Results 1 to 2 of 2

Thread: Please help?

  1. 2011-04-01, 02:05 #1
    MonstroX
    MonstroX is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    1

    Default

    I've ran Spybots at aleast a good 5 times the same problem occurs all of the viruses that had been detected and that ive deleted have came back and one of the viruses was called DNS flush i had trouble trying to remove that one. Help?

    DDS (Ver_11-03-05.01) - NTFSx86
    Run by User at 16:49:44.56 on Thu 03/31/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1279.177 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tunngle\TnglCtrl.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\setup.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Vista Anti-Lag\val.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\setup.exe
    C:\Windows\msmgm.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\User\AppData\Local\Temp\win.exe
    C:\Users\User\AppData\Local\Temp\win32.exe
    C:\Windows\sysmgm.exe
    C:\Users\User\AppData\Local\Temp\avp32.exe
    C:\Windows\drweb.exe
    C:\Users\User\AppData\Local\Temp\wininst.exe
    C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\TEMP\0.1188447591678673.exe
    C:\Windows\TEMP\0.1188447591678673.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\User\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://www.google.com/
    uSearch Bar =
    mSearchAssistant =
    uURLSearchHooks: H - No File
    mURLSearchHooks: Online Sharing Toolbar: {8567a644-e36c-470c-86cf-9c5b4f37db81} - c:\program files\online_sharing\tbOnl1.dll
    BHO: c:\windows\system32\olg39.dll: {b9b220c3-a500-99bd-f210-04b53a2c8951} - c:\windows\system32\olg39.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
    TB: {B771FEA3-2A05-4C21-B1E2-55551A97D520} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: Online Sharing Toolbar: {8567a644-e36c-470c-86cf-9c5b4f37db81} - c:\program files\online_sharing\tbOnl1.dll
    TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [val] c:\program files\vista anti-lag\val.exe
    uRun: [Mnologujaged] rundll32.exe "c:\users\user\appdata\local\TExmva.dll",Startup
    uRun: [uPc+kt0NqLJsiv] rundll32.exe c:\windows\system32\lfzf4.dll, SystemServer
    uRun: [Mqpe] c:\windows\avp.exe
    uRun: [MqvPc] c:\windows\win32.exe
    uRun: [Mqug] c:\windows\smss.exe
    uRun: [Mqqyc] c:\windows\csrss.exe
    uRun: [Mquvc] c:\windows\setup.exe
    uRun: [Mqstc] c:\windows\msmgm.exe
    uRun: [Mqva] c:\windows\win.exe
    uRun: [MqsZ] c:\windows\mdm.exe
    uRun: [Mqtw+] c:\windows\nvsvc32.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Lvifiejlqb] c:\users\user\appdata\local\temp\winamp.exe
    uRun: [Lvifiejloc] c:\users\user\appdata\local\temp\avp.exe
    uRun: [Lvifiejlub] c:\users\user\appdata\local\temp\sysmgm.exe
    uRun: [Lvifiejlqc] c:\users\user\appdata\local\temp\win.exe
    uRun: [Mqqsc] c:\windows\drweb.exe
    uRun: [Lvifiejlo+] c:\users\user\appdata\local\temp\avp32.exe
    uRun: [Mquwe] c:\windows\sysmgm.exe
    uRun: [Lvifiejlqvc] c:\users\user\appdata\local\temp\wininst.exe
    uRun: [Lvifiejlq+] c:\users\user\appdata\local\temp\win32.exe
    uRun: [MqqZ] c:\windows\cmd.exe
    uRun: [Lvifiejlne] c:\users\user\appdata\local\temp\lsass.exe
    uRun: [Lvifiejlqse] c:\users\user\appdata\local\temp\winlogon.exe
    uRun: [Lvifiejlqf] c:\users\user\appdata\local\temp\user.exe
    uRun: [Lvifiejlkc] c:\users\user\appdata\local\temp\cmd.exe
    uRun: [Lvifiejlpsc] c:\users\user\appdata\local\temp\taskmgr.exe
    uRun: [Lvifiejlud] c:\users\user\appdata\local\temp\system.exe
    uRun: [LvifiejlqZ] c:\users\user\appdata\local\temp\msmgm.exe
    uRun: [Lvifiejlmc] c:\users\user\appdata\local\temp\mdm.exe
    uRun: [Lvifiejlk+] c:\users\user\appdata\local\temp\gdi32.exe
    uRun: [Lvifiejlppf] c:\users\user\appdata\local\temp\services.exe
    uRun: [Mqvpe] c:\windows\winamp.exe
    uRun: [LvifiejlsPc] c:\users\user\appdata\local\temp\nvsvc32.exe
    uRun: [LvifiejlqW] c:\users\user\appdata\local\temp\drweb.exe
    uRun: [Mqvre] c:\windows\wininst.exe
    uRun: [Lvifiejlqe] c:\users\user\appdata\local\temp\setup.exe
    uRun: [MqrMc] c:\windows\gdi32.exe
    uRun: [Mqutc] c:\windows\sysedit.exe
    uRun: [Lvifiejlrxc] c:\users\user\appdata\local\temp\spoolsv.exe
    uRun: [Mqsrc] c:\windows\login.exe
    uRun: [Mqqoc] c:\windows\debug.exe
    uRun: [Lvifiejlprc] c:\users\user\appdata\local\temp\install.exe
    uRun: [Mquse] c:\windows\svchost.exe
    uRun: [MqpSc] c:\windows\avp32.exe
    uRun: [Lvifiejlotc] c:\users\user\appdata\local\temp\hexdump.exe
    uRun: [Lvifiejlhb] c:\users\user\appdata\local\temp\debug.exe
    uRun: [Mqvsc] c:\windows\winlogon.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [uPc+kt0NqLJsiv] rundll32.exe c:\windows\system32\lfzf4.dll, SystemServer
    mRun: [Mqpe] c:\windows\avp.exe
    mRun: [MqvPc] c:\windows\win32.exe
    mRun: [Mqug] c:\windows\smss.exe
    mRun: [Mqqyc] c:\windows\csrss.exe
    mRun: [Mquvc] c:\windows\setup.exe
    mRun: [Mqstc] c:\windows\msmgm.exe
    mRun: [Mqva] c:\windows\win.exe
    mRun: [MqsZ] c:\windows\mdm.exe
    mRun: [Mqtw+] c:\windows\nvsvc32.exe
    mRun: [Lvifiejlqb] c:\users\user\appdata\local\temp\winamp.exe
    mRun: [Lvifiejloc] c:\users\user\appdata\local\temp\avp.exe
    mRun: [Lvifiejlub] c:\users\user\appdata\local\temp\sysmgm.exe
    mRun: [Lvifiejlqc] c:\users\user\appdata\local\temp\win.exe
    mRun: [Mqqsc] c:\windows\drweb.exe
    mRun: [Lvifiejlo+] c:\users\user\appdata\local\temp\avp32.exe
    mRun: [Mquwe] c:\windows\sysmgm.exe
    mRun: [Lvifiejlqvc] c:\users\user\appdata\local\temp\wininst.exe
    mRun: [Lvifiejlq+] c:\users\user\appdata\local\temp\win32.exe
    mRun: [MqqZ] c:\windows\cmd.exe
    mRun: [Lvifiejlne] c:\users\user\appdata\local\temp\lsass.exe
    mRun: [Lvifiejlqse] c:\users\user\appdata\local\temp\winlogon.exe
    mRun: [Lvifiejlqf] c:\users\user\appdata\local\temp\user.exe
    mRun: [Lvifiejlkc] c:\users\user\appdata\local\temp\cmd.exe
    mRun: [Lvifiejlpsc] c:\users\user\appdata\local\temp\taskmgr.exe
    mRun: [Lvifiejlud] c:\users\user\appdata\local\temp\system.exe
    mRun: [LvifiejlqZ] c:\users\user\appdata\local\temp\msmgm.exe
    mRun: [Lvifiejlmc] c:\users\user\appdata\local\temp\mdm.exe
    mRun: [Lvifiejlk+] c:\users\user\appdata\local\temp\gdi32.exe
    mRun: [Lvifiejlppf] c:\users\user\appdata\local\temp\services.exe
    mRun: [Mqvpe] c:\windows\winamp.exe
    mRun: [LvifiejlsPc] c:\users\user\appdata\local\temp\nvsvc32.exe
    mRun: [LvifiejlqW] c:\users\user\appdata\local\temp\drweb.exe
    mRun: [Mqvre] c:\windows\wininst.exe
    mRun: [Lvifiejlqe] c:\users\user\appdata\local\temp\setup.exe
    mRun: [MqrMc] c:\windows\gdi32.exe
    mRun: [Mqutc] c:\windows\sysedit.exe
    mRun: [Lvifiejlrxc] c:\users\user\appdata\local\temp\spoolsv.exe
    mRun: [Mqsrc] c:\windows\login.exe
    mRun: [Mqqoc] c:\windows\debug.exe
    mRun: [Lvifiejlprc] c:\users\user\appdata\local\temp\install.exe
    mRun: [Mquse] c:\windows\svchost.exe
    mRun: [MqpSc] c:\windows\avp32.exe
    mRun: [Lvifiejlotc] c:\users\user\appdata\local\temp\hexdump.exe
    mRun: [Lvifiejlhb] c:\users\user\appdata\local\temp\debug.exe
    mRun: [Mqvsc] c:\windows\winlogon.exe
    mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
    uPolicies-explorer: NoFolderOptions = 1 (0x1)
    uPolicies-system: DisableRegistryTools = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\microsoft office\office14\ONBttnIE.dll/105
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    STS: c:\windows\system32\olg39.dll: {b9b220c3-a500-99bd-f210-04b53a2c8951} - c:\windows\system32\olg39.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\5o4z2dfb.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
    FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: QueryExplorer: {27E679CC-6AAB-4B2A-BB87-096FE4178464} - c:\program files\mozilla firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Personas: - %profile%\extensions\personas@christopher.beard
    FF - Ext: FastestFox: - %profile%\extensions\smarterwiki@wikiatic.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: CookieCuller: {99B98C2C-7274-45a3-A640-D9DF1A1C8460} - %profile%\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: Mouse Gestures Redox: {FFA36170-80B1-4535-B0E3-A4569E497DD0} - %profile%\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: XULRunner: {9CC0BC18-CCEA-4C45-B6E5-00A254F5CE34} - c:\users\user\appdata\local\{9CC0BC18-CCEA-4C45-B6E5-00A254F5CE34}
    FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2011-03-31 22:19:48 15968 ---h--w- c:\windows\winlogon.exe
    2011-03-31 19:39:39 16220 ---h--w- c:\windows\svchost.exe
    2011-03-31 19:39:39 16220 ---h--w- c:\windows\smss.exe
    2011-03-31 19:39:39 15968 ---h--w- c:\windows\avp32.exe
    2011-03-31 19:21:24 15968 ---h--w- c:\windows\mdm.exe
    2011-03-31 19:21:24 15968 ---h--w- c:\windows\gdi32.exe
    2011-03-31 16:59:25 16220 ---h--w- c:\windows\win.exe
    2011-03-31 07:09:54 16220 ---h--w- c:\windows\csrss.exe
    2011-03-31 07:09:53 16220 ---h--w- c:\windows\setup.exe
    2011-03-31 00:14:15 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-03-31 00:14:14 -------- d-----w- c:\program files\Trend Micro
    2011-03-30 14:00:27 15968 ---h--w- c:\windows\login.exe
    2011-03-29 19:19:38 16220 ---h--w- c:\windows\win32.exe
    2011-03-29 18:54:43 16220 ---h--w- c:\windows\cmd.exe
    2011-03-29 16:18:53 16220 ---h--w- c:\windows\spoolsv.exe
    2011-03-29 16:18:53 16220 ---h--w- c:\windows\hexdump.exe
    2011-03-29 11:08:08 15968 ---h--w- c:\windows\msmgm.exe
    2011-03-29 08:38:50 16220 ---h--w- c:\windows\wininst.exe
    2011-03-29 08:38:50 15968 ---h--w- c:\windows\sysmgm.exe
    2011-03-29 08:32:40 15968 ---h--w- c:\windows\user.exe
    2011-03-29 07:22:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2011-03-29 07:22:20 75264 ----a-w- c:\windows\system32\unacev2.dll
    2011-03-29 07:22:20 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2011-03-29 07:22:20 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2011-03-29 07:22:20 153088 ----a-w- c:\windows\system32\unrar3.dll
    2011-03-29 07:22:17 -------- d-----w- c:\users\user\appdata\roaming\Simply Super Software
    2011-03-29 07:22:17 -------- d-----w- c:\progra~2\Simply Super Software
    2011-03-29 07:12:01 -------- d-----w- c:\program files\Unlocker
    2011-03-29 03:21:59 16220 ---h--w- c:\windows\sysedit.exe
    2011-03-29 00:55:12 16220 ---h--w- c:\windows\avp.exe
    2011-03-28 22:17:34 15968 ---h--w- c:\windows\iexplarer.exe
    2011-03-28 22:17:34 15968 ---h--w- c:\windows\drweb.exe
    2011-03-28 19:43:11 15968 ---h--w- c:\windows\win16.exe
    2011-03-28 19:43:00 15968 ---h--w- c:\windows\debug.exe
    2011-03-28 16:45:34 15968 ---h--w- c:\windows\winamp.exe
    2011-03-28 16:45:34 15968 ---h--w- c:\windows\taskmgr.exe
    2011-03-28 16:45:33 16220 ---h--w- c:\windows\install.exe
    2011-03-28 16:45:15 30000 ----a-w- c:\windows\system32\lfzf4.dll
    2011-03-28 16:45:14 30000 ----a-w- c:\windows\system32\olg39.dll
    2011-03-28 16:29:46 0 ----a-w- c:\users\user\appdata\local\Xrimumidin.bin
    2011-03-28 16:29:44 -------- d-----w- c:\users\user\appdata\local\{9CC0BC18-CCEA-4C45-B6E5-00A254F5CE34}
    2011-03-28 16:23:45 158720 ----a-w- c:\windows\Vjegya.exe
    2011-03-28 16:23:45 135168 ----a-w- c:\windows\system32\mprmsgi.dll
    2011-03-28 16:23:45 119296 ----a-w- c:\windows\system32\qintlgntb.dll
    2011-03-26 00:36:16 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{02a79065-d1c6-42db-a373-060bdbaf2fd5}\mpengine.dll
    2011-03-23 01:52:36 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-23 01:52:36 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-23 01:52:36 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-12 19:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-03-09 04:54:38 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 04:54:38 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 04:54:37 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 04:54:37 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 04:47:27 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 04:47:27 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-07 03:28:10 -------- d-----w- c:\program files\WinSCP
    .
    ==================== Find3M ====================
    .
    2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-27 06:00:46 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-01-27 06:00:32 596480 ----a-w- c:\windows\system32\aticfx32.dll
    2011-01-27 05:59:48 17204736 ----a-w- c:\windows\system32\atioglxx.dll
    2011-01-27 05:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-01-27 05:55:56 393216 ----a-w- c:\windows\system32\atieclxx.exe
    2011-01-27 05:55:26 176128 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-01-27 05:54:12 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2011-01-27 05:53:56 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-01-27 05:53:44 278528 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-01-27 05:53:36 15872 ----a-w- c:\windows\system32\atimuixx.dll
    2011-01-27 05:53:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-01-27 05:49:46 4105728 ----a-w- c:\windows\system32\atidxx32.dll
    2011-01-27 05:32:14 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
    2011-01-27 05:28:54 4170752 ----a-w- c:\windows\system32\atiumdag.dll
    2011-01-27 05:27:52 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2011-01-27 05:27:42 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2011-01-27 05:25:52 5580800 ----a-w- c:\windows\system32\aticaldd.dll
    2011-01-27 05:24:20 3463680 ----a-w- c:\windows\system32\atiumdva.dll
    2011-01-27 05:20:46 52736 ----a-w- c:\windows\system32\coinst.dll
    2011-01-27 05:14:08 249856 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-01-27 05:13:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-01-27 05:13:44 32768 ----a-w- c:\windows\system32\atigktxx.dll
    2011-01-27 05:12:42 30720 ----a-w- c:\windows\system32\atiuxpag.dll
    2011-01-27 05:12:26 28672 ----a-w- c:\windows\system32\atiu9pag.dll
    2011-01-27 05:12:00 23040 ----a-w- c:\windows\system32\atitmpxx.dll
    2011-01-27 05:08:42 52736 ----a-w- c:\windows\system32\atimpc32.dll
    2011-01-27 05:08:42 52736 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: WDC_WD5000AAKS-65YGA0 rev.12.01C02 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T1L0-6
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86729439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8672f7d0]; MOV EAX, [0x8672f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82C4C912] -> \Device\Harddisk0\DR0[0x86292A58]
    3 CLASSPNP[0x875AB8B3] -> ntkrnlpa!IofCallDriver[0x82C4C912] -> [0x859174B0]
    5 acpi[0x807C26BC] -> ntkrnlpa!IofCallDriver[0x82C4C912] -> [0x8597E030]
    \Driver\atapi[0x86715F38] -> IRP_MJ_CREATE -> 0x86729439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP3T1L0-6 -> \??\IDE#DiskWDC_WD5000AAKS-65YGA0___________________12.01C02#5&7f8b6c4&0&1.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi -> 0x858e41f8
    user != kernel MBR !!!
    sectors 976773166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 16:54:43.47 ===============








    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/5/2009 10:57:17 PM
    System Uptime: 3/31/2011 4:35:34 AM (12 hours ago)
    .
    Motherboard: XFX | | MG-63MI-7159
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU 1 | 2003/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 456 GiB total, 157.197 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.254 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: isatap.{598D5A37-EA27-4C6C-9AF5-0E1429EF3661}
    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0001
    Manufacturer: Microsoft
    Name: isatap.{ABFC3D45-27FB-4979-BA3B-A4F1EA61EA8B}
    PNP Device ID: ROOT\*ISATAP\0001
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: isatap.{ABFC3D45-27FB-4979-BA3B-A4F1EA61EA8B}
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0003
    Manufacturer: Microsoft
    Name: isatap.{0F1144BA-C6F1-469E-91E6-D4834A397074}
    PNP Device ID: ROOT\*ISATAP\0003
    Service: tunnel
    .
    Class GUID:
    Description: SM Bus Controller
    Device ID: PCI\VEN_10DE&DEV_07D8&SUBSYS_73991462&REV_A1\3&267A616A&0&19
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_10DE&DEV_07D8&SUBSYS_73991462&REV_A1\3&267A616A&0&19
    Service:
    .
    Class GUID:
    Description: Coprocessor
    Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73991462&REV_A2\3&267A616A&0&1B
    Manufacturer:
    Name: Coprocessor
    PNP Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73991462&REV_A2\3&267A616A&0&1B
    Service:
    .
    Class GUID:
    Description:
    Device ID: ROOT\UNKNOWN\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\UNKNOWN\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    Acrobat.com
    Ad-Aware
    Ad-Aware Email Scanner for Outlook
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.4.3
    Adobe Shockwave Player 11.5
    Age of Chivalry
    AI RoboForm
    AikaOnline
    America's Army 3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    Audiosurf Demo
    Bandisoft MPEG-1 Decoder
    BioShock 2
    BioShock Demo
    BlackBerry Desktop Software 6.0
    Bonjour
    Borderlands
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner
    CDDRV_Installer
    Cheat Engine 5.5
    Condition Zero
    Counter-Strike Steamworks Beta
    Counter-Strike: Source
    Crysis(R)
    Day of Defeat: Source
    Definition update for Microsoft Office 2010 (KB982726)
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DNA
    DVD Flick 1.3.0.7
    DVD Shrink 3.2
    Empire: Total War Demo
    erLT
    FileZilla Client 3.3.5.1
    Folding@home-gpu
    Game Booster
    Garena
    GIMP 2.6.11
    Google Earth Plug-in
    Google Gears
    Google Talk Plugin
    Google Update Helper
    GTA San Andreas
    Guitar Hero III
    Guitar Pro 6 Demo
    Half-Life 2
    Half-Life Deathmatch: Source
    Heroes of Newerth
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HyperCam Toolbar
    I-Doser 4.50
    I-Doser v4
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Kane & Lynch 2: Dog Days Demo
    KhalInstallWrapper
    Lead and Gold - Gangs of the Wild West
    Left 4 Dead
    Left 4 Dead 2 Demo
    Left 4 Dead Authoring Tools
    LG USB Modem driver
    Logitech SetPoint
    Logitech Touch Mouse Server 1.0
    Microsoft File Transfer Manager
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Math 3.0
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mirror's Edge™
    Mozilla Firefox (3.6.16)
    Mozilla Firefox 4.0b5 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NVIDIA Drivers
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    OpenAL
    Pando Media Booster
    PDF Settings CS5
    Peggle Extreme
    PFConfig 1.0.296
    PFPortChecker 1.0.32
    PhysX Screen Saver
    Plants Vs Zombies Demo
    Project64 1.6
    PunkBuster Services
    QuickTime
    RamBooster
    Readon TV Movie Radio Player 5.8.0.0
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek HDMI Audio Driver for ATI
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    Sandboxie 3.44
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Soft Data Fax Modem with SmartCP
    Software Informer 1.0 BETA
    SpeedFan (remove only)
    Spybot - Search & Destroy
    StarCraft II
    StarCraft II Beta
    Steam
    STREET FIGHTER IV
    System Requirements Lab
    Team Fortress 2
    TeamSpeak 2 RC2
    TeamViewer 5
    The Ball Demo
    The Lord of the Rings FREE Trial
    TrackMania Nations Forever
    Tunngle beta
    U3Launcher
    Uniblue SpeedUpMyPC
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2494150)
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    Vista Anti-Lag 1.1.1
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.4
    vReveal
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver
    WinSCP 4.3.2
    YouTube Downloader 2.5.4
    Zero Gear Demo
    Zombie Panic! Source
    .
    ==== End Of File ===========================

    Attachments
  2. 2011-04-03, 00:41 #2
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi MonstroX,

    You have some serious malware. Your pwned. How long have you been without antivirus? You should make sure this machine has no connectivity, if your not sure how to do that then I would power it off.

    Seriously, you should consider a total reformat/reinstall of Windows.

    You also have a rootkit on your machine. Rootkits hide malicious files and components from traditional antivirus/antimalware software. They bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.

    The best source for information on how to do this would be the computer manufacturers website.

    To manually clean up the machine with current utilities proceed as follows:
    ---------------------------------------------
    1) Please download TDSS Killer.exe and save it to your desktop
    Double click to launch the utility. After it initializes click the start scan button.

    Once the scan completes you can click the continue button.

    "The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

    "After clicking Next, the utility applies selected actions and outputs the result."

    "A reboot might require after disinfection."

    A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
    Please post the log report

    2) download and run Combofix. It requires you read a guide first. Read through the guide then apply the direction on the compromised machine. You can read the guide on another computer if possible. Guide to using Combofix



    3) Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.

    4) download, install update and do a full scan with one of these antivirus app, these have free versions:

    Avast

    Ms Security Essentials

    Avira

    Post the tdsskiller, combofix, and malwarebytes log.
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules