#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    7
    Rep Power
    0

    Infected, help! (DrGuard, AntiMalwareDoctor)


    So it all started when I started getting crazy popups from an obviously fake anti-virus program (DrGuard) asking me to install it as I had all these viruses blahblah, then while I was playing with my antivirus programms trying to get rid of it, "AntiMalware Doctor" appeared on my PC doing the same thing. My desktop was then spammed with random .exe's like "spam0001" and "drguard0001", constant background noise on my PC which just sounded like a movie scene with Adam Sandler etc..

    I closed them down in task manager, ran dozens of scans with Malwarebytes, Ad-Aware, SUPERAntiSpyware. Deleted alot of stuff but hasn't seemed to of totally fixed it. I also deleted known regkeys related to DrGuard and AntiMalwareDoctor, aswell as deleting all related files.

    Now the problems I have...
    1. Internet is ridiculously slow to load any page other than Google, or doesn't load at all.
    2. I can only get onto the Malwarebytes website by googling it and cache'ing. And some other anti-virus related sites dont work either.
    3. Clicking update on any of my anti-virus programs just brings up an error as they can't seem to connect.
    4. Every so often I hear a "Tick... tick..." through my headphones.
    5. Some strange Task Manager processes, most of which I've manage to get rid of, though still get "Qwj.exe".


    Desperately need some help as use the computer for work, and as the chances of having a keylogger on here seem so high, I'm less inclined to enter passwords.

    I can post up HijackThis logs and anything else someone might need to help me?

    Any reply is appreciated.
  2. #2
  3. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,103
    Rep Power
    5049
    Start here

    Since you can't access the sites through the computer nor run updates, download them from another computer (via flash drive or some other mean).

    If you run into problems installing (or running after installed), try renaming the files to something non-infection related.

    You may need to run some via safe mode if you can't run normally. (To access Safe Mode, continuously hit F5 upon starting the computer).

    Post back logs.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    7
    Rep Power
    0
    It wont let me run in safe mode for some reason, when I try to run in safemode it just restarts over and over before it even gets to the windows screen.

    Internet is back to normal though some antivirus sites are still blocked and still can't update Malwarebytes etc. I seem to of gotten rid of most of the unwanted processes, though Qjw.exe is still there, and it takes up around 60k memory so I know it must be doing something.

    Heres the HijackThis log:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\program files\steam\steam.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Qwj.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Xhikivepasuyax] rundll32.exe "C:\WINDOWS\agecofir.dll",Startup
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\Owner\LOCALS~1\Temp\Qwj.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
    O4 - Startup: siszyd32.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1CB3F04D-E76A-48E3-96E9-62ED0689CD88}: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5786A2-23EC-471A-8F42-622E2EA21DF4}: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7895AB0A-CCDF-4985-8766-D04945585025}: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CS9\Services\Tcpip\..\{1CB3F04D-E76A-48E3-96E9-62ED0689CD88}: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CS10\Services\Tcpip\Parameters: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CS10\Services\Tcpip\..\{1CB3F04D-E76A-48E3-96E9-62ED0689CD88}: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CS11\Services\Tcpip\Parameters: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CS11\Services\Tcpip\..\{1CB3F04D-E76A-48E3-96E9-62ED0689CD88}: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CS12\Services\Tcpip\Parameters: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CS12\Services\Tcpip\..\{1CB3F04D-E76A-48E3-96E9-62ED0689CD88}: NameServer = 93.188.163.35,93.188.166.98
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.35,93.188.166.98
    O20 - AppInit_DLLs: C:\WINDOWS\system32\nodivivo.dll c:\windows\system32\pukoluda.dll c:\windows\system32\pasugusa.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
  6. #4
  7. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,103
    Rep Power
    5049
    Did you try running normally first? If so, did you go through all the steps listed in the link I provided? If so, where are the rest of the logs.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    7
    Rep Power
    0
    Ah I didnt see your link sorry.

    CCleaner - Done.
    ATF - Done.
    I've ran Malwarebytes dozens of times, gotten rid of most but there is a "Fake.Alert" and "Rootkit" that just seem to keep coming back with every single scan.


    Bitdefender log might not be much use, I have to end the processes in task manager to be able to actually do anything. Another virus has popped up, "av.exe" which opens a fake antivirus anytime I try to open a real antivirus while spamming me with insane amounts of popups, and also stops me from opening ANYTHING, internet or program, just comes up with "Choose a program to open this file with". Though I got round that by going through command prompt and putting a fix into the registry, it's recurring.


    Uninstall List:


    4oD
    Acrobat.com
    Acrobat.com
    Ad-Aware 2007
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.1
    Adobe® Photoshop® Album Starter Edition 3.2
    AoA Audio Extractor
    Apple Mobile Device Support
    Apple Software Update
    ARMA 2
    ASIO4ALL
    Audacity 1.2.6
    AV Voice Changer Software DIAMOND 6.0
    AVG 7.5
    AVS Update Manager 1.0
    AVS Video Editor 4
    AVS Video Recorder 2.4
    AVS YouTube Uploader version 2.1
    AVS4YOU Software Navigator 1.3
    Azureus Vuze
    Browser Defender 2.0.6.11
    CCFile 3.31
    CCleaner (remove only)
    CDDRV_Installer
    Cheat Engine 5.6
    Chinese (Simplified) Language Support
    Collab
    Compatibility Pack for the 2007 Office system
    Counter-Strike: Source
    Defcon v1.43
    Disc2Phone
    DivX Codec
    DivX Web Player
    Download Manager 2.3.7
    DSA Theory Test
    EPSON Printer Software
    erLT
    FL Studio 8
    Free Audio CD Burner version 1.2
    Free YouTube to MP3 Converter version 3.2
    Garry's Mod
    Google Updater
    GrabIt 1.7.2 Beta 4 (build 997)
    Hamachi 1.0.3.0
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    Hotspot Shield 1.31
    IL Download Manager
    IsoBuster 2.6
    iTunes
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    KhalInstallWrapper
    Labtec WebCam
    Left 4 Dead
    LimeWire 4.16.6
    Logitech SetPoint
    Macromedia Fireworks MX 2004
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Choice Guard
    Microsoft Corporation
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft LifeCam
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher 2007
    Microsoft Office Publisher 2007 Trial
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft SQL Server 2008 Management Objects
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft WSE 3.0 Runtime
    mIRC
    MozBackup 1.4.10
    Mozilla Firefox (3.5.8)
    MSVCRT
    MSXML 6.0 Parser (KB925673)
    Nero 7 Essentials
    NVIDIA Drivers
    NVIDIA PhysX
    OpenAL
    Outspark Launcher
    Pando Media Booster
    PKR
    PoiZone
    Portal: The First Slice
    PowerISO
    PunkBuster Services
    Quake Live Mozilla Plugin
    QuickPar 0.9
    QuickTime
    RealPlayer
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Reason 4.0
    Security Task Manager 1.7h
    Segoe UI
    SHOUTcast DNAS (remove only)
    SHOUTcast Source DSP 1.9.1 (remove only)
    SmartFTP Client
    SmartFTP Client 3.0 Setup Files (remove only)
    SolveigMM WMP Trimmer Plugin
    Sony Ericsson PC Suite
    SopCore 1.1.2
    Source SDK Base
    Spotify
    Spring 0.79.1.2
    Spyware Doctor 7.0
    SQL Server System CLR Types
    Steam
    SUPERAntiSpyware Free Edition
    System Requirements Lab
    System Requirements Lab
    The Ship Tutorial
    Toxic Biohazard
    ToxicIII
    Uninstall 1.0.0.1
    UseNeXT
    VC80CRTRedist - 8.0.50727.762
    Ventrilo Client
    VideoLAN VLC media player 0.8.6d
    Warsow 0.42
    Winamp
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Presentation Foundation
    WinRAR archiver
    Workspace Macro 4.6
    XAC
    Xfire (remove only)


    Mbam Log:
    Malwarebytes' Anti-Malware 1.41
    Database version: 3143
    Windows 5.1.2600 Service Pack 2

    3/6/2010 10:00:15 PM
    mbam-log-2010-03-06 (22-00-15).txt

    Scan type: Quick Scan
    Objects scanned: 174514
    Time elapsed: 6 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\drivers\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    7
    Rep Power
    0
    BitDefender QuickScan Beta 32-bit v0.9.9.9
    ------------------------------------------

    Scan date: Sat Mar 06 21:55:28 2010
    Machine ID: 4C9A2A8F



    Found 2 infected files!
    -------------------------
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\agecofir.dll.q_Quarantine_2CFB002_q - Trojan.TDSS.AAA
    C:\WINDOWS\system32\msls50.dll - Backdoor.Generic.248226


    Processes
    ---------
    <unsigned> Apple Mobile Device Service 608 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    <unsigned> CAPI_Worker Module 4700 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    <unsigned> Device Management 4452 C:\Program Files\Common Files\Teleca Shared\Generic.exe
    <unsigned> LightScribe 1736 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    <unsigned> PowerISO Virtual Drive Manager 2912 C:\Program Files\PowerISO\PWRISOVM.EXE
    <unsigned> SUPERAntiSpyware 3600 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    <verified> Ad-Aware 2007 Service 496 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    <verified> AppleMobileDeviceHelper 4680 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    <verified> Delivery Manager 1860 C:\Program Files\Kontiki\KHost.exe
    <verified> distnoted.exe 4992 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    <verified> Firefox 1772 C:\Program Files\Mozilla Firefox\firefox.exe
    <verified> Hotspot Shield Helper Service 1644 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    <verified> iTunes 3856 C:\Program Files\iPod\bin\iPodService.exe
    <verified> iTunes 3060 C:\Program Files\iTunes\iTunes.exe
    <verified> iTunes 2052 C:\Program Files\iTunes\iTunesHelper.exe
    <verified> Java(TM) Platform SE 6 U5 5408 C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    <verified> KService.exe 1676 C:\Program Files\Kontiki\KService.exe
    <verified> Logitech QuickCam 2352 C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    <verified> Logitech SetPoint 1348 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    <verified> Logitech SetPoint 3116 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    <verified> Malwarebytes' Anti-Malware 5280 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    <verified> Microsoft LifeCam 120 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    <verified> Microsoft LifeCam 3268 C:\WINDOWS\vVX1000.exe
    <verified> Microsoft® Windows® Operating System 4832 C:\Program Files\Internet Explorer\iexplore.exe
    <verified> Microsoft® Windows® Operating System 3180 C:\WINDOWS\Explorer.EXE
    <verified> Microsoft® Windows® Operating System 1980 C:\WINDOWS\System32\alg.exe
    <verified> Microsoft® Windows® Operating System 1016 C:\WINDOWS\system32\csrss.exe
    <verified> Microsoft® Windows® Operating System 3852 C:\WINDOWS\system32\ctfmon.exe
    <verified> Microsoft® Windows® Operating System 5288 C:\WINDOWS\system32\dllhost.exe
    <verified> Microsoft® Windows® Operating System 1096 C:\WINDOWS\system32\lsass.exe
    <verified> Microsoft® Windows® Operating System 1084 C:\WINDOWS\system32\services.exe
    <verified> Microsoft® Windows® Operating System 960 C:\WINDOWS\System32\smss.exe
    <verified> Microsoft® Windows® Operating System 680 C:\WINDOWS\system32\spoolsv.exe
    <verified> Microsoft® Windows® Operating System 152 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1548 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 2028 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1496 C:\WINDOWS\System32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 312 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 596 C:\WINDOWS\system32\taskmgr.exe
    <verified> Microsoft® Windows® Operating System 1040 C:\WINDOWS\system32\winlogon.exe
    <verified> Microsoft® Windows® Operating System 2920 C:\WINDOWS\system32\wscntfy.exe
    <verified> NVIDIA Driver Helper Service, Version 1 708 C:\WINDOWS\system32\nvsvc32.exe
    <verified> openvpnas.exe 1620 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    <verified> openvpntray.exe 4180 C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    <verified> PC Tools Auxiliary Service 528 C:\Program Files\Spyware Doctor\pctsAuxs.exe
    <verified> PC Tools Security Service 1896 C:\Program Files\Spyware Doctor\pctsSvc.exe
    <verified> PC Tools Tray Application 2684 C:\Program Files\Spyware Doctor\pctsTray.exe
    <verified> PnkBstrA.exe 392 C:\WINDOWS\system32\PnkBstrA.exe
    <verified> Realtek HD Audio Sound Effect Manager 3020 C:\WINDOWS\RTHDCPL.EXE
    <verified> Security Task Manager 3420 C:\Program Files\Security Task Manager\TaskMan.exe
    <verified> Steam 3352 C:\program files\steam\steam.exe
    <verified> Threat Expert Ltd. Browser Defender 796 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    <verified> Windows Live Communications Platform 1344 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    <verified> Windows Live Messenger 3384 C:\Program Files\Windows Live\Messenger\msnmsgr.exe


    Network activity
    ----------------
    Process firefox.exe (1772) connected on port 80 (HTTP) - 74.125.162.208
    Process firefox.exe (1772) connected on port 80 (HTTP) - 72.246.209.115
    Process firefox.exe (1772) connected on port 80 (HTTP) - 64.233.169.157
    Process firefox.exe (1772) connected on port 80 (HTTP) - 66.235.142.24
    Process firefox.exe (1772) connected on port 80 (HTTP) - 66.235.142.24
    Process firefox.exe (1772) connected on port 80 (HTTP) - 65.55.11.254
    Process firefox.exe (1772) connected on port 80 (HTTP) - 65.55.11.254
    Process firefox.exe (1772) connected on port 80 (HTTP) - 65.55.11.254
    Process firefox.exe (1772) connected on port 80 (HTTP) - 66.249.91.104
    Process firefox.exe (1772) connected on port 80 (HTTP) - 72.14.204.149
    Process firefox.exe (1772) connected on port 80 (HTTP) - 74.125.113.100
    Process firefox.exe (1772) connected on port 80 (HTTP) - 74.125.115.138
    Process firefox.exe (1772) connected on port 80 (HTTP) - 208.19.38.56
    Process firefox.exe (1772) connected on port 80 (HTTP) - 208.19.38.51
    Process firefox.exe (1772) connected on port 80 (HTTP) - 208.19.38.51
    Process firefox.exe (1772) connected on port 80 (HTTP) - 72.14.204.149
    Process msnmsgr.exe (3384) connected on port 1863 (MSN) - by2msg4020616.phx.gbl

    Process svchost.exe (1284) listens on ports: 135 (RPC)
    Process KService.exe (1676) listens on ports: 1947


    Autoruns and critical files
    ---------------------------
    <unsigned> Application Launcher C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    <unsigned> AVG Anti-Virus system C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    <unsigned> Microsoft® Windows® Operating System C:\WINDOWS\system32\wpdshserviceobj.dll
    <unsigned> Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    <unsigned> nwiz.exe C:\WINDOWS\system32\nwiz.exe
    <unsigned> PowerISO Virtual Drive Manager C:\Program Files\PowerISO\PWRISOVM.EXE
    <unsigned> QuickTime C:\Program Files\QuickTime\qttask.exe
    <unsigned> SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    <unsigned> SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    <unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    <verified> Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    <verified> Adobe Photoshop Album Starter Edition C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    <verified> Adobe Updater C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    <verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    <verified> DAEMON Tools Pro C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    <verified> Delivery Manager C:\Program Files\Kontiki\KHost.exe
    <verified> Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    <verified> ImScInst.exe C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
    <verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
    <verified> Java(TM) Platform SE 6 U5 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    <verified> Logitech QuickCam C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    <verified> Logitech SetPoint C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    <verified> Logitech SetPoint C:\WINDOWS\KHALMNPR.EXE
    <verified> Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    <verified> Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
    <verified> Microsoft Korean IME 2002 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    <verified> Microsoft LifeCam C:\Program Files\Microsoft LifeCam\LifeExp.exe
    <verified> Microsoft LifeCam C:\WINDOWS\vVX1000.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
    <verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\webcheck.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
    <verified> Microsoft® Windows® Operating System D:\setup.exe
    <verified> Microsoft® Windows® Operating System D:\setup.exe
    <verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
    <verified> NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
    <verified> PC Tools Tray Application C:\Program Files\Spyware Doctor\pctsTray.exe
    <verified> RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    <verified> Realtek AC97 Audio - Event Monitor C:\WINDOWS\ALCMTR.EXE
    <verified> Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
    <verified> Steam C:\program files\steam\steam.exe
    <verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    <verified> 新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE


    Browser plugins
    ---------------
    <unsigned> BYOND stub plugin for Mozilla C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
    <unsigned> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    <unsigned> Nexon Game Controller C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
    <unsigned> Nexon Game Controller C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    <unsigned> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    <unsigned> QuickTime Plug-in 7.4.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    <unsigned> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    <unsigned> RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    <unsigned> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    <unsigned> RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    <unsigned> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    <unsigned> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
    <unsigned> WinampPlayer.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/xme057ac.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll

    <verified> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    <verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    <verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    <verified> BitDefender QuickScan C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/xme057ac.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    <verified> BitDefender QuickScan C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/xme057ac.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    <verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    <verified> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    <verified> Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    <verified> IGN Download Manager Plug-in C:\Program Files\Download Manager\npfpdlm.dll
    <verified> InstantAction.com Game Launcher C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/xme057ac.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
    <verified> Messenger C:\Program Files\Messenger\msmsgs.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shdocvw.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
    <verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    <verified> MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-gb.dll
    <verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
    <verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
    <verified> npclntax_HotbarSA.dll C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
    <verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    <verified> Pando Web Installer C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
    <verified> QUAKE LIVE C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    <verified> RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    <verified> RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    <verified> Threat Expert Ltd. Browser Defender c:\program files\spyware doctor\bdt\pctbrowserdefender.dll
    <verified> Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    <verified> Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    Restored .exe association - HKCR\.exe\shell\open\command

    Missing files
    -------------
    File not found: C:\Documents and Settings\Owner\Local Settings\Application Data\av.exe
    referenced in: HKCR\.exe\shell\open\command\(default)

    File not found: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    referenced in: HLKM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0\"Path"

    File not found: C:\WINDOWS\System32\appmgmts.dll
    referenced in: HKLM\System\CurrentControlSet\Services\AppMgmt\Parameters\"ServiceDll"

    File not found: C:\WINDOWS\System32\hidserv.dll
    referenced in: HKLM\System\CurrentControlSet\Services\HidServ\Parameters\"ServiceDll"

    File not found: C:\WINDOWS\agecofir.dll
    referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Xhikivepasuyax"

    File not found: C:\WINDOWS\system32\drivers\EagleNT.sys
    referenced in: HKLM\System\CurrentControlSet\Services\EagleNT\"ImagePath"

    File not found: C:\WINDOWS\system32\drivers\mmusibccxtivkbcr.sys
    referenced in: HKLM\System\CurrentControlSet\Services\mmusibccxtivkbcr\"ImagePath"

    File not found: c:\windows\system32\nodivivo.dll
    referenced in: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"

    File not found: c:\windows\system32\pasugusa.dll
    referenced in: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"

    File not found: c:\windows\system32\pukoluda.dll
    referenced in: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    7
    Rep Power
    0
    BitDefender Log Part 2:

    Scan
    ----
    <unsigned> MD5: 9741513d6c9d76c8903bfa362ac8bf9d C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
    <unsigned> MD5: 210ed49a46fdaf2fd05cfef82a6c7327 C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    <unsigned> MD5: 50078e825adf2eb4946ac64d1809d12c C:\Documents and Settings\All Users\Application Data\SecTaskMan\agecofir.dll.q_Quarantine_2CFB002_q
    <unsigned> MD5: de3b8e41165d9c61fb7c77fc0765e6e3 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/xme057ac.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
    <unsigned> MD5: de3b8e41165d9c61fb7c77fc0765e6e3 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xme057ac.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
    <unsigned> MD5: 11ab72d5d603db401c190b454fb935a7 C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    <unsigned> MD5: 78a426a70cbbcebda5986ddc081c0508 C:\Program Files\Cheat Engine\dbk32.sys
    <unsigned> MD5: 2094bc9a0fc9c0e15eea5f4a9581dd14 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
    <unsigned> MD5: 6aedc7195a71a907d1d368811a737406 C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll
    <unsigned> MD5: c93ab037a8c792d5f8a1a9fc88a7c7c5 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    <unsigned> MD5: 1961cb10bb48eb4d97e37db6373e9e63 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    <unsigned> MD5: acee3a66a0fa712c92bcc8b13c41c8f6 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\CFNetwork.dll
    <unsigned> MD5: d7e0577370999c9031359c8c4a791139 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\CoreFoundation.dll
    <unsigned> MD5: baac43bfbeafce329deeb64986c9fdf2 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\DeviceLink.dll
    <unsigned> MD5: 5d3e0e4f09ac39cc4897609ce0f95a47 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Foundation.dll
    <unsigned> MD5: 9e6e80d016e1645ee739635e6207de53 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\icudt36.dll
    <unsigned> MD5: 9ae0454e6a48e7b9fdd72caaa3d8b213 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\icuin36.dll
    <unsigned> MD5: e6c13340dfdd9690e6e9927d65b437c7 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\icuuc36.dll
    <unsigned> MD5: 2a2920d0ef665a6cce0da9c9aac85777 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
    <unsigned> MD5: 107c574f63f7e223e5aa59cdc029b7f5 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\libeay32.dll
    <unsigned> MD5: eff60ad2e551e8fee55d074cbe11b954 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\libobjc.i386.A.dll
    <unsigned> MD5: 601d6a425815fed545cb3ebcfec9c67b C:\Program Files\Common Files\Apple\Mobile Device Support\bin\libtidy.dll
    <unsigned> MD5: 8800e1767924e38a38b798afc51dece7 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\libxml2.dll
    <unsigned> MD5: 7ea3b02f365daca9cb1c969fd92e0008 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\MobileDevice.dll
    <unsigned> MD5: 08871beff1949b3c1daccb96c53def34 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\pthreadGC2.dll
    <unsigned> MD5: 69a180b5453eb411d1f88870ed0c054a C:\Program Files\Common Files\Apple\Mobile Device Support\bin\sqlite3.dll
    <unsigned> MD5: 40c01eb7d550bf0c83a392a10e0bbe46 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\ssleay32.dll
    <unsigned> MD5: fc429f019301beeb3922877b19a39167 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServices.dll
    <unsigned> MD5: 6166d72024068a22c1c3f3b02bd7e999 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServicesUI.dll
    <unsigned> MD5: 237fdcf0de95460512b73240e234a168 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YSFileShim.dll
    <unsigned> MD5: 1cf03c69b49acb70c722df92755c0c8c C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    <unsigned> MD5: 448939de4a3cc02a5a41dc40729b0cb1 C:\Program Files\Common Files\LightScribe\LSLog.dll
    <unsigned> MD5: d659540712cd24d81a08b3721baed2c8 C:\Program Files\Common Files\LightScribe\LSSProxy.dll
    <unsigned> MD5: 6f89a671bf0ce4a28635a2eeb7d8fd69 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    <unsigned> MD5: d5ba9b816afef5292fe13c9a6267b6ab C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    <unsigned> MD5: 3304621d3af7ae11e5f5b90e48c1f473 C:\Program Files\Common Files\Sony Ericsson Shared\SpecificMPM.dll
    <unsigned> MD5: 8eb4888d9504d2bc4cec3209645f55be C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
    <unsigned> MD5: e0575cc2758b7bf7b8fb33cd32e86ad7 C:\Program Files\Common Files\Teleca Shared\Generic.exe
    <unsigned> MD5: d6a199e3547c7e12609726930a303145 C:\Program Files\Common Files\Teleca Shared\HookStarter.dll
    <unsigned> MD5: 32df641a4f4ae127b2061a738524a58e C:\Program Files\Common Files\Teleca Shared\SpecificUSB.dll
    <unsigned> MD5: 6ab986e4191442effe8d05ce6129ed01 C:\Program Files\Common Files\Teleca Shared\TC Device Mgmt.dll
    <unsigned> MD5: 50396e18615959e1f2e4eaa23e10ff73 C:\Program Files\Common Files\Teleca Shared\tlib_log.dll
    <unsigned> MD5: 3c7b93f947355e374a49564d0d017b7b C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    <unsigned> MD5: fc0b2ae890bb0dc8c2306dabedc8a4ba C:\Program Files\Grisoft\AVG7\avgemc.exe
    <unsigned> MD5: 36687e123d87f468e33abf11e5dd0797 C:\Program Files\Grisoft\AVG7\avgse.dll
    <unsigned> MD5: 30a14f65db477dc00a64a5a24e96919c C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    <unsigned> MD5: 1cd292e65d973d7ee568811aac8d9e44 C:\Program Files\Hotspot Shield\bin\libcurl.dll
    <unsigned> MD5: 661b770bc4cb72ee4e4b17c5a62b994f C:\Program Files\Hotspot Shield\bin\libeay32.dll
    <unsigned> MD5: 21c2b1b55d24fbff03ecfb9788c0bb77 C:\Program Files\Hotspot Shield\bin\libidn-11.dll
    <unsigned> MD5: df49cc0f2a00fa5cd2c79abd9c269796 C:\Program Files\Hotspot Shield\bin\libssl32.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
    <unsigned> MD5: 0a65e95425a22dec929e6a10ff623eb7 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
    <unsigned> MD5: ae8dbc6baa2fb7c1e865baafd55e33aa C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
    <unsigned> MD5: 8a6fabbed6d4a2634d8654e7b523ceb8 C:\Program Files\iTunes\CDDBControlApple.dll
    <unsigned> MD5: 586a880ba5568743fad4280a056e4845 C:\Program Files\iTunes\iTunes.Resources\en.lproj\iTunesLocalized.dll
    <unsigned> MD5: 7f3f1e69d97ab8b6b48795b5b2fb18c9 C:\Program Files\iTunes\iTunes.Resources\iTunes.dll
    <unsigned> MD5: 800df858053718edfcbe2d1424f4b8cd C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll
    <unsigned> MD5: a4c892d1098a05f475e8d88c41a20baa C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
    <unsigned> MD5: 218ac54c394c7943993ae39ac49abe02 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
    <unsigned> MD5: e02f6f36a576f570cef7267082f18172 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    <unsigned> MD5: 1aab00ae4ffb5c72a0a06a254f80510e C:\Program Files\Mozilla Firefox\freebl3.dll
    <unsigned> MD5: 39dfd2c92728fca093d5bdefe5f6e801 C:\Program Files\Mozilla Firefox\nssdbm3.dll
    <unsigned> MD5: 5d10887c550ab149a7d0e0c2438b8655 C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    <unsigned> MD5: 4c5f06b81921bd513429e354e1e3e981 C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    <unsigned> MD5: c7ac483cc5ccbfd37ca9aa13bf456c50 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    <unsigned> MD5: 2739675960f1245a42d7b8161ebec05e C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    <unsigned> MD5: 89cfc74dc27d34419bfadddf5d8835df C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    <unsigned> MD5: eed2ce7bd9e43b8500d906d944460d22 C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
    <unsigned> MD5: 89e6d66ec90b4e8e41b55248eb7c84cb C:\Program Files\Mozilla Firefox\softokn3.dll
    <unsigned> MD5: 5035fe520a2dc089e64ca255f9ae64de C:\Program Files\PowerISO\PWRISOSH.DLL
    <unsigned> MD5: bf91b68606862a32cab13c24a24dd9a9 C:\Program Files\PowerISO\PWRISOVM.EXE
    <unsigned> MD5: 5f286c169852d7b78d63f4332c54e18e C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
    <unsigned> MD5: 451217b085aa6b26a9519af55f6ac48c C:\Program Files\QuickTime\QTSystem\QuickTime.qts
    <unsigned> MD5: 97163242e0fbfcbdd74264de8117dd99 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
    <unsigned> MD5: 202e94263a518fa7516870a92c5f09c5 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
    <unsigned> MD5: 8afdb0ccc59e83de3536e52cdcf354ab C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
    <unsigned> MD5: 37a2bd9a810871da98ed62fbc07c24af C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
    <unsigned> MD5: 8c628df7cdc5c2af4e67991b996aa044 C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
    <unsigned> MD5: 2bcf6e9a9cd4380e41b9229bff00a0f7 C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll
    <unsigned> MD5: 4d1785bc1538ca150941b4588058f552 C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
    <unsigned> MD5: 0f1523aa0b0f66d9aa59eee422480de6 C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.dll
    <unsigned> MD5: ebb6a52c9dab560f5a4c909a4ad32075 C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
    <unsigned> MD5: 4f91fffbb3b91c68d557926048aef700 C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
    <unsigned> MD5: ae036be9a5f6310427c94bf3e4f170bc C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
    <unsigned> MD5: 3a9cbf552d6ebe1887f94d44e2bdadcf C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
    <unsigned> MD5: c39acf75e52c2252198c652c80516eb9 C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
    <unsigned> MD5: 47b26d52acd58d370481490397e9be03 C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
    <unsigned> MD5: bc872d4de831bcf56d6d55b2c0e88c44 C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
    <unsigned> MD5: 0d2efbf53e230577951b3cf705027a77 C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
    <unsigned> MD5: 2e1c0dbcdd5422bc159dfba4805fba60 C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
    <unsigned> MD5: cff990c67530f36ae12f9b06bdc37c93 C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
    <unsigned> MD5: 66f9555fbee898c67789a2e681956e25 C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx
    <unsigned> MD5: 36c0dbc7fb3cd52649def1f69febd319 C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
    <unsigned> MD5: 4539c0c79e3cb30a1990e433aca0730b C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll
    <unsigned> MD5: 4f02202c38738f2f02ca6fdc64e7b257 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
    <unsigned> MD5: c58a082586013396f824e65eeb4ce216 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
    <unsigned> MD5: 61fd19c834ef3362a791271efc2a64d9 C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
    <unsigned> MD5: bafcf6cf19ce4882039c52dfa17be35f C:\Program Files\QuickTime\qttask.exe
    <unsigned> MD5: 2739675960f1245a42d7b8161ebec05e C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    <unsigned> MD5: 89cfc74dc27d34419bfadddf5d8835df C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    <unsigned> MD5: c47c1f43c79107c59acdd600adf5daf1 C:\Program Files\SmartFTP Client\en-US\sfShellTools.dll.mui
    <unsigned> MD5: b2ace02d71371139e25b153d694e5d78 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    <unsigned> MD5: 160a81cc583e84fd5036fc4f71468dd3 C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll
    <unsigned> MD5: 66cad7f881970c0c3606543561e5c173 C:\Program Files\Sony Ericsson\Mobile2\File Manager\FMLang.dll
    <unsigned> MD5: 9730a1617109602188d9677830912e45 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cabmain.dll
    <unsigned> MD5: ad1a08334e68c8e9507598ad7ffb988e C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\capires0809.dll
    <unsigned> MD5: ab2b21bfc13727040f1b93f2fee015db C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cellphone_object.dll
    <unsigned> MD5: f8575a18c76cff8da0c533cb301f4262 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsmoddata.dll
    <unsigned> MD5: b2316b897ba3cb831d63e918df7f86b0 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    <unsigned> MD5: 49143d4a4c47a4750a4695a46439e4ea C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\msirsock_object.dll
    <unsigned> MD5: 937a79259734d131db529d7100e6a546 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ShowMfcDialog.dll
    <unsigned> MD5: 22796e9bba509c141ba9c3ed6971b213 C:\Program Files\Spyware Doctor\PCToolsComponents.bpl
    <unsigned> MD5: ee4751299febfab77e689c60721ef218 C:\Program Files\Spyware Doctor\rtl100.bpl
    <unsigned> MD5: aa2baee9c50ab6fed72de7c8867dff49 C:\Program Files\Spyware Doctor\vcl100.bpl
    <unsigned> MD5: 31a7aa2dedefbd3927b0cade051aac2c C:\Program Files\SUPERAntiSpyware\deupx.dll
    <unsigned> MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
    <unsigned> MD5: bfbc4be8d6ac6d33ad93f3f5f2e11499 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    <unsigned> MD5: e9c2d75c748c3f0a4c34d6cf2ae1d754 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    <unsigned> MD5: 4731a1b8a79b19cad8e2cfdc7b7d82d4 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    <unsigned> MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    <unsigned> MD5: 972edede23ac8d59aac0c09799c6f18a C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    <unsigned> MD5: 38f8bd45fb8860399db4fb082ae9589c C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    <unsigned> MD5: 2c1d59933077ba0d8a64cb1fb9ef8638 C:\Program Files\Windows Media Connect 2\wmccds.exe
    <unsigned> MD5: f74e3d9a7fa9556c3bbb14d4e5e63d3b C:\Program Files\Windows Media Player\WMPNetwk.exe
    <unsigned> MD5: a070b8c38ceb3a30cc18d1b7c433144c C:\Program Files\WinRAR\RarExt.dll
    <unsigned> MD5: 39a815061956c38532963ff83bce8356 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    <unsigned> MD5: cebed017c4965fc4407ccd986ae0a528 C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    <unsigned> MD5: 400e920d2e3f42bf6f1f75dd1b069ce3 C:\WINDOWS\System32\Drivers\avg7core.sys
    <unsigned> MD5: 8a7e25876955e06142ef65b52c906cf1 C:\WINDOWS\System32\Drivers\avg7rsw.sys
    <unsigned> MD5: 04d823d681f0d53191a172c3e667fc33 C:\WINDOWS\System32\Drivers\avg7rsxp.sys
    <unsigned> MD5: 8fa5cdfa0d72befff5e9a36df50e13ec C:\WINDOWS\System32\Drivers\avgtdi.sys
    <unsigned> MD5: 0e11b35e972796042044bc27ce13b065 C:\WINDOWS\system32\DRIVERS\rspndr.sys
    <unsigned> MD5: 9d3c3b4e15b597dbedc2f070d6f5fbd0 C:\WINDOWS\system32\GameMon.des
    <unsigned> MD5: 5d10887c550ab149a7d0e0c2438b8655 C:\WINDOWS\system32\libdivx.dll
    <unsigned> MD5: baf751e7061ff626aa60f56d1d5d1fdc C:\WINDOWS\system32\MFC71ENU.DLL
    <unsigned> MD5: 7b93c623333f121dc9e689ccb1b7a733 C:\WINDOWS\system32\mfc71u.dll
    <unsigned> MD5: 50e09fdeba89ffcd5f829c01dd86e9dd C:\WINDOWS\system32\msls50.dll
    <unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\WINDOWS\system32\msvcp71.dll
    <unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\WINDOWS\system32\msvcr71.dll
    <unsigned> MD5: 971e8eab12b22f7a09a8e74ded2caacd C:\WINDOWS\system32\msxml4.dll
    <unsigned> MD5: d76b1d340c6c8f5a676dc717919b319a C:\WINDOWS\system32\nwiz.exe
    <unsigned> MD5: 9d45b2201d0ecf9f42136c7b99deb8b2 C:\WINDOWS\system32\portabledeviceapi.dll
    <unsigned> MD5: 22358578cb321f3325496a3723029409 C:\WINDOWS\system32\portabledevicetypes.dll
    <unsigned> MD5: eee7f12d9ff46f68fbc0da059a359e9e C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    <unsigned> MD5: eed2ce7bd9e43b8500d906d944460d22 C:\WINDOWS\system32\ssldivx.dll
    <unsigned> MD5: 045e228f71c31901084b64be59093499 C:\WINDOWS\system32\wpdshserviceobj.dll
    <unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
    <unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
    <unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
    <unsigned> MD5: c4e80875c1cf1222fc5efd0314ae5c01 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


    No file uploaded.

    Scan finished - communication took 3 sec
    Total traffic - 0.12 MB sent, 11.15 KB recvd
    Scanned 1535 files and modules - 353 seconds
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    7
    Rep Power
    0
    I should add that nother file I've found worrying and linked to strange processes is "agecofir.dll" which you'll see is in Startup
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    7
    Rep Power
    0
    Anybody out there?
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    1
    Rep Power
    0

    scan


    Run a new Hijackthis scan and fix only the following entries:

    C:\DOCUME~1\Owner\LOCALS~1\Temp\Qwj.exe
    O4 - HKLM\..\Run: [Xhikivepasuyax] rundll32.exe "C:\WINDOWS\agecofir.dll",Startup
    O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\Owner\LOCALS~1\Temp\Qwj.exe
    O4 - Startup: siszyd32.exe

    Reboot the system after this procedure.

    The system is also infected with rootkits and for this you can run a GMER scan.

    The site is : gmer.net

    Press the Scan button to initiate the scan (this will take some time).
    At the end hit Save and post the log.

    Cheers !

IMN logo majestic logo threadwatch logo seochat tools logo