32\XceedCry.dll 2009-09-30 17:55 456,536 a------- c:\windows\system32\XCEEDZIP.DLL 2009-09-30 17:55 224,016 a------- c:\windows\system32\Tabctl32.ocx 2009-09-30 17:55 110,602 a------- c:\windows\system32\xcdsfx32.bin 2009-09-29 19:24 <DIR> -cd----- c:\program files\Sierra Online 2009-09-29 19:11 <DIR> -cd----- c:\users\oem\appdata\roaming\Switchball 2009-09-29 19:11 <DIR> --d----- c:\programdata\Trymedia 2009-09-29 19:11 <DIR> --d----- c:\progra~2\Trymedia 2009-09-28 19:26 <DIR> -cd----- c:\users\oem\appdata\roaming\IObit 2009-09-28 19:26 <DIR> -cd----- c:\program files\IObit 2009-09-28 18:28 <DIR> -cd----- c:\users\oem\appdata\roaming\FreeFLVConverter 2009-09-27 15:11 <DIR> -cd----- c:\program files\Lame for Audacity 2009-09-27 11:56 <DIR> -cd----- c:\program files\IIS 2009-09-27 11:54 4,637,520 a------- c:\windows\system32\xpsrchvw.exe 2009-09-27 11:54 856,064 a------- c:\windows\system32\XpsFilt.dll 2009-09-27 11:54 74,748 a------- c:\windows\system32\xpsrchvw.xml 2009-09-27 11:54 31,444 a------- c:\windows\system32\xpsrchvw.chm 2009-09-26 22:48 48 ac------ c:\users\oem\appdata\roaming\tigersetting.dll 2009-09-26 17:15 296,960 a------- c:\windows\winhlp32.exe 2009-09-26 17:15 194,560 a------- c:\windows\system32\ftsrch.dll 2009-09-26 17:15 9,728 a------- c:\windows\system32\ftlx041e.dll 2009-09-26 17:15 9,216 a------- c:\windows\system32\ftlx0411.dll 2009-09-26 17:08 906 a------- c:\windows\COCR2.INI 2009-09-26 15:59 172,032 a------- c:\windows\system32\AniGIF.ocx 2009-09-26 15:59 <DIR> -cd----- c:\program files\DAP 2009-09-25 18:43 <DIR> -cd----- c:\users\oem\appdata\roaming\Windows Live Writer 2009-09-25 15:47 701 ac------ c:\users\oem\appdata\roaming\init.dll 2009-09-25 15:47 701 ac------ c:\users\oem\appdata\roaming\sound.dll 2009-09-25 15:46 116,736 a------- c:\windows\system32\redmonnt.dll 2009-09-25 15:46 94,274 a------- c:\windows\system32\HPBHEALR.DLL 2009-09-25 15:46 58,368 a------- c:\windows\system32\HPDOMON.DLL 2009-09-25 15:46 53,248 a------- c:\windows\system32\HPBMMON.DLL 2009-09-25 15:46 <DIR> -cd----- c:\program files\qvPDF 2009-09-23 22:04 <DIR> -cd----- c:\program files\TSoft 2009-09-23 21:55 <DIR> --d----- c:\programdata\SSScanAppDataDir 2009-09-23 21:55 <DIR> --d----- c:\progra~2\SSScanAppDataDir 2009-09-23 21:55 <DIR> --d----- c:\programdata\MSScanAppDataDir 2009-09-23 21:55 <DIR> --d----- c:\progra~2\MSScanAppDataDir 2009-09-23 16:41 33,879 a------- c:\windows\system32\drivers\Capt905c.sys 2009-09-23 16:41 24,605 a------- c:\windows\system32\drivers\Camd905c.sys 2009-09-22 19:03 <DIR> -cd----- c:\program files\ATnotes 2009-09-21 13:06 <DIR> -cd----- c:\users\oem\appdata\roaming\Any DVD Converter Professional 2009-09-21 13:06 <DIR> -cd----- c:\program files\Any DVD Converter Professional 2009-09-21 13:03 <DIR> -cd----- c:\program files\common files\DVDVideoSoft 2009-09-20 15:44 <DIR> -cd----- c:\users\oem\appdata\roaming\vexorian 2009-09-20 09:26 <DIR> -cd----- c:\users\oem\appdata\roaming\Locktime 2009-09-20 09:25 <DIR> --d----- c:\programdata\Locktime 2009-09-20 09:25 <DIR> --d----- c:\progra~2\Locktime 2009-09-19 16:06 <DIR> -cd----- c:\users\oem\.freemind 2009-09-18 21:50 299,520 a------- c:\windows\uninst.exe 2009-09-17 20:06 <DIR> --d----- C:\tmp 2009-09-15 18:07 1,663,488 a------- c:\windows\system32\BootMan.exe 2009-09-15 18:07 86,408 a------- c:\windows\system32\setupempdrv03.exe 2009-09-15 18:07 14,848 a------- c:\windows\system32\EuEpmGdi.dll 2009-09-15 18:07 9,728 a------- c:\windows\system32\epmntdrv.sys 2009-09-15 18:07 3,072 a------- c:\windows\system32\EuGdiDrv.sys 2009-09-15 18:07 <DIR> -cd----- c:\program files\EASEUS 2009-09-13 20:54 <DIR> -cd----- c:\users\oem\appdata\roaming\r2 Studios 2009-09-13 20:54 <DIR> --d----- c:\programdata\r2 Studios 2009-09-13 20:54 <DIR> --d----- c:\progra~2\r2 Studios 2009-09-13 20:54 <DIR> -cd----- c:\program files\r2 Studios 2009-09-13 20:36 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys ==================== Find3M ==================== 2009-10-04 13:54 143,360 a------- c:\windows\inf\infstrng.dat 2009-10-04 13:54 86,016 a------- c:\windows\inf\infstor.dat 2009-10-04 13:54 51,200 a------- c:\windows\inf\infpub.dat 2009-09-25 16:41 315,392 a------- c:\windows\system32\TubeFinder.exe 2009-09-11 23:07 615,424 a------- c:\windows\system32\themeui.dll 2009-09-10 02:18 350,830 a------- c:\windows\system32\viwc.exe 2009-09-09 22:19 146,412 a------- c:\windows\system32\vilaunch.exe 2009-09-08 19:15 16,608 a------- c:\windows\gdrv.sys 2009-09-07 17:17 24,944 a------- c:\windows\system32\drivers\GVTDrv.sys 2009-09-03 19:17 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-09-03 18:52 319,456 a------- c:\windows\DIFxAPI.dll 2009-09-03 18:52 319,488 a------- c:\windows\HideWin.exe 2009-08-29 15:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-29 15:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-29 15:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll 2009-08-29 15:30 542,720 a------- c:\windows\apppatch\AcLayers.dll 2009-08-29 13:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 13:14 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-26 18:23 78,916 a------- c:\windows\War3Unin.dat 2009-08-15 23:14 411,368 a------- c:\windows\system32\deploytk.dll 2009-08-15 05:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys 2009-08-15 04:53 17,920 a------- c:\windows\system32\netevent.dll 2009-08-15 02:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-15 02:49 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-15 02:49 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-15 02:49 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-15 02:49 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-15 02:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-15 02:49 10,240 a------- c:\windows\system32\finger.exe 2009-08-15 02:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys 2009-08-15 02:48 105,984 a------- c:\windows\system32\netiohlp.dll 2009-08-07 20:51 15,308,424 a------- c:\windows\system32\xlive.dll 2009-08-07 20:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll 2009-07-26 17:44 48,448 a------- c:\windows\system32\sirenacm.dll 2009-07-22 10:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-22 10:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-22 10:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-22 09:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-07-18 02:54 71,680 a------- c:\windows\system32\atl.dll 2009-07-16 01:40 8,147,456 a------- c:\windows\system32\wmploc.DLL 2009-07-16 01:39 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-07-16 01:39 4,096 a------- c:\windows\system32\dxmasf.dll 2009-07-16 01:39 7,680 a------- c:\windows\system32\spwmp.dll 2009-06-29 22:52 14,347,640 ac------ c:\program files\TelecomHelpAssistant.exe 2009-05-27 20:37 665,600 a------- c:\windows\inf\drvindex.dat 2009-04-24 23:17 262,144 a------- c:\progra~2\NTUSER.dat 2008-01-21 15:43 174 a--sh--- c:\program files\desktop.ini 2006-11-03 01:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-03 01:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-03 01:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-03 01:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 22:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 22:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 22:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 22:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-30 14:10 245,760 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-06-15 20:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-06-15 20:10 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-06-15 20:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-06-15 20:10 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-06-30 00:14 16,384 a--sh--- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat ============= FINISH: 18:54:41.79 =============== Is there any way to make spybot autoupdate?

Attached Files


No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#6 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 13 October 2009 - 12:02 AM

Also I found in the attach.txt lots of programs i dont have installed ... EDIT: I see... Steam installed a game without me, how do I remove it, ive tried windows uninstall

Edited by lichking21st, 13 October 2009 - 12:11 AM.

No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#7 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 13 October 2009 - 12:19 AM

hey I found something! Its a Malwarebytes Log from my quick scan before my full scan a few days ago. Somehow it only crashes on full scan Malwarebytes' Anti-Malware 1.41 Database version: 2928 Windows 6.0.6002 Service Pack 2 9/10/2009 8:11:18 p.m. mbam-log-2009-10-09 (20-11-18).txt Scan type: Quick Scan Objects scanned: 100222 Time elapsed: 4 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\OEM\AppData\Roaming\SYSTEM32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#8 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 13 October 2009 - 06:45 PM

Hi,

You are still running Spybot with tea timer on and Windows Defender. This two may conflict with each other. Please uninstall one, in this case Spybot as it's outdated but if you wish to keep it then uninstall Windows Defender.
To answer your question

Is there any way to make spybot autoupdate?

- You could try using /autoupdate command line parameter.
Source: http://www.safer-net.../en/faq/30.html

Steam installed a game without me, how do I remove it, ive tried windows uninstall

- Is there an error occurring when you try to uninstall the game? If so, kindly post the error message.

Please go to the site below and upload the following files for analysis:
VirSCAN

click on Browse, and upload the following file for analysis:
  • c:\windows\system32\drivers\GVTDrv.sys
  • c:\windows\ws_io_ups_check.ini
  • c:\windows\system32\setupempdrv03.exe


Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#9 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 13 October 2009 - 09:59 PM

I turned off windows defencer's service and turned the protection off in the GUI, do I have to completely uninstall it? I used this: http://www.vista4beg...indows-Defender

I will scan shortly
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#10 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 13 October 2009 - 10:42 PM

Strange... It's not there on steam game list File Name : GVTDrv.sys File Size : 24944 byte File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit MD5 : 689a8eef2a2d62b28a0a578a6196531c SHA1 : 9fe5420f5f3aecc3b84e5db91b48d20508cd778a Scanner resultsScanner results : All Scanners reported not find malware! Time : 2009/10/14 17:22:27 (NZDT) File Name : ws_io_ups_check.ini File Size : 183 byte File Type : ASCII text, with CRLF line terminators MD5 : 09e873d29831b7a825b39a452aec4380 SHA1 : 499a79310a75e3f0a6eb1a980896e7cb2151cac6 Scanner resultsScanner results : All Scanners reported not find malware! Time : 2009/10/14 17:25:23 (NZDT) File Name : setupempdrv03.exe File Size : 86408 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : 780fb595e5e11355a8313f644329e3eb SHA1 : 2a4714ff389bb2391f9c57ce9da6064ac2aed8ee Scanner resultsScanner results : All Scanners reported not find malware! Time : 2009/10/14 17:28:56 (NZDT)
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

    Advertisements

Register to Remove


#11 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 14 October 2009 - 05:22 PM

Hi,

I turned off windows defencer's service and turned the protection off in the GUI, do I have to completely uninstall it?

Yes if you wish to use Spybot Search and Destroy or you can do the other way around, uninstall Spybot then use Windows Defender. What we're saying here is that you should not run two anti virus/spyware at the same time as they tend to conflict with one another.

Strange... It's not there on steam game list

What is?

Can you please upload another file for me for analysis at VirSCAN. I missed this one. Sorry.
click on Browse, and upload the following file for analysis:
  • c:\windows\system32\viwc.exe


Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

--Next--

Click on Start > Control Panel and double click on Programs and Features.
Locate Malwarebytes and click on the Uninstall button to uninstall it.
Close Control Panel when done.

--Next--

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post back the log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

--Next--

Please do a scan with Kaspersky Online Scanner or from Here.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report To obtain the report:
  • Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
  • Then, click: [b]Save
  • Please post the [b]Kaspersky Online Scanner Report in your reply.

Posted Image


To post in your next reply:
1. MBAM log.
2. Kaspersky log.
3. Describe how your computer is doing at the moment.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#12 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 14 October 2009 - 06:58 PM

Can you please upload another file for me for analysis at VirSCAN. I missed this one. Sorry.
click on Browse, and upload the following file for analysis:

* c:\windows\system32\viwc.exe



Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.


This is part of a Windows 7 Transformation Pack that I installed info here: http://forum.kaspers...hp/t103028.html

Master Delta
5.02.2009 05:10
Actually, never mind, I realized what viwc.exe was. After obtaining a bit of support from a different web-site regarding a different topic, I found out what viwc.exe is - It is part of the Windows X Vista Transformation Pack, and mimics the Windows Vista welcome center in Windows XP. A new virus database update with new virus definitions resulted in one of those new viruses being detected in this file, because it modified certain system files (this is normal if you are using Vista Transformation Pack). The scrnrdr.exe also apparently reappeared; it is a part of viwc.exe file previously mentioned. Vista Transformation Pack is completely safe and is supposed to modify system files in order to attain an XP to Vista look. Both of these files were placed in the WINDOWS/system32 folder which got me thinking I deleted important system files at first. I have sent viwc.exe to Kaspersky for false positive testing. I'm experiencing no symptoms or problems on my PC. Thanks anyway, though.

I did, however, manually delete that other file in the script, which is not related to Vista Transformation Pack at all.


No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#13 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 14 October 2009 - 07:16 PM

:thumbup: Please do the scans. Thank you. :)

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#14 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 14 October 2009 - 09:32 PM

Heres Malwarebytes: Malwarebytes' Anti-Malware 1.41 Database version: 2964 Windows 6.0.6002 Service Pack 2 15/10/2009 4:31:27 p.m. mbam-log-2009-10-15 (16-31-26).txt Scan type: Quick Scan Objects scanned: 101317 Time elapsed: 4 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Kaspersky is gonna take a while...

Edited by lichking21st, 14 October 2009 - 09:33 PM.

No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#15 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 14 October 2009 - 10:13 PM

I don't think I can do the Kaspersky Scan, the definitions file is too big (750mb) and I only have 1GB of broadband Left(I used it all) is there another way?
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users