0

i downloaded a song through limewire and the song required a license to be played.

i tried to acquire the license and brought me to a page that advised me to download a mediaplayer.

I continued with the process and cancelled the download of the mediaplayer but the download pushed through.

I managed to take note of the data.

I found them in my prefetch folder and eventually lost.

C:\System Volume Information\_restore{40654d66-afb1-4435-998f-455e009153fa}\rp349\a0246806.exe ------ Deal Assistant

Thanks.

2
Contributors
7
Replies
8
Views
7 Years
Discussion Span
Last Post by PhilliePhan
1

I am not clear as to what your problem is.

Let's go ahead and do this:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

  • DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT and then:

-- Download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.
- Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

Please post the MBAM and DDS logs for me.

Cheers :)
PP

0

Thank you so much for your help.

Below is the data you requested.

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2008 2:34:48 PM
System Uptime: 10/28/2009 6:43:07 PM (0 hours ago)

Motherboard: | | LakePort
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 7.149 GiB free.
D: is FIXED (NTFS) - 36 GiB total, 27.831 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP300: 8/13/2009 12:25:58 AM - Software Distribution Service 3.0
RP301: 8/13/2009 2:34:53 AM - Software Distribution Service 3.0
RP302: 8/13/2009 3:28:14 PM - Uniblue RegistryBooster 2009
RP303: 8/13/2009 5:07:53 PM - Software Distribution Service 3.0
RP304: 8/14/2009 6:03:04 PM - System Checkpoint
RP305: 8/15/2009 10:03:23 PM - Removed Dealio Toolbar v4.0.1.
RP306: 8/16/2009 8:38:16 PM - Software Distribution Service 3.0
RP307: 8/18/2009 1:35:04 AM - System Checkpoint
RP308: 8/18/2009 3:13:55 PM - Uniblue RegistryBooster 2009
RP309: 8/19/2009 4:37:40 PM - System Checkpoint
RP310: 8/21/2009 6:53:16 AM - System Checkpoint
RP311: 8/22/2009 4:57:51 AM - Uniblue RegistryBooster 2009
RP312: 8/22/2009 6:21:07 PM - Installed Project64 1.6
RP313: 8/23/2009 7:25:39 PM - System Checkpoint
RP314: 8/25/2009 11:56:36 AM - System Checkpoint
RP315: 8/26/2009 7:52:39 AM - Software Distribution Service 3.0
RP316: 8/27/2009 6:31:23 PM - Installed Dreamweaver MX 2004
RP317: 8/27/2009 6:32:51 PM - Installed Extension Manager
RP318: 8/28/2009 9:34:48 PM - System Checkpoint
RP319: 8/30/2009 7:30:33 AM - System Checkpoint
RP320: 8/30/2009 6:33:09 PM - Uniblue RegistryBooster 2009
RP321: 8/31/2009 7:20:11 PM - Uniblue RegistryBooster 2009
RP322: 9/3/2009 7:07:28 AM - System Checkpoint
RP323: 9/4/2009 9:14:08 PM - System Checkpoint
RP324: 9/6/2009 5:48:47 AM - System Checkpoint
RP325: 9/7/2009 10:32:09 PM - System Checkpoint
RP326: 9/9/2009 10:43:33 PM - System Checkpoint
RP327: 9/10/2009 7:44:44 PM - Software Distribution Service 3.0
RP328: 9/11/2009 4:42:33 PM - Uniblue RegistryBooster 2009
RP329: 9/13/2009 11:04:58 PM - System Checkpoint
RP330: 9/15/2009 8:32:10 AM - System Checkpoint
RP331: 9/17/2009 3:58:14 PM - Removed Dreamweaver MX 2004
RP332: 9/17/2009 3:58:58 PM - Removed Extension Manager
RP333: 9/18/2009 1:33:04 AM - Uniblue RegistryBooster 2009
RP334: 9/19/2009 7:11:58 PM - System Checkpoint
RP335: 9/20/2009 10:25:57 PM - System Checkpoint
RP336: 9/21/2009 8:22:57 PM - Software Distribution Service 3.0
RP337: 9/22/2009 9:51:25 PM - System Checkpoint
RP338: 9/23/2009 10:24:11 PM - System Checkpoint
RP339: 9/24/2009 5:38:28 PM - Uniblue RegistryBooster 2009
RP340: 9/25/2009 11:37:22 PM - System Checkpoint
RP341: 9/26/2009 1:39:22 PM - Uniblue RegistryBooster 2009
RP342: 9/27/2009 10:59:44 PM - System Checkpoint
RP343: 9/28/2009 5:55:27 PM - Spyware Doctor: Cleaning Threats
RP344: 9/28/2009 7:07:28 PM - Installed AVG Free 8.5
RP345: 9/29/2009 1:26:50 PM - Uniblue RegistryBooster 2009
RP346: 9/30/2009 2:12:02 AM - Uniblue RegistryBooster 2009
RP347: 10/2/2009 5:25:11 PM - Avg8 Update
RP348: 10/3/2009 8:54:57 PM - System Checkpoint
RP349: 10/4/2009 5:03:51 PM - Uniblue RegistryBooster 2009
RP350: 10/6/2009 2:06:12 PM - Uniblue RegistryBooster 2009
RP351: 10/7/2009 3:12:17 AM - Uniblue RegistryBooster 2009
RP352: 10/7/2009 1:09:07 PM - Removed AVG Free 8.5
RP353: 10/9/2009 8:11:07 PM - System Checkpoint
RP354: 10/11/2009 2:12:36 AM - System Checkpoint
RP355: 10/12/2009 6:54:07 AM - System Checkpoint
RP356: 10/13/2009 2:40:21 AM - Uniblue RegistryBooster 2009
RP357: 10/13/2009 8:07:08 PM - Installed Uniblue DriverScanner v1.0
RP358: 10/14/2009 8:18:56 PM - System Checkpoint
RP359: 10/15/2009 6:16:03 AM - Software Distribution Service 3.0
RP360: 10/17/2009 6:27:41 PM - Uniblue RegistryBooster 2009
RP361: 10/18/2009 9:57:18 PM - System Checkpoint
RP362: 10/19/2009 3:38:42 PM - Uniblue RegistryBooster 2009
RP363: 10/19/2009 4:16:46 PM - Installed DirectX
RP364: 10/20/2009 6:52:17 AM - Installed PowerDVD
RP365: 10/20/2009 2:09:20 PM - Uniblue RegistryBooster 2009
RP366: 10/20/2009 5:31:33 PM - Installed PowerDVD
RP367: 10/21/2009 2:47:58 PM - Installed Elite Cabal
RP368: 10/24/2009 2:31:41 PM - Uniblue RegistryBooster 2009
RP369: 10/25/2009 4:41:38 AM - Installed ESPD2007
RP370: 10/25/2009 4:44:51 AM - Removed ESPD2007
RP371: 10/25/2009 2:24:26 PM - Uniblue RegistryBooster 2009
RP372: 10/26/2009 2:25:59 AM - Software Distribution Service 3.0
RP373: 10/26/2009 2:46:14 AM - Uniblue RegistryBooster 2009
RP374: 10/26/2009 7:27:31 AM - Uniblue RegistryBooster 2009
RP375: 10/26/2009 5:17:56 PM - Removed Dealio Toolbar v4.0.1.
RP376: 10/27/2009 6:17:17 AM - Uniblue RegistryBooster 2009
RP377: 10/28/2009 11:02:09 AM - System Checkpoint

==== Installed Programs ======================

Absolute Poker Instant Play
Acrobat.com
Active@ File Recovery
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AGEIA PhysX v7.05.17
Angels Online
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
avast! Antivirus
Bonjour
Chikka Messenger V4
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DAP Premium
DealAssistant
DFX for Winamp
DFX for Windows Media Player
DNA
Elite Cabal
FoxyTunes for Firefox
Google Earth
Google Gears
Google Update Helper
Google Updater
Google Web Accelerator
HangARoo v2.052
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 10
LimeWire PRO 4.16.0
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.3)
MSN
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Need for Speed Underground 2
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Nokia PC Suite
PC Connectivity Solution
Pcsx2 0.9.1 Watermoose
PowerDVD
Project64 1.6
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sniper Elite
System Requirements Lab
TRUST 120 SPACEC@M
Tweak Manager 2.1
TypingMaster Pro
Uniblue DriverScanner 2009
Uniblue RegistryBooster 2009
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 11.2
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.5.3

==== Event Viewer Messages From Past Week ========

10/25/2009 6:01:07 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/25/2009 4:58:25 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SSIDRV\0000 disappeared from the system without first being prepared for removal.
10/25/2009 4:58:25 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SSHRMD\0000 disappeared from the system without first being prepared for removal.
10/25/2009 4:58:25 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SSFS0BBC\0000 disappeared from the system without first being prepared for removal.
10/25/2009 4:58:18 PM, error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
10/25/2009 4:58:11 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
10/25/2009 4:57:34 PM, error: ssidrv [26] -
10/22/2009 10:33:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio
10/22/2009 10:33:44 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal - Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
10/22/2009 10:33:44 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal - Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
10/22/2009 1:39:56 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 003018A1896F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


DDS.txt


DDS (Ver_09-10-26.01) - NTFSx86
Run by che at 18:46:19.70 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.219 [GMT -7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1356 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\che\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cuil.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download with &DAP - c:\program files\dap premium\dapextie.htm
IE: Download &all with DAP - c:\program files\dap premium\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216853251265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dappre~1\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dappre~1\dapie.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\che\applic~1\mozilla\firefox\profiles\ek48798m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.cuil.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\che\application data\mozilla\firefox\profiles\ek48798m.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\mozilla firefox\components\rpff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-7 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-7 20560]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 CCCP106;TRUST 120 [email]SPACEC@M;c:\windows\system32\drivers\cccp106.sys[/email] [2008-8-25 227200]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-15 133104]
S3 ByakkoDriver;ByakkoDriver;\??\c:\docume~1\che\locals~1\temp\9266109.10-27-2009 --> c:\docume~1\che\locals~1\temp\9266109.10-27-2009 [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-10-29 00:31:38 0 d-----w- c:\docume~1\che\applic~1\Malwarebytes
2009-10-29 00:31:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 00:31:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 00:31:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-29 00:31:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 14:38:06 7680 --sha-w- c:\windows\Thumbs.db
2009-10-26 09:26:12 0 d-----w- c:\program files\MSXML 4.0
2009-10-26 08:53:53 0 d-----w- c:\program files\Tweak Manager
2009-10-25 23:16:23 0 d-----w- c:\program files\MSSOAP
2009-10-25 23:12:38 164 ----a-w- c:\windows\install.dat
2009-10-25 11:43:06 8 --sh--r- c:\windows\system32\947A2DE479.dll
2009-10-25 11:41:13 0 d-----w- c:\windows\Downloaded Installations
2009-10-21 11:12:11 0 d-----w- C:\The Duel
2009-10-20 07:03:41 0 d-----w- c:\program files\EliteGunz
2009-10-20 03:02:37 0 d-----w- c:\docume~1\che\applic~1\DNA
2009-10-19 23:16:59 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-19 23:02:08 0 d--h--w- c:\windows\msdownld.tmp
2009-10-19 23:01:59 0 d-----w- c:\windows\Logs
2009-10-19 03:36:26 0 d-----w- c:\program files\common files\SWF Studio
2009-10-19 02:17:58 0 d-----w- c:\docume~1\che\applic~1\AbsolutePoker
2009-10-19 00:40:43 0 d-----w- c:\program files\NCBuy
2009-10-16 01:20:58 0 d-----w- c:\program files\iWin
2009-10-14 03:42:25 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-10-14 03:07:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-10-14 02:31:26 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-14 02:27:25 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2009-10-14 02:27:25 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2009-10-14 02:27:25 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2009-10-14 02:27:14 0 d-----w- C:\Intel
2009-10-14 02:17:36 0 d-----w- c:\program files\SystemRequirementsLab
2009-10-12 00:52:32 14848 --sha-w- c:\windows\system32\Thumbs.db
2009-10-04 22:33:49 0 d-----w- c:\program files\Pcsx2
2009-09-29 02:32:41 0 d--h--w- C:\$AVG8.VAULT$
2009-09-29 02:07:30 0 d-----w- c:\program files\AVG

==================== Find3M ====================

2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 00:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-05 00:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-05 00:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-05 00:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-05 00:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-05 00:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-05 00:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-05 00:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:52:09 67672 ----a-w- c:\docume~1\che\applic~1\GDIPFONTCACHEV1.DAT
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 22:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 02:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 13:58:28 2136064 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13:35 2015744 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 18:46:29.78 ===============

Log.txt


DDS (Ver_09-10-26.01) - NTFSx86
Run by che at 18:46:19.70 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.219 [GMT -7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1356 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\che\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cuil.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download with &DAP - c:\program files\dap premium\dapextie.htm
IE: Download &all with DAP - c:\program files\dap premium\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216853251265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dappre~1\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dappre~1\dapie.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\che\applic~1\mozilla\firefox\profiles\ek48798m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.cuil.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\che\application data\mozilla\firefox\profiles\ek48798m.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\mozilla firefox\components\rpff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-7 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-7 20560]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 CCCP106;TRUST 120 [email]SPACEC@M;c:\windows\system32\drivers\cccp106.sys[/email] [2008-8-25 227200]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-15 133104]
S3 ByakkoDriver;ByakkoDriver;\??\c:\docume~1\che\locals~1\temp\9266109.10-27-2009 --> c:\docume~1\che\locals~1\temp\9266109.10-27-2009 [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-10-29 00:31:38 0 d-----w- c:\docume~1\che\applic~1\Malwarebytes
2009-10-29 00:31:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 00:31:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 00:31:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-29 00:31:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 14:38:06 7680 --sha-w- c:\windows\Thumbs.db
2009-10-26 09:26:12 0 d-----w- c:\program files\MSXML 4.0
2009-10-26 08:53:53 0 d-----w- c:\program files\Tweak Manager
2009-10-25 23:16:23 0 d-----w- c:\program files\MSSOAP
2009-10-25 23:12:38 164 ----a-w- c:\windows\install.dat
2009-10-25 11:43:06 8 --sh--r- c:\windows\system32\947A2DE479.dll
2009-10-25 11:41:13 0 d-----w- c:\windows\Downloaded Installations
2009-10-21 11:12:11 0 d-----w- C:\The Duel
2009-10-20 07:03:41 0 d-----w- c:\program files\EliteGunz
2009-10-20 03:02:37 0 d-----w- c:\docume~1\che\applic~1\DNA
2009-10-19 23:16:59 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-19 23:02:08 0 d--h--w- c:\windows\msdownld.tmp
2009-10-19 23:01:59 0 d-----w- c:\windows\Logs
2009-10-19 03:36:26 0 d-----w- c:\program files\common files\SWF Studio
2009-10-19 02:17:58 0 d-----w- c:\docume~1\che\applic~1\AbsolutePoker
2009-10-19 00:40:43 0 d-----w- c:\program files\NCBuy
2009-10-16 01:20:58 0 d-----w- c:\program files\iWin
2009-10-14 03:42:25 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-10-14 03:07:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-10-14 02:31:26 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-14 02:27:25 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2009-10-14 02:27:25 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2009-10-14 02:27:25 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2009-10-14 02:27:14 0 d-----w- C:\Intel
2009-10-14 02:17:36 0 d-----w- c:\program files\SystemRequirementsLab
2009-10-12 00:52:32 14848 --sha-w- c:\windows\system32\Thumbs.db
2009-10-04 22:33:49 0 d-----w- c:\program files\Pcsx2
2009-09-29 02:32:41 0 d--h--w- C:\$AVG8.VAULT$
2009-09-29 02:07:30 0 d-----w- c:\program files\AVG

==================== Find3M ====================

2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 00:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-05 00:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-05 00:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-05 00:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-05 00:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-05 00:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-05 00:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-05 00:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:52:09 67672 ----a-w- c:\docume~1\che\applic~1\GDIPFONTCACHEV1.DAT
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 22:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 02:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 13:58:28 2136064 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13:35 2015744 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 18:46:29.78 ===============

mbam-log

Malwarebytes' Anti-Malware 1.41
Database version: 3050
Windows 5.1.2600 Service Pack 2

10/28/2009 6:41:40 PM
mbam-log-2009-10-28 (18-41-40).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 227574
Time elapsed: 50 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{46a88d62-e853-4d21-ac99-ff32f8b887f8} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46a88d62-e853-4d21-ac99-ff32f8b887f8} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{46a88d62-e853-4d21-ac99-ff32f8b887f8} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46a88d63-e853-4d21-ac99-ff32f8b887f8} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46a88d63-e853-4d21-ac99-ff32f8b887f8} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46a88d63-e853-4d21-ac99-ff32f8b887f8} (Adware.Mirar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46a88d62-e853-4d21-ac99-ff32f8b887f8} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46a88d62-e853-4d21-ac99-ff32f8b887f8} (Adware.Mirar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\che\Application Data\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\EA GAMES\Need for Speed Underground 2\rld-nu2k.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\b178.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\che\Application Data\DealAssistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\che\Application Data\DealAssistant\DAUninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\youtubex.dll (Trojan.Agent) -> Quarantined and deleted successfully.

0

Thank you so much for your help.

10/25/2009 6:01:07 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

Happy to help.

-- That is a bit worrisome. Did you run chkdsk?
-- Do you know what this is ---> ByakkoDriver Gaming related, perhaps?

PP:)

0

You're welcome.

Byakkodriver -----> probably it's from piriform.com.

I downloaded recuva from their site.

After the download I suspected that the site was the same with dealassistant.com. I cancelled the installation.

After cancellation, I found a suspicious folder on drive d: that has a series of numbers and letters as its label.

I shredded the file.

*

I ran chkdsk but the window closed upon completion.

It did not report any error.

Thanks again.

:)

0

Thanks again.

Happy to help :)

I really haven't had time to look closely at your logs, but at quick glance they look OK - nothing really jumps out at me.

How are things running?

-- You should update your Java and remove all older versions.
-- c:\windows\system32\947A2DE479.dll I do not know what this is - check it out at http://virusscan.jotti.org/en
You'll need to enable the viewing of hidden files to see it.

PP :)

0

Everything's fine.

947A2DE479.dll ----> found nothing.


Thank you so much.

I'm going to mark now the thread as solved.

I really appreciate all the help.

:):)

Edited by clark0516: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.