PDA

View Full Version : Virtumonde the great



nox_PHX
2010-09-02, 22:13
As the title says, I'm infected with this ever lasting disease.

Multiple scans haven't been able to remove this, tried safe mode, etc etc.
When I rebooted my pc after a cleaning, some file named OUTLOOK.EXE was ran (twice), I quickly ended it but it as still able to open some CMD boxes, damn.
I'm pretty tech savvy, if that helps.

Umm here are the log(s):
____________________________________________________________

DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 11:55:02.51 on Thu 09/02/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.340 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k netsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\user\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\6bfx8ja2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - HiddenExtension: XULRunner: {69E1B4E1-C184-457F-BDDF-36564317491E} - c:\documents and settings\user\local settings\application data\{69E1B4E1-C184-457F-BDDF-36564317491E}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-4-25 33824]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-28 12672]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2004-8-4 14336]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-6-7 22784]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-6-2 33792]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-12-19 9472]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2010-4-25 27904]
S1 chtudlst;chtudlst;\??\c:\windows\system32\drivers\chtudlst.sys --> c:\windows\system32\drivers\chtudlst.sys [?]
S1 ezcacfar;ezcacfar;\??\c:\windows\system32\drivers\ezcacfar.sys --> c:\windows\system32\drivers\ezcacfar.sys [?]
S1 lgstinbx;lgstinbx;\??\c:\windows\system32\drivers\lgstinbx.sys --> c:\windows\system32\drivers\lgstinbx.sys [?]
S1 ltjhbnxt;ltjhbnxt;\??\c:\windows\system32\drivers\ltjhbnxt.sys --> c:\windows\system32\drivers\ltjhbnxt.sys [?]
S1 mmovdfbd;mmovdfbd;\??\c:\windows\system32\drivers\mmovdfbd.sys --> c:\windows\system32\drivers\mmovdfbd.sys [?]
S1 pxwduetu;pxwduetu;\??\c:\windows\system32\drivers\pxwduetu.sys --> c:\windows\system32\drivers\pxwduetu.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-15 136176]
S2 HW_VSP3s_Service;HW Virtual Serial Port (single);c:\program files\hw group\hw vsp3s\HW_VSP3s_srv.exe [2010-4-25 498968]
S2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-4-3 91392]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-4-3 25856]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-4-3 6016]
S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2009-6-7 31104]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2010-4-25 53888]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-4-3 42752]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-3 24960]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-8-23 34760]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?]

=============== Created Last 30 ================

2010-09-02 07:37:48 92 ----a-w- c:\windows\wininit.ini
2010-09-02 01:11:49 0 d-----w- c:\documents and settings\user\Bluetooth Software
2010-09-02 01:07:31 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2010-09-02 01:07:30 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-02 01:07:30 37424 ----a-w- c:\windows\system32\drivers\btport.sys
2010-09-02 01:07:30 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2010-09-02 01:07:30 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-09-02 01:07:29 876384 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-09-02 01:07:28 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2010-09-02 01:06:58 0 d-----w- c:\program files\WIDCOMM
2010-08-31 15:41:05 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-31 13:13:09 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-08-31 13:12:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 13:12:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-31 13:12:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 13:12:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 13:08:55 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-31 12:53:56 120 ----a-w- c:\windows\Atixuv.dat
2010-08-31 12:53:56 0 ----a-w- c:\windows\Dmajokakej.bin
2010-08-31 09:47:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-31 09:47:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-31 09:27:18 0 ----a-w- c:\windows\system32\drivers\levuwam.sys
2010-08-31 09:26:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-08-31 09:26:36 253952 ----a-w- c:\windows\system32\drivers\tcpip7x.sys
2010-08-31 09:26:24 0 d-----w- c:\docume~1\user\applic~1\04636C827F6E9BCCDFEBFBE13DDF8687
2010-08-30 07:56:21 0 d-----w- c:\docume~1\user\applic~1\HandBrake
2010-08-30 07:56:13 0 d-----w- c:\program files\Handbrake

==================== Find3M ====================

2010-08-31 15:48:46 1033728 ----a-w- c:\windows\explorer.exe
2010-08-31 15:48:45 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-08-31 09:43:39 3172 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-31 20:07:54 58352 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-24 04:24:51 2 --shatr- c:\windows\winstart.bat
2009-06-10 22:50:33 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061020090611\index.dat

============= FINISH: 11:57:09.30 ===============

Heres another, after I removed uTorrent.



DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 12:22:33.51 on Thu 09/02/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.344 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k netsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\6bfx8ja2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - HiddenExtension: XULRunner: {69E1B4E1-C184-457F-BDDF-36564317491E} - c:\documents and settings\user\local settings\application data\{69E1B4E1-C184-457F-BDDF-36564317491E}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-4-25 33824]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-28 12672]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2004-8-4 14336]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-6-7 22784]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-6-2 33792]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-12-19 9472]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2010-4-25 27904]
S1 chtudlst;chtudlst;\??\c:\windows\system32\drivers\chtudlst.sys --> c:\windows\system32\drivers\chtudlst.sys [?]
S1 ezcacfar;ezcacfar;\??\c:\windows\system32\drivers\ezcacfar.sys --> c:\windows\system32\drivers\ezcacfar.sys [?]
S1 lgstinbx;lgstinbx;\??\c:\windows\system32\drivers\lgstinbx.sys --> c:\windows\system32\drivers\lgstinbx.sys [?]
S1 ltjhbnxt;ltjhbnxt;\??\c:\windows\system32\drivers\ltjhbnxt.sys --> c:\windows\system32\drivers\ltjhbnxt.sys [?]
S1 mmovdfbd;mmovdfbd;\??\c:\windows\system32\drivers\mmovdfbd.sys --> c:\windows\system32\drivers\mmovdfbd.sys [?]
S1 pxwduetu;pxwduetu;\??\c:\windows\system32\drivers\pxwduetu.sys --> c:\windows\system32\drivers\pxwduetu.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-15 136176]
S2 HW_VSP3s_Service;HW Virtual Serial Port (single);c:\program files\hw group\hw vsp3s\HW_VSP3s_srv.exe [2010-4-25 498968]
S2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-4-3 91392]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-4-3 25856]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-4-3 6016]
S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2009-6-7 31104]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2010-4-25 53888]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-4-3 42752]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-3 24960]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-8-23 34760]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?]

=============== Created Last 30 ================

2010-09-02 07:37:48 92 ----a-w- c:\windows\wininit.ini
2010-09-02 01:11:49 0 d-----w- c:\documents and settings\user\Bluetooth Software
2010-09-02 01:07:31 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2010-09-02 01:07:30 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-02 01:07:30 37424 ----a-w- c:\windows\system32\drivers\btport.sys
2010-09-02 01:07:30 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2010-09-02 01:07:30 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-09-02 01:07:29 876384 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-09-02 01:07:28 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2010-09-02 01:06:58 0 d-----w- c:\program files\WIDCOMM
2010-08-31 15:41:05 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-31 13:13:09 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-08-31 13:12:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 13:12:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-31 13:12:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 13:12:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 13:08:55 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-31 12:53:56 120 ----a-w- c:\windows\Atixuv.dat
2010-08-31 12:53:56 0 ----a-w- c:\windows\Dmajokakej.bin
2010-08-31 09:47:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-31 09:47:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-31 09:27:18 0 ----a-w- c:\windows\system32\drivers\levuwam.sys
2010-08-31 09:26:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-08-31 09:26:36 253952 ----a-w- c:\windows\system32\drivers\tcpip7x.sys
2010-08-31 09:26:24 0 d-----w- c:\docume~1\user\applic~1\04636C827F6E9BCCDFEBFBE13DDF8687
2010-08-30 07:56:21 0 d-----w- c:\docume~1\user\applic~1\HandBrake
2010-08-30 07:56:13 0 d-----w- c:\program files\Handbrake

==================== Find3M ====================

2010-08-31 15:48:46 1033728 ----a-w- c:\windows\explorer.exe
2010-08-31 15:48:45 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-08-31 09:43:39 3172 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-31 20:07:54 58352 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-24 04:24:51 2 --shatr- c:\windows\winstart.bat
2009-06-10 22:50:33 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061020090611\index.dat

============= FINISH: 12:24:13.42 ===============

jmw3
2010-09-05, 14:05
Hello & Welcome to Safer-Networking

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:
Any recommendations made are for your computer problems only and should NOT be used on any other computer.
Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.Please note that the forum is very busy and if I don't hear from you within four days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

As your logs are a few days old, please run DDS again & post the contents of both logs - no need to attach them - copy/paste the contents will be fine.

Gmer
Download GMER Rootkit Scanner from here (http://www.gmer.net/download.php) & save it to your desktop.
Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

http://i28.photobucket.com/albums/c227/tetonbob/gmer_th.gif (http://i28.photobucket.com/albums/c227/tetonbob/gmer_screen2-1.gif)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
Double click the gmer.exe file
The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your replyTo post in next reply:
Contents of new DDS log
Contents of new Attach.txt
Contents of Gmer log

nox_PHX
2010-09-06, 04:55
DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 12:35:50.50 on Sun 09/05/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.671 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k netsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\taskcgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GMorphCl] "c:\windows\system32\taskcgr.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\lspA.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\6bfx8ja2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - HiddenExtension: XULRunner: {69E1B4E1-C184-457F-BDDF-36564317491E} - c:\documents and settings\user\local settings\application data\{69E1B4E1-C184-457F-BDDF-36564317491E}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-4-25 33824]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-28 12672]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2004-8-4 14336]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-6-7 22784]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-6-2 33792]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-12-19 9472]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2010-4-25 27904]
S1 chtudlst;chtudlst;\??\c:\windows\system32\drivers\chtudlst.sys --> c:\windows\system32\drivers\chtudlst.sys [?]
S1 ezcacfar;ezcacfar;\??\c:\windows\system32\drivers\ezcacfar.sys --> c:\windows\system32\drivers\ezcacfar.sys [?]
S1 lgstinbx;lgstinbx;\??\c:\windows\system32\drivers\lgstinbx.sys --> c:\windows\system32\drivers\lgstinbx.sys [?]
S1 ltjhbnxt;ltjhbnxt;\??\c:\windows\system32\drivers\ltjhbnxt.sys --> c:\windows\system32\drivers\ltjhbnxt.sys [?]
S1 mmovdfbd;mmovdfbd;\??\c:\windows\system32\drivers\mmovdfbd.sys --> c:\windows\system32\drivers\mmovdfbd.sys [?]
S1 pxwduetu;pxwduetu;\??\c:\windows\system32\drivers\pxwduetu.sys --> c:\windows\system32\drivers\pxwduetu.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-15 136176]
S2 HW_VSP3s_Service;HW Virtual Serial Port (single);c:\program files\hw group\hw vsp3s\HW_VSP3s_srv.exe [2010-4-25 498968]
S2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-4-3 91392]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-4-3 25856]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-4-3 6016]
S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2009-6-7 31104]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2010-4-25 53888]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-4-3 42752]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-3 24960]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-8-23 34760]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?]

=============== Created Last 30 ================

2010-09-03 14:45:57 34667 ----a-w- c:\windows\system32\taskcgr.exe
2010-09-03 14:45:48 53099 ----a-w- c:\windows\system32\lspA.dll
2010-09-03 14:45:48 4 ---ha-w- c:\windows\system32\iexplore.sy_
2010-09-03 14:45:48 0 ----a-w- c:\windows\system32\lspA.tmp
2010-09-02 07:37:48 92 ----a-w- c:\windows\wininit.ini
2010-09-02 01:11:49 0 d-----w- c:\documents and settings\user\Bluetooth Software
2010-09-02 01:07:31 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2010-09-02 01:07:30 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-02 01:07:30 37424 ----a-w- c:\windows\system32\drivers\btport.sys
2010-09-02 01:07:30 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2010-09-02 01:07:30 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-09-02 01:07:29 876384 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-09-02 01:07:28 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2010-09-02 01:06:58 0 d-----w- c:\program files\WIDCOMM
2010-08-31 15:41:05 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-31 13:13:09 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-08-31 13:12:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 13:12:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-31 13:12:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 13:12:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 13:08:55 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-31 12:53:56 120 ----a-w- c:\windows\Atixuv.dat
2010-08-31 12:53:56 0 ----a-w- c:\windows\Dmajokakej.bin
2010-08-31 09:47:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-31 09:47:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-31 09:27:18 0 ----a-w- c:\windows\system32\drivers\levuwam.sys
2010-08-31 09:26:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-08-31 09:26:36 253952 ----a-w- c:\windows\system32\drivers\tcpip7x.sys
2010-08-31 09:26:24 0 d-----w- c:\docume~1\user\applic~1\04636C827F6E9BCCDFEBFBE13DDF8687
2010-08-30 07:56:21 0 d-----w- c:\docume~1\user\applic~1\HandBrake
2010-08-30 07:56:13 0 d-----w- c:\program files\Handbrake

==================== Find3M ====================

2010-08-31 15:48:46 1033728 ----a-w- c:\windows\explorer.exe
2010-08-31 15:48:45 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-08-31 09:43:39 3172 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-31 20:07:54 58352 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-24 04:24:51 2 --shatr- c:\windows\winstart.bat
2009-06-10 22:50:33 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061020090611\index.dat

============= FINISH: 12:39:21.02 ===============


Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2008 5:34:18 PM
System Uptime: 9/5/2010 12:24:35 PM (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6738
Processor: AMD Athlon(tm) | Socket A | 1896/140mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 8.234 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS

==== System Restore Points ===================

RP1: 8/31/2010 10:05:10 AM - System Checkpoint
RP2: 9/1/2010 2:54:50 PM - System Checkpoint
RP3: 9/1/2010 6:06:47 PM - Installed Bluetooth Software
RP4: 9/3/2010 9:41:12 AM - System Checkpoint
RP5: 9/3/2010 7:48:28 PM - Removed TweetDeck

==== Installed Programs ======================

7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
BSPViewer 1.5.6
calibre
Chinese Traditional Fonts Support For Adobe Reader 9
Compatibility Pack for the 2007 Office system
Connect
Counter-Strike
CPUID CPU-Z 1.52.2
Cpukiller3 v1.0.5
Critical Update for Windows Media Player 11 (KB959772)
dBpowerAMP Music Converter
Dropbox
Easy CD & DVD Creator 6
ERUNT 1.1j
EVGA Display Driver
Futuremark SystemInfo
Gabbasoft Cube Demo
GCFScape 1.7.3
GoldWave v5.20
Google Chrome
Google Earth Plug-in
Google Update Helper
GSC 2.00
Half-Life Model Viewer 1.25
Handbrake 0.9.4
HashTab 1.14 for x32
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP USB Multimedia Keyboard Driver V1.2
HW Virtual Serial Port 3.1.2 Single
ISO Recorder
iTunes
Java(TM) 6 Update 13
Jed's Half-Life Model Viewer 1.3.6
Junk Mail filter update
kuler
Left 4 Dead 2 Demo
LibUSB-Win32-0.1.10.1
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing Platinum 20
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft WinUsb 1.0
Motorola Driver Installation 4.2.0
Mozilla Firefox (3.5.9)
Mozilla Firefox (3.6.7)
MP3 Converter Simple
MSVCRT
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
Opera 9.64
PaperPort
PdaNet for Android 2.16.2
PDF Settings CS4
Photoshop Camera Raw
PowerDVD
QPST
QuickTime
Razer DeathAdder(TM) Mouse
Realtek AC'97 Audio
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
RSDLite
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Segoe UI
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Steam
Suite Shared Configuration CS4
UnHackMe 5.00 release
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Ventrilo Client
Videora iPod Converter 4.08
VLC media player 1.0.2
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Cypress (CyUsb) USB
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

9/4/2010 4:22:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.685.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
9/3/2010 1:41:19 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.685.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
9/1/2010 5:35:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
9/1/2010 11:17:20 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.685.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
9/1/2010 1:32:24 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.685.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
9/1/2010 1:31:54 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/1/2010 1:31:54 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
8/31/2010 9:48:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/31/2010 8:59:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/31/2010 8:58:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Fips IPSec MpFilter NetBT oreans32 RasAcd sptd Tcpip viaagp1 videX32
8/31/2010 8:58:12 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/31/2010 8:58:12 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/31/2010 8:58:12 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/31/2010 8:58:12 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/31/2010 8:49:56 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 3 time(s).
8/31/2010 8:48:46 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:760 Action: Quarantine Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:48:46 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:1720;winlogonshell:HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:Explorer.exe Action: Quarantine Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:48:45 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:760 Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:48:45 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:1720 Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:48:07 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:760 Action: Quarantine Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:48:07 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:1720;winlogonshell:HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:Explorer.exe Action: Quarantine Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:48:06 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:760 Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:48:06 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:1720 Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:46:15 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:760 Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:46:15 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:1720 Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:46:15 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Hiloti.gen!D&threatid=2147630886 User: USER-91055C0D28\user Name: Trojan:Win32/Hiloti.gen!D ID: 2147630886 Severity: Severe Category: Trojan Path: process:pid:1720 Action: Remove Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:44:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:760 Action: Quarantine Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:44:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:1720;winlogonshell:HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:Explorer.exe Action: Quarantine Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:44:39 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:760 Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:44:39 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Bamital.C&threatid=2147637453 User: USER-91055C0D28\user Name: Virus:Win32/Bamital.C ID: 2147637453 Severity: Severe Category: Virus Path: process:pid:1720 Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. Signature Version: AV: 1.89.685.0, AS: 1.89.685.0 Engine Version: 1.1.6103.0
8/31/2010 8:42:34 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
8/31/2010 8:39:18 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 2 time(s).
8/31/2010 8:20:27 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
8/31/2010 8:18:49 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
8/31/2010 6:11:55 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
8/31/2010 6:10:47 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
8/31/2010 6:01:02 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/31/2010 5:14:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: viaagp1 videX32
8/31/2010 2:37:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/31/2010 2:35:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 Fips oreans32 sptd
8/31/2010 2:34:29 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
8/31/2010 2:34:29 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/31/2010 2:34:29 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/31/2010 2:29:51 AM, error: Service Control Manager [7034] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service terminated unexpectedly. It has done this 1 time(s).
8/31/2010 2:29:00 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/31/2010 2:27:32 AM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
8/31/2010 2:26:38 AM, error: Service Control Manager [7000] - The _c130 service failed to start due to the following error: The request could not be performed because of an I/O device error.
8/31/2010 10:02:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/31/2010 10:01:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/30/2010 5:59:09 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
8/30/2010 5:59:09 PM, error: Service Control Manager [7003] - The MotoConnect Service service depends on the following nonexistent service: lanmanworkstation
8/30/2010 5:59:09 PM, error: Service Control Manager [7002] - The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.
8/29/2010 3:55:53 PM, error: Service Control Manager [7034] - The HW Virtual Serial Port (single) service terminated unexpectedly. It has done this 1 time(s).
8/29/2010 11:55:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the libusbd service.

==== End Of File ===========================

nox_PHX
2010-09-06, 04:56
GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 18:44:46
Windows 5.1.2600 Service Pack 3
Running: mmlolcwy.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kwgiqfod.sys

.text ...

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0xA0 0xE0 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0xA0 0xE0 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0xA0 0xE0 0xF1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0xF6 0x63 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0xF6 0x63 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0xF6 0x63 0xD9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xED 0xE2 0x66 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xED 0xE2 0x66 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xED 0xE2 0x66 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1152] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DE000A
.text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\wuauclt.exe[1352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093000A
.text C:\WINDOWS\Explorer.EXE[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0094000A
.text C:\WINDOWS\system32\wuauclt.exe[1352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0094000A
.text C:\WINDOWS\Explorer.EXE[1640] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BF000A
.text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0092000C
.text C:\WINDOWS\system32\wuauclt.exe[1352] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0092000C
.text C:\WINDOWS\Explorer.EXE[1640] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B8000C
.text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F4000A

---- Devices - GMER 1.0.15 ----

Device \Driver\NetBT \Device\NetBt_Wins_Export 89B6F500
Device \Driver\NetBT \Device\NetbiosSmb 89B6F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{5CFDD8FF-F098-4D05-8446-824244FE4C83} 89B6F500
Device \Driver\usbehci \Device\USBPDO-3 8A0CF1F8
Device \Driver\usbehci \Device\USBFDO-3 8A0CF1F8

---- System - GMER 1.0.15 ----

INT 0x35 ? 8A0DEBF8
INT 0x3A ? 8A0DEBF8
INT 0x3B ? 8A0DEBF8
INT 0x3B ? 8A0DEBF8

Device \FileSystem\Cdfs \Cdfs 8A1801F8
Device \Driver\am029ut8 \Device\Scsi\am029ut81 8A1E01F8
Device \Driver\am029ut8 \Device\Scsi\am029ut81Port2Path0Target0Lun0 8A1E01F8
Device \Driver\Cdrom \Device\CdRom0 8A1F51F8
Device \Driver\Cdrom \Device\CdRom1 8A1F51F8
Device \Driver\Cdrom \Device\CdRom2 8A1F51F8
Device \Driver\usbuhci \Device\USBPDO-0 8A20C1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A20C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A20C1F8
Device \Driver\usbuhci \Device\USBFDO-0 8A20C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A20C1F8
Device \Driver\usbuhci \Device\USBFDO-2 8A20C1F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A328EC5
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A42C1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A42C1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A42C1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A42C1F8
Device \FileSystem\Ntfs \Ntfs 8A4971F8

INT 0x3E ? 8A498BF8
INT 0x3F ? 8A498BF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4991F8
Device \Driver\Ftdisk \Device\FtControl 8A4991F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

---- Kernel code sections - GMER 1.0.15 ----

.text am029ut8.SYS B7F3C386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text am029ut8.SYS B7F3C3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text am029ut8.SYS B7F3C3C4 3 Bytes [00, 80, 02]
.text am029ut8.SYS B7F3C3C9 1 Byte [30]
.text am029ut8.SYS B7F3C3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text USBPORT.SYS!DllUnload B83DA8AC 5 Bytes JMP 8A0DE1D8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\dmload.sys entry point in ".rsrc" section [0xF798E114]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8854360, 0x37388D, 0xE8000020]
.text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xB8F2C280, 0x7B1C, 0xE8000020]

Device \Driver\PCI_PNP0496 \Device\00000055 spbw.sys
Device \Driver\PCI_PNP0496 \Device\00000055 spbw.sys
Device \Driver\sptd \Device\4209741360 spbw.sys

---- Kernel code sections - GMER 1.0.15 ----

? spbw.sys The system cannot find the file specified. !

SSDT spbw.sys ZwCreateKey [0xF74E40E0]
SSDT spbw.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spbw.sys ZwEnumerateValueKey [0xF74FD132]
SSDT spbw.sys ZwOpenKey [0xF74E40C0]
SSDT spbw.sys ZwQueryKey [0xF74FD20A]
SSDT spbw.sys ZwQueryValueKey [0xF74FD08A]
SSDT spbw.sys ZwSetValueKey [0xF74FD29C]

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
File C:\WINDOWS\system32\drivers\dmload.sys suspicious modification

---- EOF - GMER 1.0.15 ----


The GMER just got done like 5 minutes ago, HOURS later lol

Anything else? :)

jmw3
2010-09-06, 15:07
Hi

Apologies for the delay.... Hectic work & family commitments.

Some bad news I'm afraid:
I hate to be the bearer of bad news but one or more of the identified infections on this system is a Backdoor Trojan. In addition, you have multiple other malware variants on this seriously infected system. The vector for these infections was very likely peer-to-peer filesharing.
Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

In addition to the backdoor Trojan that has been identified, this system is afflicted with other infections. Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damages it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system.

Prior to reformatting the system, the hard drive could be removed and attached to another system as a "slave," thereby allowing you to remove and salvage your data files. No programs or executable files should be saved as they would likely be infected, and all data files should be scanned with anti-virus and anti-spyware programs prior to being returned to the hard drive after it has been reformatted. If you are not comfortable performing this procedure yourself, we would advise you to take the computer to a reliable, local, computer repair shop and have them do the work for you.

Should you have any questions, please feel free to ask.

nox_PHX
2010-09-06, 15:14
Hi

Apologies for the delay.... Hectic work & family commitments.

Some bad news I'm afraid:
I hate to be the bearer of bad news but one or more of the identified infections on this system is a Backdoor Trojan. In addition, you have multiple other malware variants on this seriously infected system. The vector for these infections was very likely peer-to-peer filesharing.
Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

In addition to the backdoor Trojan that has been identified, this system is afflicted with other infections. Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damages it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system.

Prior to reformatting the system, the hard drive could be removed and attached to another system as a "slave," thereby allowing you to remove and salvage your data files. No programs or executable files should be saved as they would likely be infected, and all data files should be scanned with anti-virus and anti-spyware programs prior to being returned to the hard drive after it has been reformatted. If you are not comfortable performing this procedure yourself, we would advise you to take the computer to a reliable, local, computer repair shop and have them do the work for you.

Should you have any questions, please feel free to ask.

Well that sucks, been meaning to reformat, now I just have a reason to.
Question, as long as we stay away from anything important, we should be ok, right?
Just asking because I don't know how long it'll be till I purchase a new HDD.
And I just mean basic browsing (YouTube etc)

Also, thanks for letting me know!

jmw3
2010-09-06, 15:51
Hi


Question, as long as we stay away from anything important, we should be ok, right?Not quite sure what you mean. Do you mean staying away from your banking sites etc.?
Here is an example of one of the files your dealing with:
tcpip7x.sys
http://www.threatexpert.com/report.aspx?md5=d621f8e4f8a3be77264436fd0d8652be

So after reading that, where do you draw the line as to what is important... when every keystroke is being captured.
We could clean this machine, but until it's reformatted it would never be considered safe to use.

Your choice.

nox_PHX
2010-09-06, 23:10
That's exactly what I mean. Just browse and mauve watch a couple vids here and there.

I'm not gonna bother wasting your guys' time with this PC, I can already tell it's going to be a long process that'll just end up nowhere. I plan on reformatting soon, just not entirely sure when.

Thanks again.

jmw3
2010-09-07, 02:07
OK, no problem.

Let me know if you need some assistance re-formatting, otherwise I'll close this one.

nox_PHX
2010-09-07, 13:15
I think I can handle it, but I do have one question before this gets closed/archived:

What would be some good precautions/actions to take once reformatted so that this problem does not occur again?

jmw3
2010-09-07, 14:03
This is a list of recommendations & advice I usually give at the close of a topic. You're free to take any or all of the advice:

Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Set Correct Settings For Files That Should Be Hidden In Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab
Under Hidden files and folders if necessary select Do not show hidden files and folders
If unchecked, checkHide protected operating system files (Recommended)
If necessary check Display content of system folders
If necessary Uncheck Hide file extensions for known file types
Click OK

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can download it here (http://www.besttechie.net/software/) & find a tutorial here (http://thespykiller.co.uk/index.php/topic,5946.0.html). Keep it updated & run it regularly.

SpywareBlaster
Download and install Javacools SpywareBlaster from here (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE (http://www.mvps.org/winhelp2002/hosts2.htm)

Web of Trust
WOT (http://www.mywot.com/), Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go
Yellow for caution
Red to stopWOT has an addon available for both Firefox and Internet Explorer.

Install WinPatrol
Download it here (http://www.winpatrol.com/download.html)
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

jmw3
2010-09-08, 06:59
Since this issue appears to be resolved ... this Topic has been closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include fresh DDS & Attach logs and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or Moderator a private message (pm). A valid, working link to the closed topic is also required.