Nobody seems to know how to help me!

4 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Nobody seems to know how to help me!26th May 2009, 5:08 am

I'm such a noob at this, but I'm trying to get rid of something on my computer. Redtube.com says Rustok-N is attacking the site from my computer. I've run everything anyone's told me to and I apparently still have the stupid virus. I think I got it from neopets when I disabled Ad-Block. Anyway, I don't mind so much that it's there it doesn't seem to do that much damage and it seems impossible to get rid of, however, now I can't update ANYTHING or download from microsoft! Please help me, I've tried everything!
Here's some programs I've run....

Malwarebytes
AVG
Spybot
Combofix
Avast
Avira
AdAware
Advanced System Care

Please help me with this, anyone! I live on my computer and I'd really like to get it back in good shape! Thanks

Re: Nobody seems to know how to help me!26th May 2009, 9:31 am

Hello xxdarkwolfrosexx, welcome to GeekPolice.

Please read this: http://www.geekpolice.net/-t3821.htm

And post your HijackThis log here.

............................................................................................
Please be a GeekPolice fan on Facebook!

Nobody seems to know how to help me! Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Re: Nobody seems to know how to help me!27th May 2009, 12:54 am

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Nobody seems to know how to help me! 2wg6fte

Thanks guys, here's the log27th May 2009, 1:25 am

Ok, I ran Hijackthis and got this log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:42 PM, on 5/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dynex G Desktop Card Adapter\DynexWCUI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rayne\Desktop\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: SOFTWARE -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5977 bytes

Re: Nobody seems to know how to help me!27th May 2009, 2:29 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Re: Nobody seems to know how to help me!27th May 2009, 7:28 am

I'm not so sure about running malware bytes again, last time it fried my internet and took forever to get it running again Sad tearing

Re: Nobody seems to know how to help me!28th May 2009, 12:42 am

Please download WinSock Fix and save it to yor desktop:

http://files.snapfiles.com/localdl834/WinsockxpFix.exe

Now run Malwarebytes and post the log back here, should you lose your internet connectivity run Winsock fix to repair your internet connection.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Re: Nobody seems to know how to help me!28th May 2009, 2:10 am

Well it only found the security thingys that I disabled. Here's the log.

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 2

5/27/2009 6:12:18 PM
mbam-log-2009-05-27 (18-12-12).txt

Scan type: Quick Scan
Objects scanned: 88792
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Nobody seems to know how to help me!28th May 2009, 2:15 am

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

Nobody seems to know how to help me! CF_download_FF

Nobody seems to know how to help me! CF_download_FF

Nobody seems to know how to help me! CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV..

Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Here's combofix28th May 2009, 9:00 am

Here's the first part of the combo-fix log

ComboFix 09-05-26.05 - Rayne 05/28/2009 1:36.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.351.105 [GMT -7:00]
Running from: c:\documents and settings\Rayne\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090527-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-27 00:07 . 2009-05-27 00:07 -------- dc----w c:\program files\JavaFX
2009-05-26 23:58 . 2009-05-26 23:58 -------- dc----w c:\program files\Sun
2009-05-26 22:53 . 2009-05-26 23:50 -------- dc----w c:\documents and settings\Rayne\.SunDownloadManager
2009-05-26 06:43 . 2009-05-26 06:43 -------- dc----w c:\documents and settings\Rayne\Application Data\Thinstall
2009-05-26 05:32 . 2006-12-08 19:02 251672 -c--a-w c:\windows\system32\xactengine2_5.dll
2009-05-26 05:32 . 2006-11-29 20:06 3426072 -c--a-w c:\windows\system32\d3dx9_32.dll
2009-05-26 05:32 . 2006-11-15 18:38 15128 -c--a-w c:\windows\system32\x3daudio1_1.dll
2009-05-26 05:32 . 2006-09-28 23:05 237848 -c--a-w c:\windows\system32\xactengine2_4.dll
2009-05-26 05:32 . 2006-07-28 16:30 236824 -c--a-w c:\windows\system32\xactengine2_3.dll
2009-05-26 05:32 . 2006-07-28 16:30 62744 -c--a-w c:\windows\system32\xinput1_2.dll
2009-05-21 07:59 . 2009-02-05 20:06 23152 -c--a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-21 07:59 . 2009-02-05 20:06 51376 -c--a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-21 07:59 . 2009-02-05 20:05 26944 -c--a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-21 07:59 . 2009-02-05 20:04 97480 -c--a-w c:\windows\system32\AvastSS.scr
2009-05-21 07:59 . 2009-02-05 20:07 114768 -c--a-w c:\windows\system32\drivers\aswSP.sys
2009-05-21 07:59 . 2009-02-05 20:07 20560 -c--a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-21 07:59 . 2009-02-05 20:08 93296 -c--a-w c:\windows\system32\drivers\aswmon.sys
2009-05-21 07:59 . 2009-02-05 20:08 94032 -c--a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-21 07:58 . 2009-02-05 20:11 1256296 -c--a-w c:\windows\system32\aswBoot.exe
2009-05-21 07:58 . 2009-05-21 07:58 -------- dc----w c:\program files\Alwil Software
2009-05-21 07:06 . 2007-03-06 17:12 86016 -c--a-w c:\windows\system32\preflib.dll
2009-05-21 07:06 . 2006-09-01 04:14 1089536 -c--a-w c:\windows\system32\libeay32.dll
2009-05-20 06:10 . 2009-05-21 08:07 117760 -c--a-w c:\documents and settings\Rayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-20 06:10 . 2009-05-20 06:10 -------- dc----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-20 06:09 . 2009-05-20 06:09 65024 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-05-20 06:09 . 2009-05-20 06:09 18944 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-05-20 06:09 . 2009-05-20 06:09 -------- dc----w c:\program files\SUPERAntiSpyware
2009-05-20 06:09 . 2009-05-20 06:09 -------- dc----w c:\documents and settings\Rayne\Application Data\SUPERAntiSpyware.com
2009-05-20 01:39 . 2009-05-20 01:39 -------- dc----w C:\LOOXIS
2009-05-19 18:10 . 2009-05-19 18:10 -------- dc----w c:\program files\Common Files\Wise Installation Wizard
2009-05-19 17:06 . 2009-05-26 20:19 19096 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 17:06 . 2009-05-26 20:20 40160 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 05:15 . 2009-05-21 07:06 -------- dc----w c:\program files\Dynex G Desktop Card Adapter
2009-05-18 17:55 . 2009-05-18 17:55 -------- dc----w c:\documents and settings\Rayne\Application Data\Malwarebytes
2009-05-18 17:55 . 2009-05-18 17:55 -------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-18 09:28 . 2009-03-24 23:08 55640 -c--a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-18 08:29 . 2009-05-28 00:56 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-05-18 07:56 . 2009-05-18 07:59 60174 -c--a-w c:\windows\unins001.dat
2009-05-18 07:56 . 2009-05-18 07:59 702297 -c--a-w c:\windows\unins001.exe
2009-05-18 07:51 . 2009-05-18 07:51 702297 -c--a-w c:\windows\unins000.exe
2009-05-18 07:51 . 2009-05-18 07:51 11647 -c--a-w c:\windows\unins000.dat
2009-05-17 09:12 . 2009-05-17 09:17 -------- dc----w c:\program files\Voice Changer 4.0 Diamond
2009-05-17 07:02 . 2009-05-19 04:54 -------- dc----w c:\documents and settings\All Users\Application Data\avg8
2009-05-16 18:33 . 2009-05-16 18:33 -------- dc----w c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2009-05-16 17:43 . 2009-05-18 06:52 -------- dc----w c:\program files\Spyware Terminator
2009-05-16 17:18 . 2009-05-18 06:52 -------- dc----w c:\program files\Google
2009-05-16 09:01 . 2009-05-16 09:00 102664 -c--a-w c:\windows\system32\drivers\tmcomm.sys
2009-05-16 09:00 . 2009-05-16 17:40 -------- dc----w c:\documents and settings\Rayne\.housecall6.6
2009-05-16 08:59 . 2009-05-16 08:59 -------- dc----w c:\windows\Sun
2009-05-16 08:55 . 2009-05-16 08:55 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-05-16 08:55 . 2009-05-26 23:54 -------- dc----w c:\program files\Java
2009-05-16 08:54 . 2009-05-16 08:54 152576 -c--a-w c:\documents and settings\Rayne\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-14 07:26 . 2009-05-14 07:26 758272 -c--a-w c:\windows\system32\kcpp.dll
2009-05-12 04:30 . 2009-05-12 04:30 -------- dc----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-05-12 04:17 . 2009-05-12 04:17 -------- dc----w c:\program files\Singular Inversions
2009-05-09 03:53 . 2009-05-25 23:32 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-09 03:49 . 2009-05-25 23:32 -------- dc----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-07 17:38 . 2007-02-21 09:11 68888 -c--a-w c:\windows\system32\xinput1_3.dll
2009-05-07 17:38 . 2008-10-30 18:57 3851784 -c--a-w c:\windows\system32\d3dx9_39.dll
2009-05-06 14:04 . 2009-05-06 14:04 -------- dc----w c:\documents and settings\Rayne\Application Data\Neopets Toolbar
2009-05-06 14:03 . 2009-05-06 14:03 -------- dc----w c:\documents and settings\Rayne\Local Settings\Application Data\Neopets
2009-05-04 04:30 . 2009-05-04 04:46 -------- dc----w c:\program files\Negi Mascotts
2009-05-04 04:10 . 2009-05-17 08:59 -------- dc----w c:\program files\DesuBuddy
2009-05-02 10:05 . 2009-05-02 10:19 -------- dc----w c:\program files\Eclipse 1.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 07:52 . 2009-04-25 07:37 -------- dc----w c:\documents and settings\Rayne\Application Data\BitTorrent
2009-05-21 06:54 . 2008-07-19 00:17 -------- dc----w c:\program files\AVG
2009-05-21 06:53 . 2009-04-25 07:37 -------- dc----w c:\documents and settings\Rayne\Application Data\DNA
2009-05-21 06:53 . 2008-09-05 22:37 -------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-18 17:30 . 2008-05-15 20:24 -------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-17 08:02 . 2009-03-09 00:24 -------- dc----w c:\documents and settings\All Users\Application Data\Smith Micro
2009-05-16 18:30 . 2008-08-15 12:11 -------- dc----w c:\program files\Common Files\Adobe
2009-05-16 08:07 . 2009-04-08 01:11 -------- dc----w c:\program files\Spybot - Search & Destroy
2009-05-12 04:17 . 2005-06-06 01:13 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-05-07 18:58 . 2009-04-25 07:50 -------- dc----w c:\program files\MagicISO
2009-04-30 16:31 . 2009-03-08 01:00 -------- dc----w c:\program files\Windows Media Connect 2
2009-04-27 23:55 . 2008-05-08 20:00 145752 -c--a-w c:\documents and settings\Rayne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 23:51 . 2009-04-27 23:51 45056 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{57A382F5-9E34-4201-8564-A25724AC8BAF}\NewShortcut2_57A382F59E3442018564A25724AC8BAF.exe
2009-04-27 23:51 . 2009-04-27 23:51 40960 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{57A382F5-9E34-4201-8564-A25724AC8BAF}\NewShortcut4_57A382F59E3442018564A25724AC8BAF.exe
2009-04-27 23:51 . 2009-04-27 23:51 40960 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{57A382F5-9E34-4201-8564-A25724AC8BAF}\NewShortcut3_57A382F59E3442018564A25724AC8BAF.exe
2009-04-27 23:51 . 2009-04-27 23:51 40960 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{57A382F5-9E34-4201-8564-A25724AC8BAF}\NewShortcut1_57A382F59E3442018564A25724AC8BAF.exe
2009-04-27 23:51 . 2009-04-27 23:51 -------- dc----w c:\program files\Microsoft Windows Script
2009-04-27 23:51 . 2009-04-27 23:51 -------- dc----w c:\program files\Haptek
2009-04-27 23:49 . 2009-04-27 23:49 -------- dc----w c:\program files\Zabaware
2009-04-27 14:16 . 2009-04-27 14:16 -------- dc----w c:\documents and settings\Rayne\Application Data\Enterbrain
2009-04-27 14:14 . 2009-04-27 14:14 -------- dc----w c:\program files\Common Files\Enterbrain
2009-04-27 14:14 . 2009-04-27 14:14 -------- dc----w c:\program files\Enterbrain
2009-04-26 17:18 . 2009-04-26 15:04 -------- dc----w c:\program files\TextAloud
2009-04-26 15:32 . 2009-04-26 15:32 -------- dc----w c:\program files\Common Files\INCA Shared
2009-04-26 15:19 . 2009-04-26 15:19 -------- dc----w c:\program files\NeoSpeech
2009-04-26 05:22 . 2009-04-26 05:07 -------- dc----w c:\documents and settings\Rayne\Application Data\DAEMON Tools Lite
2009-04-26 05:19 . 2009-04-26 05:19 -------- dc----w c:\documents and settings\Rayne\Application Data\DAEMON Tools Pro
2009-04-26 05:19 . 2009-04-26 05:19 -------- dc----w c:\documents and settings\Rayne\Application Data\DAEMON Tools
2009-04-26 05:18 . 2009-04-26 05:18 -------- dc----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-26 05:07 . 2008-08-26 02:53 717296 -c--a-w c:\windows\system32\drivers\sptd.sys
2009-04-25 09:35 . 2009-04-25 09:35 -------- dc----w c:\documents and settings\Rayne\Application Data\Uniblue
2009-04-25 09:33 . 2009-04-25 09:32 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-25 09:33 . 2009-04-25 09:33 -------- dc----w c:\program files\Uniblue
2009-04-25 08:57 . 2009-04-25 08:57 -------- dc----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-25 08:56 . 2009-04-25 07:37 -------- dc----w c:\program files\DNA
2009-04-25 07:37 . 2009-04-25 07:37 -------- dc----w c:\program files\BitTorrent
2009-04-22 02:49 . 2009-04-22 02:49 1496576 -c-h--w c:\windows\system32\wodfamop.dll
2009-04-21 07:34 . 2009-04-21 07:26 -------- dc----w c:\program files\PhotoFiltre
2009-04-21 04:00 . 2009-03-01 21:26 -------- dc----w c:\documents and settings\Rayne\Application Data\aAvgApi
2009-04-21 04:00 . 2008-08-19 20:02 -------- dc----w c:\documents and settings\Rayne\Application Data\Any Video Converter
2009-04-21 04:00 . 2009-02-28 01:00 -------- dc----w c:\program files\TorrentMan
2009-04-21 04:00 . 2009-01-22 23:02 -------- dc----w c:\program files\Rings of the Magi
2009-04-14 01:07 . 2009-03-08 08:53 -------- dc----w c:\documents and settings\Rayne\Application Data\GetRightToGo
2009-04-12 07:32 . 2009-04-12 06:14 -------- dc----w c:\program files\IObit
2009-04-12 07:29 . 2009-04-12 06:14 -------- dc----w c:\documents and settings\Rayne\Application Data\IObit
2009-04-04 19:58 . 2008-07-24 03:12 -------- dc----w c:\program files\psx emulation cheater
2009-04-04 05:51 . 2008-07-01 22:12 -------- dc----w c:\documents and settings\All Users\Application Data\InstallShield
2009-03-11 05:58 . 2009-03-11 05:58 0 -c--a-w c:\windows\system32\drivers\ScreamingBAudio.sys
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SD_OLD\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2004-08-04 09:44 14336 BA98327E90022DBD6EE76490E0622E2E c:\windows\system32\svchost.exe
.

Re: Nobody seems to know how to help me!28th May 2009, 9:01 am

((((((((((((((((((((((((((((( SnapShot@2009-05-21_06.24.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-28 08:30 . 2009-05-28 08:30 16384 c:\windows\temp\Perflib_Perfdata_ec.dat
+ 2009-05-28 08:30 . 2009-05-28 08:30 16384 c:\windows\temp\Perflib_Perfdata_5e0.dat
+ 2009-05-26 05:31 . 2005-12-06 01:07 61136 c:\windows\system32\xinput9_1_0.dll
+ 2009-05-26 05:32 . 2006-03-31 19:39 62672 c:\windows\system32\xinput1_1.dll
+ 2009-05-26 05:31 . 2006-02-03 15:41 14032 c:\windows\system32\x3daudio1_0.dll
+ 2009-05-21 06:57 . 2006-12-01 15:45 20480 c:\windows\system32\wltrysvc.exe
+ 2009-05-21 06:57 . 2006-12-01 15:45 44032 c:\windows\system32\wltrynt.dll
+ 2002-12-31 12:00 . 2009-05-21 07:07 63334 c:\windows\system32\perfc009.dat
- 2002-12-31 12:00 . 2009-05-19 23:31 63334 c:\windows\system32\perfc009.dat
+ 2009-05-21 06:57 . 2006-12-01 15:45 33664 c:\windows\system32\drivers\bcmwlnpf.sys
+ 2009-05-21 06:57 . 2005-02-02 01:18 17992 c:\windows\system32\drivers\bcm42rly.sys
+ 2009-05-21 06:57 . 2006-12-01 15:45 69632 c:\windows\system32\bcmwlpkt.dll
+ 2009-05-21 06:57 . 2006-12-01 15:45 81920 c:\windows\system32\bcmwliss.dll
+ 2009-05-26 05:32 . 2005-03-18 23:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2009-05-26 05:32 . 2005-03-18 23:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-05-27 00:08 . 2009-05-27 00:08 10134 c:\windows\Installer\{7396F7C8-EDD8-4473-BF6A-2CE4996716E1}\SystemFolder_msiexec.exe
+ 2009-05-26 05:32 . 2009-05-26 05:32 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-05-26 05:32 . 2006-05-31 14:24 230168 c:\windows\system32\xactengine2_2.dll
+ 2009-05-26 05:32 . 2006-03-31 19:39 229584 c:\windows\system32\xactengine2_1.dll
+ 2009-05-26 05:31 . 2006-02-03 15:42 230096 c:\windows\system32\xactengine2_0.dll
+ 2009-05-21 07:06 . 2006-11-30 23:53 610816 c:\windows\system32\ReinstallBackups\0013\DriverFiles\BCMWL5.SYS
+ 2002-12-31 12:00 . 2009-05-21 07:07 403858 c:\windows\system32\perfh009.dat
- 2002-12-31 12:00 . 2009-05-19 23:31 403858 c:\windows\system32\perfh009.dat
+ 2009-05-21 06:57 . 2006-11-30 23:53 610816 c:\windows\system32\drivers\BCMWL5.SYS
+ 2009-05-21 06:57 . 2006-12-01 15:45 184320 c:\windows\system32\bcmwlu00.exe
+ 2009-05-21 06:57 . 2006-12-01 15:45 700416 c:\windows\system32\BCMLogon.dll
+ 2009-05-21 06:57 . 2007-03-06 17:14 765952 c:\windows\system32\bcm1xsup.dll
+ 2009-05-26 05:32 . 2006-03-31 18:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2006-02-03 14:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2005-12-06 00:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2005-09-28 21:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2005-07-23 00:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2005-05-26 22:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2005-03-19 00:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2005-02-06 02:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2005-03-18 23:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2009-05-26 05:32 . 2005-03-18 23:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2009-05-26 05:32 . 2005-03-18 23:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2009-05-26 05:32 . 2005-03-18 23:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2009-05-26 05:32 . 2005-03-18 23:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2009-05-26 05:32 . 2005-03-18 23:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-05-21 06:57 . 2007-03-02 18:20 1282048 c:\windows\system32\wltray.exe
+ 2009-05-21 06:57 . 2006-12-01 15:45 2129920 c:\windows\system32\WLBCGCBPRO731.DLL
+ 2009-05-26 05:31 . 2006-03-31 19:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2009-05-26 05:31 . 2006-02-03 15:43 2332368 c:\windows\system32\d3dx9_29.dll
+ 2009-05-26 05:31 . 2005-12-06 01:09 2323664 c:\windows\system32\d3dx9_28.dll
+ 2009-05-26 05:31 . 2005-07-23 02:59 2319568 c:\windows\system32\d3dx9_27.dll
+ 2009-05-26 05:31 . 2005-03-19 00:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2009-05-26 05:31 . 2005-02-06 02:45 2222800 c:\windows\system32\d3dx9_24.dll
+ 2009-05-21 06:57 . 2007-03-06 17:24 1146880 c:\windows\system32\bcmwltry.exe
+ 2009-05-26 05:32 . 2004-12-01 22:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2004-09-29 19:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:32 . 2009-05-26 05:32 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 05:31 . 2009-05-26 05:31 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-21 08:43 1526296 -c--a-w c:\program files\TorrentMan\tbTorr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-03-02 1282048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G Desktop Card Adapter\DynexWCUI.exe [2009-5-21 1462272]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 -c--a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^Rayne^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rayne^Start Menu^Programs^Startup^Ultra Hal Assistant Startup.lnk]
backup=c:\windows\pss\Ultra Hal Assistant Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\KARI3PRO\\Kari3Pro.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Dynex G Desktop Card Adapter\\DynexWCUI.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/21/2009 12:59 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/21/2009 12:59 AM 20560]
R2 Cepstral License Server;Cepstral License Server;c:\program files\Cepstral\bin\CepstralLicSrv.exe [6/25/2008 6:18 PM 57344]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [6/30/2008 8:09 PM 72672]
S0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\RamDsk.sys [9/27/2004 7:00 PM 26240]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
S3 jgameenp;jgameenp;\??\c:\docume~1\Rayne\LOCALS~1\Temp\jgameenp.sys --> c:\docume~1\Rayne\LOCALS~1\Temp\jgameenp.sys [?]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [5/17/2008 5:04 PM 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [3/10/2009 10:58 PM 0]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service;"c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe" --> c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: SOFTWARE
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 01:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(864)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-28 1:45
ComboFix-quarantined-files.txt 2009-05-28 08:45
ComboFix2.txt 2009-05-21 06:27
ComboFix3.txt 2009-05-18 17:27
ComboFix4.txt 2009-04-07 23:06
ComboFix5.txt 2009-05-28 08:34

Pre-Run: 834,002,944 bytes free
Post-Run: 877,174,784 bytes free

297

Re: Nobody seems to know how to help me!29th May 2009, 3:07 pm

Hello.
You have a few different problems here.

The first one being that svchost might be patched by a virus, which is causing the error.
Second, you have Torrent/P2P software installed, so we'll remove them next.
Third, stay away from porn sites, you are bound to get infected visiting them.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Nobody seems to know how to help me! DXwU4

Nobody seems to know how to help me! DXwU4

Nobody seems to know how to help me! VvYDg

Re: Nobody seems to know how to help me!30th May 2009, 3:25 am

Ok, here's the uninstall list

3dmaze
7-Zip 4.57
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Ahriman's Prophecy
avast! Antivirus
Baker's Dozen
CCleaner (remove only)
CCScore
Cepstral David 5.1.0
Defraggler (remove only)
DesuBuddy
Dynex G Wireless Desktop Card Setup
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
FaceGen Customizer 1.1
Free Realms Installer
Game Booster
GGE909 PC Recoil Pad
HijackThis 2.0.2
InterVideo WinDVD 5
Java DB 10.4.1.3
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 13
JavaFX(TM) 1.1 SDK
Jouster
Kari 3.49 Pro
Kari 3.7 Pro
Kari Scene Creator 3.32
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KSU
L&H TTS3000 British English
Lernout & Hauspie TruVoice American English TTS Engine
Letris
LOOXIS Faceworx 1.0
Male Voice Pack
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework SDK (English) 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MVP Checkers Shareware
netbrdg
Neverwinter Nights
NextUp.com-NeoSpeech Paul16 Voice
Notifier
OfotoXMI
PCDADDIN
PCDHELP
PhotoFiltre
PRC Pack
Realtek AC'97 Audio
RegistrySmart
RPG Maker 2000 1.05
RPG Maker 95+ (Translated by Don Miguel)
RPG Maker XP - Postality Knights Edition ENHANCED
RPGƒcƒN[ƒ‹VX
RPGƒcƒN[ƒ‹VX RTP
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
SFR
SHASTA
SiS VGA Utilities
SKIN0001
SKINXSDK
Spybot - Search & Destroy
staticcr
StuffIt 2009
SUPERAntiSpyware Free Edition
The Haptek Player
The Sims 2
tooltips
TorrentMan Toolbar
Totalidea RAM-Disk Driver
Ultra Hal Assistant
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
VPRINTOL
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WIRELESS
Yahoo! Messenger
Yahoo! Toolbar

Last edited by xxdarkwolfrosexx on 30th May 2009, 3:25 am; edited 1 time in total (Reason for editing : messup)

Re: Nobody seems to know how to help me!30th May 2009, 12:28 pm

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

7-Zip 4.57
Adobe Reader 8.1.2
TorrentMan Toolbar
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009

Now that they are gone, I need to know if you have your XP disc

Re: Nobody seems to know how to help me!31st May 2009, 12:31 am

Limewire is from the last user who had this computer, I didn't see it in the uninstall wizard and you didn't say how to uninstall it Sad tearing

I deleted the others though.

No, I got this computer from someone else, they didn't give me a CD, sorry.

Re: Nobody seems to know how to help me!31st May 2009, 12:36 am

Submit a file for analysis.

Please visit this website: Jotti's Malware Scanner
Press the "Browse" button and locate the following file in bold:
C:\WINDOWS\system32\svchost.exe
Press the "Submit File button to submit the file for analysis.
Allow it to be scanned, it could take a few minutes depending on server load.
Copy and paste the result back here.

Re: Nobody seems to know how to help me!31st May 2009, 2:54 am

It said 0 of 20 scanners reported malware

Re: Nobody seems to know how to help me!31st May 2009, 12:34 pm

Hello.
It might not be infected, or the scanners aren't picking up on a patch maybe.

For now, post a new Hijack This log.

Re: Nobody seems to know how to help me!31st May 2009, 1:58 pm

If its not infected, why can't I update things like my antivirus or go to malwarebytes website, or download from microsoft? What's making redtube say I have the rustok-n now when it never did before?
Here's my log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:27 AM, on 5/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dynex G Desktop Card Adapter\DynexWCUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: SOFTWARE -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5635 bytes

Re: Nobody seems to know how to help me!31st May 2009, 2:11 pm

Hello. Were gonna use Combofix one more time to get rid of some stuff, then I want to submit another file for analysis.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O16 - DPF: SOFTWARE -
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
Press "Fix Checked"
Close Hijack This.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
jgameenp

Folder::
c:\documents and settings\Rayne\Application Data\BitTorrent
c:\program files\AVG
c:\documents and settings\Rayne\Application Data\DNA
c:\program files\DNA
c:\program files\BitTorrent
c:\program files\TorrentMan

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Rayne^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Nobody seems to know how to help me! Sfxdaw

Nobody seems to know how to help me! Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Combo-fix file 131st May 2009, 11:43 pm

ComboFix 09-05-26.05 - Rayne 05/31/2009 16:20.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.351.137 [GMT -7:00]
Running from: c:\documents and settings\Rayne\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Rayne\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090531-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rayne\Application Data\BitTorrent
c:\documents and settings\Rayne\Application Data\BitTorrent\[Co2KY][PS2]Kingdom Hearts II Final Mix[JPN NTSC].torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\180 Days BitDefender Total Security 2009 Genuine License Key By ChattChitto.txt.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\937AVGA - Kopia.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Ad-Aware lavasoft 2008 Pro 7.1.0.10.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Ad Muncher 4.72.30400 (mAnaV).rar.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Animal Crossing.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\AVG Internet Security 8.0.164 with List of Serials.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\AVG Internet Security 8.0.169 Build 1359 (with keygen) -Lindoff.rar.1.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\AVG Internet Security 8.0.169 Build 1359 (with keygen) -Lindoff.rar.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\avinter_user.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\dht.dat
c:\documents and settings\Rayne\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Rayne\Application Data\BitTorrent\fgm312.rar.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\legend of zelda twilight princess.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\legend of zelda Windwaker.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\NextUp - Text Aloud + AT&T Natural Voices + NeoSpeech Voices + SERIAL.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\NO$GBA.2.6a.zip.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Patch.exe.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Pokemon_XD_Gale_of_Darkness_USA_NGC-STARCUBE.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Poser 7.0.1.97 UBCrack.zip.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Poser 7.iso.1.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Poser 7.iso.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\resume.dat
c:\documents and settings\Rayne\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Rayne\Application Data\BitTorrent\RPG Maker VX 1.01.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\rss.dat
c:\documents and settings\Rayne\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Rayne\Application Data\BitTorrent\settings.dat
c:\documents and settings\Rayne\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Rayne\Application Data\BitTorrent\Sims.2.Expansion.Pets-RELOADED.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Sims2EP4.exe.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Softimage Face Robot 1.9 + Crack [RH].torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Solution.rar.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Super_Smash_Brothers_Melee_USA_GC-RARE.1.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Super_Smash_Brothers_Melee_USA_GC-RARE.torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Ultra Hal Assistant 5 (SR).torrent
c:\documents and settings\Rayne\Application Data\BitTorrent\Voice Changer 4.0 Diamond.exe.torrent
c:\documents and settings\Rayne\Application Data\DNA
c:\documents and settings\Rayne\Application Data\DNA\dht.dat
c:\documents and settings\Rayne\Application Data\DNA\dna.lng
c:\documents and settings\Rayne\Application Data\DNA\resume.dat
c:\documents and settings\Rayne\Application Data\DNA\resume.dat.old
c:\documents and settings\Rayne\Application Data\DNA\rss.dat
c:\documents and settings\Rayne\Application Data\DNA\settings.dat
c:\documents and settings\Rayne\Application Data\DNA\settings.dat.old
c:\program files\AVG
c:\program files\AVG\AVG8\avg8us.lng.prepare
c:\program files\AVG\AVG8\avgapix.dll.prepare
c:\program files\AVG\AVG8\avgemc.exe.prepare
c:\program files\AVG\AVG8\avglngx.dll.prepare
c:\program files\AVG\AVG8\avgsched.dll.prepare
c:\program files\AVG\AVG8\avgwdsvc.exe.prepare
c:\program files\AVG\AVG8\avgwdwsc.dll.prepare
c:\program files\AVG\AVG8\cfg\mail.cfg
c:\program files\AVG\AVG8\dfncfg.dat.prepare
c:\program files\AVG\AVG8\libsasl.dll.prepare
c:\program files\AVG\AVG8\saslcrammd5.dll.prepare
c:\program files\AVG\AVG8\sasldigestmd5.dll.prepare
c:\program files\AVG\AVG8\sasllogin.dll.prepare
c:\program files\AVG\AVG8\saslplain.dll.prepare
c:\program files\AVG\AVG8\Thumbs.db
c:\program files\BitTorrent
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\OpenCandy\OCSetupHlp.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JGAMEENP
-------\Service_jgameenp

Re: Nobody seems to know how to help me!31st May 2009, 11:44 pm

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 00:02 . 2009-05-31 00:02 -------- dc----w c:\program files\VS Revo Group
2009-05-30 03:19 . 2009-05-30 03:19 -------- dc----w c:\program files\Trend Micro
2009-05-28 18:37 . 2009-05-28 18:38 -------- dc----w c:\program files\Sony Online Entertainment
2009-05-27 00:07 . 2009-05-27 00:07 -------- dc----w c:\program files\JavaFX
2009-05-26 23:58 . 2009-05-26 23:58 -------- dc----w c:\program files\Sun
2009-05-26 22:53 . 2009-05-26 23:50 -------- dc----w c:\documents and settings\Rayne\.SunDownloadManager
2009-05-26 06:43 . 2009-05-26 06:43 -------- dc----w c:\documents and settings\Rayne\Application Data\Thinstall
2009-05-26 05:32 . 2006-12-08 19:02 251672 -c--a-w c:\windows\system32\xactengine2_5.dll
2009-05-26 05:32 . 2006-11-29 20:06 3426072 -c--a-w c:\windows\system32\d3dx9_32.dll
2009-05-26 05:32 . 2006-11-15 18:38 15128 -c--a-w c:\windows\system32\x3daudio1_1.dll
2009-05-26 05:32 . 2006-09-28 23:05 237848 -c--a-w c:\windows\system32\xactengine2_4.dll
2009-05-26 05:32 . 2006-07-28 16:30 236824 -c--a-w c:\windows\system32\xactengine2_3.dll
2009-05-26 05:32 . 2006-07-28 16:30 62744 -c--a-w c:\windows\system32\xinput1_2.dll
2009-05-21 07:59 . 2009-02-05 20:06 23152 -c--a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-21 07:59 . 2009-02-05 20:06 51376 -c--a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-21 07:59 . 2009-02-05 20:05 26944 -c--a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-21 07:59 . 2009-02-05 20:04 97480 -c--a-w c:\windows\system32\AvastSS.scr
2009-05-21 07:59 . 2009-02-05 20:07 114768 -c--a-w c:\windows\system32\drivers\aswSP.sys
2009-05-21 07:59 . 2009-02-05 20:07 20560 -c--a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-21 07:59 . 2009-02-05 20:08 93296 -c--a-w c:\windows\system32\drivers\aswmon.sys
2009-05-21 07:59 . 2009-02-05 20:08 94032 -c--a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-21 07:58 . 2009-02-05 20:11 1256296 -c--a-w c:\windows\system32\aswBoot.exe
2009-05-21 07:58 . 2009-05-21 07:58 -------- dc----w c:\program files\Alwil Software
2009-05-21 07:06 . 2007-03-06 17:12 86016 -c--a-w c:\windows\system32\preflib.dll
2009-05-21 07:06 . 2006-09-01 04:14 1089536 -c--a-w c:\windows\system32\libeay32.dll
2009-05-20 06:10 . 2009-05-21 08:07 117760 -c--a-w c:\documents and settings\Rayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-20 06:10 . 2009-05-20 06:10 -------- dc----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-20 06:09 . 2009-05-20 06:09 65024 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-05-20 06:09 . 2009-05-20 06:09 18944 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-05-20 06:09 . 2009-05-20 06:09 -------- dc----w c:\program files\SUPERAntiSpyware
2009-05-20 06:09 . 2009-05-20 06:09 -------- dc----w c:\documents and settings\Rayne\Application Data\SUPERAntiSpyware.com
2009-05-20 01:39 . 2009-05-20 01:39 -------- dc----w C:\LOOXIS
2009-05-19 18:10 . 2009-05-19 18:10 -------- dc----w c:\program files\Common Files\Wise Installation Wizard
2009-05-19 17:06 . 2009-05-26 20:19 19096 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 17:06 . 2009-05-26 20:20 40160 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 05:15 . 2009-05-21 07:06 -------- dc----w c:\program files\Dynex G Desktop Card Adapter
2009-05-18 17:55 . 2009-05-18 17:55 -------- dc----w c:\documents and settings\Rayne\Application Data\Malwarebytes
2009-05-18 17:55 . 2009-05-18 17:55 -------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-18 09:28 . 2009-03-24 23:08 55640 -c--a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-18 08:29 . 2009-05-28 00:56 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-05-18 07:56 . 2009-05-18 07:59 60174 -c--a-w c:\windows\unins001.dat
2009-05-18 07:56 . 2009-05-18 07:59 702297 -c--a-w c:\windows\unins001.exe
2009-05-18 07:51 . 2009-05-18 07:51 702297 -c--a-w c:\windows\unins000.exe
2009-05-18 07:51 . 2009-05-18 07:51 11647 -c--a-w c:\windows\unins000.dat
2009-05-17 09:12 . 2009-05-17 09:17 -------- dc----w c:\program files\Voice Changer 4.0 Diamond
2009-05-17 07:02 . 2009-05-19 04:54 -------- dc----w c:\documents and settings\All Users\Application Data\avg8
2009-05-16 18:33 . 2009-05-16 18:33 -------- dc----w c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2009-05-16 17:43 . 2009-05-18 06:52 -------- dc----w c:\program files\Spyware Terminator
2009-05-16 17:18 . 2009-05-18 06:52 -------- dc----w c:\program files\Google
2009-05-16 09:01 . 2009-05-16 09:00 102664 -c--a-w c:\windows\system32\drivers\tmcomm.sys
2009-05-16 09:00 . 2009-05-16 17:40 -------- dc----w c:\documents and settings\Rayne\.housecall6.6
2009-05-16 08:59 . 2009-05-16 08:59 -------- dc----w c:\windows\Sun
2009-05-16 08:55 . 2009-05-16 08:55 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-05-16 08:55 . 2009-05-26 23:54 -------- dc----w c:\program files\Java
2009-05-16 08:54 . 2009-05-16 08:54 152576 -c--a-w c:\documents and settings\Rayne\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-14 07:26 . 2009-05-14 07:26 758272 -c--a-w c:\windows\system32\kcpp.dll
2009-05-12 04:30 . 2009-05-12 04:30 -------- dc----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-05-12 04:17 . 2009-05-12 04:17 -------- dc----w c:\program files\Singular Inversions
2009-05-09 03:53 . 2009-05-25 23:32 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-09 03:49 . 2009-05-25 23:32 -------- dc----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-07 17:38 . 2007-02-21 09:11 68888 -c--a-w c:\windows\system32\xinput1_3.dll
2009-05-07 17:38 . 2008-10-30 18:57 3851784 -c--a-w c:\windows\system32\d3dx9_39.dll
2009-05-06 14:04 . 2009-05-06 14:04 -------- dc----w c:\documents and settings\Rayne\Application Data\Neopets Toolbar
2009-05-06 14:03 . 2009-05-06 14:03 -------- dc----w c:\documents and settings\Rayne\Local Settings\Application Data\Neopets
2009-05-04 04:30 . 2009-05-04 04:46 -------- dc----w c:\program files\Negi Mascotts
2009-05-04 04:10 . 2009-05-17 08:59 -------- dc----w c:\program files\DesuBuddy
2009-05-02 10:05 . 2009-05-02 10:19 -------- dc----w c:\program files\Eclipse 1.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 23:51 . 2008-08-15 12:11 -------- dc----w c:\program files\Common Files\Adobe
2009-05-21 06:53 . 2008-09-05 22:37 -------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-18 17:30 . 2008-05-15 20:24 -------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-17 08:02 . 2009-03-09 00:24 -------- dc----w c:\documents and settings\All Users\Application Data\Smith Micro
2009-05-16 08:07 . 2009-04-08 01:11 -------- dc----w c:\program files\Spybot - Search & Destroy
2009-05-12 04:17 . 2005-06-06 01:13 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-05-07 18:58 . 2009-04-25 07:50 -------- dc----w c:\program files\MagicISO
2009-04-30 16:31 . 2009-03-08 01:00 -------- dc----w c:\program files\Windows Media Connect 2
2009-04-27 23:55 . 2008-05-08 20:00 145752 -c--a-w c:\documents and settings\Rayne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 23:51 . 2009-04-27 23:51 45056 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{57A382F5-9E34-4201-8564-A25724AC8BAF}\NewShortcut2_57A382F59E3442018564A25724AC8BAF.exe
2009-04-27 23:51 . 2009-04-27 23:51 40960 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{57A382F5-9E34-4201-8564-A25724AC8BAF}\NewShortcut4_57A382F59E3442018564A25724AC8BAF.exe
2009-04-27 23:51 . 2009-04-27 23:51 40960 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{57A382F5-9E34-4201-8564-A25724AC8BAF}\NewShortcut3_57A382F59E3442018564A25724AC8BAF.exe
2009-04-27 23:51 . 2009-04-27 23:51 40960 -c--a-r c:\documents and settings\Rayne\Application Data\Microsoft\Installer\{57A382F5-9E34-4201-8564-A25724AC8BAF}\NewShortcut1_57A382F59E3442018564A25724AC8BAF.exe
2009-04-27 23:51 . 2009-04-27 23:51 -------- dc----w c:\program files\Microsoft Windows Script
2009-04-27 23:51 . 2009-04-27 23:51 -------- dc----w c:\program files\Haptek
2009-04-27 23:49 . 2009-04-27 23:49 -------- dc----w c:\program files\Zabaware
2009-04-27 14:16 . 2009-04-27 14:16 -------- dc----w c:\documents and settings\Rayne\Application Data\Enterbrain
2009-04-27 14:14 . 2009-04-27 14:14 -------- dc----w c:\program files\Common Files\Enterbrain
2009-04-27 14:14 . 2009-04-27 14:14 -------- dc----w c:\program files\Enterbrain
2009-04-26 17:18 . 2009-04-26 15:04 -------- dc----w c:\program files\TextAloud
2009-04-26 15:32 . 2009-04-26 15:32 -------- dc----w c:\program files\Common Files\INCA Shared
2009-04-26 15:19 . 2009-04-26 15:19 -------- dc----w c:\program files\NeoSpeech
2009-04-26 05:22 . 2009-04-26 05:07 -------- dc----w c:\documents and settings\Rayne\Application Data\DAEMON Tools Lite
2009-04-26 05:19 . 2009-04-26 05:19 -------- dc----w c:\documents and settings\Rayne\Application Data\DAEMON Tools Pro
2009-04-26 05:19 . 2009-04-26 05:19 -------- dc----w c:\documents and settings\Rayne\Application Data\DAEMON Tools
2009-04-26 05:18 . 2009-04-26 05:18 -------- dc----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-26 05:07 . 2008-08-26 02:53 717296 -c--a-w c:\windows\system32\drivers\sptd.sys
2009-04-25 09:35 . 2009-04-25 09:35 -------- dc----w c:\documents and settings\Rayne\Application Data\Uniblue
2009-04-25 08:57 . 2009-04-25 08:57 -------- dc----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-22 02:49 . 2009-04-22 02:49 1496576 -c-h--w c:\windows\system32\wodfamop.dll
2009-04-21 07:34 . 2009-04-21 07:26 -------- dc----w c:\program files\PhotoFiltre
2009-04-21 04:00 . 2009-03-01 21:26 -------- dc----w c:\documents and settings\Rayne\Application Data\aAvgApi
2009-04-21 04:00 . 2008-08-19 20:02 -------- dc----w c:\documents and settings\Rayne\Application Data\Any Video Converter
2009-04-21 04:00 . 2009-01-22 23:02 -------- dc----w c:\program files\Rings of the Magi
2009-04-14 01:07 . 2009-03-08 08:53 -------- dc----w c:\documents and settings\Rayne\Application Data\GetRightToGo
2009-04-12 07:32 . 2009-04-12 06:14 -------- dc----w c:\program files\IObit
2009-04-12 07:29 . 2009-04-12 06:14 -------- dc----w c:\documents and settings\Rayne\Application Data\IObit
2009-04-04 19:58 . 2008-07-24 03:12 -------- dc----w c:\program files\psx emulation cheater
2009-04-04 05:51 . 2008-07-01 22:12 -------- dc----w c:\documents and settings\All Users\Application Data\InstallShield
2009-03-11 05:58 . 2009-03-11 05:58 0 -c--a-w c:\windows\system32\drivers\ScreamingBAudio.sys
.

Re: Nobody seems to know how to help me!31st May 2009, 11:44 pm

------- Sigcheck -------

[-] 2004-08-04 09:44 14336 BA98327E90022DBD6EE76490E0622E2E c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-05-28_08.41.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-31 23:27 . 2009-05-31 23:27 16384 c:\windows\temp\Perflib_Perfdata_778.dat
+ 2009-05-31 23:27 . 2009-05-31 23:27 16384 c:\windows\temp\Perflib_Perfdata_4c4.dat
+ 2009-05-31 03:49 . 2009-05-31 03:49 16384 c:\windows\temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-03-02 1282048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G Desktop Card Adapter\DynexWCUI.exe [2009-5-21 1462272]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 -c--a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Rayne^Start Menu^Programs^Startup^Ultra Hal Assistant Startup.lnk]
backup=c:\windows\pss\Ultra Hal Assistant Startup.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\KARI3PRO\\Kari3Pro.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Dynex G Desktop Card Adapter\\DynexWCUI.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/21/2009 12:59 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/21/2009 12:59 AM 20560]
R2 Cepstral License Server;Cepstral License Server;c:\program files\Cepstral\bin\CepstralLicSrv.exe [6/25/2008 6:18 PM 57344]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [6/30/2008 8:09 PM 72672]
S0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\RamDsk.sys [9/27/2004 7:00 PM 26240]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [5/17/2008 5:04 PM 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [3/10/2009 10:58 PM 0]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service;"c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe" --> c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 16:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\_av_proI.tm~a02788

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-31 16:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 23:36
ComboFix2.txt 2009-05-28 08:45
ComboFix3.txt 2009-05-21 06:27
ComboFix4.txt 2009-05-18 17:27
ComboFix5.txt 2009-05-31 23:15

Pre-Run: 1,169,080,320 bytes free
Post-Run: 1,213,534,208 bytes free

301

Re: Nobody seems to know how to help me!1st June 2009, 12:22 am

Hello.
That Combofix has deleted any AVG leftovers that I can see, see if you can access MalwareBytes now.

Re: Nobody seems to know how to help me!1st June 2009, 2:56 am

Yes, I can open malwarebytes, still can't update though.

Re: Nobody seems to know how to help me!1st June 2009, 2:59 am

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Double-click the launch.exe or cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, just let it cure whatever it finds...
o Now, go to Settings >> Change Settings
o Go to Actions tab >> under Objects section, change the settings to below
Infected objects - Cure
Incurable objects - Report
Suspicious objects - Report
o Don't change any other settings
Start the scan again. This time, choose Complete Scan
Click the green arrow button at the right, and the scan will start.
After the scan finished, click Select all
Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your Desktop. The report will be called DrWeb.csv
Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Re: Nobody seems to know how to help me!1st June 2009, 7:07 pm

Cure was grayed out so I just clicked save report list, here's what I got.

Combo-Fix.exe/data002\32788R22FWJFW\FIND3M.bat;C:\Documents and Settings\Rayne\Desktop\Combo-Fix.exe/data002;Probably BATCH.Virus;;
data002;C:\Documents and Settings\Rayne\Desktop;Archive contains infected objects;;
Combo-Fix.exe;C:\Documents and Settings\Rayne\Desktop;Container contains infected objects;;
Process.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Tool.Prockill;;
gxvxctyxumfoafvaswuxrlnsrtufjwmrfvpix.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;BackDoor.Tdss.167;;
A0260143.bat;C:\System Volume Information\_restore{E618FDC6-6616-4930-B0B0-A3813029C383}\RP418;Probably BATCH.Virus;;
A0260251.bat;C:\System Volume Information\_restore{E618FDC6-6616-4930-B0B0-A3813029C383}\RP418;Probably BATCH.Virus;;
A0261424.bat;C:\System Volume Information\_restore{E618FDC6-6616-4930-B0B0-A3813029C383}\RP434;Probably BATCH.Virus;;
A0261528.bat;C:\System Volume Information\_restore{E618FDC6-6616-4930-B0B0-A3813029C383}\RP434;Probably BATCH.Virus;;

Hello?8th June 2009, 8:18 pm

Why did everyone stop helping me? I'm still having problems if not more now! Now my computer internet icon for my wireless adapter randomly shows up red (Off line) when it's still online and letting me browse around! Please don't stop helping me! This is the only place I go to for computer help!

Re: Nobody seems to know how to help me!8th June 2009, 8:36 pm

Hello.
Sorry, we didn't stop helping you, your post just got bumped back and we didn't notice. I'm sure you can see how much traffic were dealing with lately. Sad tearing

The problems don't appear to be malware related.

Re: Nobody seems to know how to help me!8th June 2009, 8:45 pm

Oh sorry, It's ok Smile...

Sorry you guys have your hands full.
What do you think it may be? It doesn't make sense to me, or really to anybody it seems. Why is redtube still saying the Rustok thing? I only go there to see if I still have it. Before it didn't but now it always says I do.

Re: Nobody seems to know how to help me!8th June 2009, 8:48 pm

Download the GMER rootkit scan from here: GMER

Unzip it and start GMER.
Click the >>> tab and then click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

The log will be quite big, so please upload it to rapidshare.com.

Re: Nobody seems to know how to help me!9th June 2009, 2:05 pm

Ok, it wasn't too big but I put it on rapidshare anyway. This is the link.
http://rapidshare.com/files/242616062/remg_log.log.html

Re: Nobody seems to know how to help me!9th June 2009, 5:13 pm

Hello.
That found the problem. Looks like maybe a new variant of a rootkit CF isn't catching yet.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
gaopdxserv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Then tick "Disable any rootkits found"
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply.

Re: Nobody seems to know how to help me!9th June 2009, 6:35 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv.sys" not found!
Deletion of driver "gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Re: Nobody seems to know how to help me!9th June 2009, 7:33 pm

Hello.
That didn't get it, hopefully this will this time.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Registry keys to delete:
HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Then tick "Disable any rootkits found"
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

3. Please copy/paste the content of c:\avenger.txt into your reply.

Re: Nobody seems to know how to help me!9th June 2009, 9:56 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: Nobody seems to know how to help me!10th June 2009, 12:56 am

Okay, try updating stuff now.

Awesome!10th June 2009, 1:06 am

Yes yes yes! I updated antivirus and everything! Hooray!

Re: Nobody seems to know how to help me!10th June 2009, 1:07 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Nobody seems to know how to help me! CF_Cleanup

This will also reset your restore points.

How is the machine running now?

Re: Nobody seems to know how to help me!10th June 2009, 10:22 pm

Everything seems to be going great! I can update and my computer is faster now! Thank you so much for all your help, there is no way I could have done it without you! Thank you thank you thank you!

Re: Nobody seems to know how to help me!

Permissions in this forum:

You cannot reply to topics in this forum

Nobody seems to know how to help me!

descriptionNobody seems to know how to help me!26th May 2009, 5:08 am

descriptionRe: Nobody seems to know how to help me!26th May 2009, 9:31 am

descriptionRe: Nobody seems to know how to help me!27th May 2009, 12:54 am

descriptionThanks guys, here's the log27th May 2009, 1:25 am

descriptionRe: Nobody seems to know how to help me!27th May 2009, 2:29 am

descriptionRe: Nobody seems to know how to help me!27th May 2009, 7:28 am

descriptionRe: Nobody seems to know how to help me!28th May 2009, 12:42 am

descriptionRe: Nobody seems to know how to help me!28th May 2009, 2:10 am

descriptionRe: Nobody seems to know how to help me!28th May 2009, 2:15 am

descriptionHere's combofix28th May 2009, 9:00 am

descriptionRe: Nobody seems to know how to help me!28th May 2009, 9:01 am

descriptionRe: Nobody seems to know how to help me!29th May 2009, 3:07 pm

descriptionRe: Nobody seems to know how to help me!30th May 2009, 3:25 am

descriptionRe: Nobody seems to know how to help me!30th May 2009, 12:28 pm

descriptionRe: Nobody seems to know how to help me!31st May 2009, 12:31 am

descriptionRe: Nobody seems to know how to help me!31st May 2009, 12:36 am

descriptionRe: Nobody seems to know how to help me!31st May 2009, 2:54 am

descriptionRe: Nobody seems to know how to help me!31st May 2009, 12:34 pm

descriptionRe: Nobody seems to know how to help me!31st May 2009, 1:58 pm

descriptionRe: Nobody seems to know how to help me!31st May 2009, 2:11 pm

descriptionCombo-fix file 131st May 2009, 11:43 pm

descriptionRe: Nobody seems to know how to help me!31st May 2009, 11:44 pm

descriptionRe: Nobody seems to know how to help me!31st May 2009, 11:44 pm

descriptionRe: Nobody seems to know how to help me!1st June 2009, 12:22 am

descriptionRe: Nobody seems to know how to help me!1st June 2009, 2:56 am

descriptionRe: Nobody seems to know how to help me!1st June 2009, 2:59 am

descriptionRe: Nobody seems to know how to help me!1st June 2009, 7:07 pm

descriptionHello?8th June 2009, 8:18 pm

descriptionRe: Nobody seems to know how to help me!8th June 2009, 8:36 pm

descriptionRe: Nobody seems to know how to help me!8th June 2009, 8:45 pm

descriptionRe: Nobody seems to know how to help me!8th June 2009, 8:48 pm

descriptionRe: Nobody seems to know how to help me!9th June 2009, 2:05 pm

descriptionRe: Nobody seems to know how to help me!9th June 2009, 5:13 pm

descriptionRe: Nobody seems to know how to help me!9th June 2009, 6:35 pm

descriptionRe: Nobody seems to know how to help me!9th June 2009, 7:33 pm

descriptionRe: Nobody seems to know how to help me!9th June 2009, 9:56 pm

descriptionRe: Nobody seems to know how to help me!10th June 2009, 12:56 am

descriptionAwesome!10th June 2009, 1:06 am

descriptionRe: Nobody seems to know how to help me!10th June 2009, 1:07 am

descriptionRe: Nobody seems to know how to help me!10th June 2009, 10:22 pm

descriptionRe: Nobody seems to know how to help me!