hi everyone :) i have this question to ask regarding a ONE-USER ANTIVIRUS..
if i have one such antivirus installed in my computer, and then if i reformat my entire disk, then will i be able to reinstall that anti-virus from its cd after iv made a fresh install?
thanks :)
somjit{}
Jump to PostYou mean a paid version of an antivirus program? You should be able to as long as you have the registration code and it is not expired. You probably would have to contact the av company to get it reactivated but that normally isn't a problem as long as you …
Jump to PostUsing an expired av program to scan a computer you think is infected is a bad idea. It likely would not be able to find all the infections, if they are there. In order to find the newest infections an av program must be up to date, and I certainly …
Jump to Postplease dont leave me because my original post was abt something else than whats happening now... i hope that u guys know that im hopeless without these instructions ur giving me :( so please dont leave !!
Never said we were leaving, I was just giving you this caution that …
Jump to PostHoli, eh? What colour did you end up?
I think I tried to guide you in my first post to save data files only and reinstall your OS and applications, for otherwise it can be an adventure discovering the damage Sality has done. Having chosen to attempt a cure you …
Jump to PostThe poster stated that he will get an external hard drive from his friend to backup his data, i am recommending him good external hard drive that will crash less.
That may be, however, he is going to borrow one from his friend which he plainly stated so he does …
You mean a paid version of an antivirus program? You should be able to as long as you have the registration code and it is not expired. You probably would have to contact the av company to get it reactivated but that normally isn't a problem as long as you have all the key info and it's not expired.If it's expired then no you couldn't because you do have to re-register it and it wouldn't register if expired.
thanks :)
n yes.. a paid version. im planning to buy one today, the one that i had earlier had expired some time back. my computer is showinng a lot of problems..
actually, this is what i was thinking of doing->
first use this av to scan my computer,
then back it up, n do a reformat n a fresh install.. i think my computer is infested with a lot of malware :( so i was thinking of this reformat.
but since u are here.. i would be really grateful if u could help me out with some of these problems im having???
i could give u all the logs as well if u need them. :)
but,anyways thanks a lot for the above suggestion:)
Using an expired av program to scan a computer you think is infected is a bad idea. It likely would not be able to find all the infections, if they are there. In order to find the newest infections an av program must be up to date, and I certainly would not recommend backing up something I was not sure was clean.
By all means, follow the instructions found in our Read Me sticky, then save the logs and post them all here I will be happy to take a look, maybe a reformat won't be needed if we can get it all clean. There are several excellent FREE av programs available also once we get the computer clean.
Here is the link for the Read Me sticky:
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865
thanks for the support :) i have the softwares mentioned in that sticky, n also the logs, but do u want me to post the old ones or do a new scan right now n post the logs for those?
thanks a lot for ur time :)
If the scans were all done today you can begin with those. If they were done several days ago and you have been using the computer since then I would advise new ones be done.
okay.. im doing the new scans. i did those scans some days back... ill start with the gmer scan, n post the logs as soon as its done.
Ok. Not sure of your location. I am in the US and it is nearly 1 am at my location so I will look at them in the morning if that's ok. I would advise that you not use the computer, except for completing all the scans until I can take a look and tell you the next steps that need to be done.
Continuing to use the computer while it is still infected will put it at a greater risk. So complete the scans, follow all the directions exactly and once you have completed all the scans, post the logs back here and then shut the computer completely down until tomorrow as you don't want further infections. I will read the logs first thing in the morning and post further instructions if they are needed.
thanks for all the support.:)
and... the instructions in the read me thread said to disconnect from the net while the scans were running, that's why it took me this long to reply.. sorry. n i'm from kolkata, India. its about 11-30 in the morning here... so ill be back in the evening then..
this are the gmer logs..
.................. GMER ONE...............
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-14 10:22:07
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path1Target1Lun0 WDC_WD50 rev.05.0
Running: 8r6uw5xm.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kflyraog.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89B2CC98
Device \Driver\Tcpip \Device\Ip 89954110
Device \Driver\Tcpip \Device\Tcp 89954110
Device \Driver\Tcpip \Device\Udp 89954110
Device \Driver\Tcpip \Device\RawIp 89954110
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] cvwgex <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
.............. GMER TWO...............
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-14 11:12:05
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path1Target1Lun0 WDC_WD50 rev.05.0
Running: 8r6uw5xm.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kflyraog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xB0C048AC] <-- ROOTKIT !!!
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xB0C04812] <-- ROOTKIT !!!
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89B2CC98
Device \Driver\Tcpip \Device\Ip 89954110
Device \Driver\Tcpip \Device\Tcp 89954110
Device \Driver\Tcpip \Device\Udp 89954110
Device \Driver\Tcpip \Device\RawIp 89954110
Device \Driver\Tcpip \Device\IPMULTICAST 89954110
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] cvwgex <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@bzhpzpkwn -1153440622
Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\cvwgex@bzhpzpkwn -1153440622
Reg HKLM\SYSTEM\ControlSet002\Services\cvwgex@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\cvwgex@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\cvwgex@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\cvwgex@Group Boot Bus Extender
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD6E0.tmp 512 bytes
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{B06F0524-8FFE-4CE0-923C-F9066E245DFD}.tmp 16384 bytes
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{611ABFCD-31DC-42DE-8487-6B8F5ECF1E45}.tmp 1024 bytes
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{F8D4E1C1-5E39-48C3-9644-528F01A35E1F}.tmp 6804 bytes
---- EOF - GMER 1.0.15 ----
now the mbam log:
.................MBAM LOG.................
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6047
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
3/14/2011 12:38:28 PM
mbam-log-2011-03-14 (12-38-28).txt
Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 301570
Time elapsed: 55 minute(s), 44 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 105
Memory Processes Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1492 -> Not selected for removal.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 284 -> Not selected for removal.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Malware.Trace) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Not selected for removal.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Not selected for removal.
c:\Documents and Settings\Administrator\Local Settings\Temp\gimda.exe (Spyware.PWS) -> Delete on reboot.
c:\program files\iobit toolbar\IE\4.1\iobittoolbarie.dll (PUP.Dealio) -> Not selected for removal.
c:\rlgb.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\fxmdk.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\start menu\Programs\Startup\fvb66s86.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\start menu\Programs\Startup\je0lrbxsty.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\iobit toolbar\widgihelper.exe (PUP.Dealio) -> Not selected for removal.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0112461.exe (PUP.Dealio) -> Not selected for removal.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0112815.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0112816.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0112817.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0115594.exe (PUP.Dealio) -> Not selected for removal.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0117997.exe (PUP.Dealio) -> Not selected for removal.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0118349.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0118350.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0118351.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0122230.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0122228.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0122229.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0122489.exe (PUP.Dealio) -> Not selected for removal.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0123437.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0123946.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0124655.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0124928.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0126054.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0126839.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0126847.exe (Trojan.Palevo.Gen.A) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0127877.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0128138.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0128208.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0128209.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\cvwgex.sys (Trojan.Bubnix) -> Quarantined and deleted successfully.
e:\tksimx.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0108657.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0109020.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0109250.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0109515.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0109658.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0110846.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP49\A0111240.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0113240.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0114258.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0114398.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0116721.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0117115.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0118857.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0118999.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0120436.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0119984.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP52\A0120804.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP52\A0120956.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP52\A0121925.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0123108.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0122857.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0124602.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0124875.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0123898.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0126001.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0126791.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0127823.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\wwjnu.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0113239.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0114257.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0114396.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0116720.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0117114.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0118855.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0118997.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0119982.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0120434.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP52\A0120803.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP52\A0120954.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP52\A0121924.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0122853.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0123106.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0123895.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0124600.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0124873.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0125999.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0126789.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0127821.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP54\A0129138.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\rrhw.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0113252.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0114410.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP50\A0116751.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0117130.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0118869.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0119027.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0119996.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP51\A0120465.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP52\A0120816.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP52\A0120968.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP52\A0121955.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0122874.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0123120.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0123922.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0124631.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0124904.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0126816.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0127853.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP53\A0126030.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{a8da50ea-9289-4a52-b7e3-4de70b91f5fd}\RP54\A0129156.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Not selected for removal.
one thing i noticed in the mbam scan was that after i clicked the "show results" icon, some of the files weren't ticked. this "PUP.dealio" was one of them... these had stuff like memory, and registry values etc written on the description column. i dont know if this would be helpful to you.. but i thought i let u know...
here are the problems that iv been facing lately:
1. ccleaner, picasa, speccy etc dont run, they just show an error message saying " runtime error, R6002 floating point support not loaded"
2. the acrobat window crashes on opening, so i have to open pdf files through adobe reader only.
however, acrobat distiller, n photoshop etc are working fine.
3. a few days earlier, i got some error message that said something like a display driver had stopped working, n my screen had turned into a mosaic of chunky multicolored pixels!! that really scared me.. i did a restart and fortunately there hasnt been a repeat of that till now!
4.when i open windows task manager, and go to "performance", i see commit charge higher than 500mb even while im not doing anything. is this normal? i think it used to be lower earlier..
5. this is the latest addition to my list of problems..
i have DAP (download accelerator plus) as my download manager, and on windows startup, it used to open a small window, which doesnt open now, but i get a error message saying " Error while unpacking program, code LP5. Please report to author."
i hope these descriptions of the problems will be of some help to you.. next post will have the dds logs.
here are the dds logs.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 14:33:00.50 on Mon 03/14/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1371 [GMT 5.5:30]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\winamp installed\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\WinSplit Revolution\WinSplit.exe
C:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"C:\WINDOWS\System32\svchost.exe"
"C:\WINDOWS\System32\svchost.exe"
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mvbwd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\batrq.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.1\iobitToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.1\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: SPEEDBIT1 Class: {425e30f0-ccc6-4e24-bbeb-bcbd31720b37} - c:\program files\speedbit toolbar\toolbar\tbcore3.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.1\iobitToolbarIE.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: SpeedBit: {ebfcd017-bcad-42c3-9ed5-89dbdfc59171} - c:\program files\speedbit toolbar\toolbar\tbcore3.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [Winsplit] c:\program files\winsplit revolution\WinSplit.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] "e:\winamp installed\winamp\winampa.exe"
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Acrobat Assistant 8.0] "f:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\dj60lrbx.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\limewi~1.lnk - e:\after xp install\limewire\LimeWire.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\passwo~1.lnk - c:\program files\password safe\pwsafe.exe
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\pp2vwr081yj.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - f:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {2D3C1814-EE17-4829-9BAD-D4CA759DDB84} = 203.147.88.2,202.138.103.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\i42shw5d.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=685749&p=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\i42shw5d.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\i42shw5d.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\speedbit toolbar\spfirefox\components\Engine.dll
FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\smileycentral_1vei\installr\2.bin\NP1vEISb.dll
FF - plugin: e:\after xp install\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\after xp install\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - e:\after xp install\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\SPFireFox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: SpeedBit: {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - c:\program files\speedbit toolbar\SPFireFox
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-2-27 10872]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-11-18 386560]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\peltt.sys --> c:\windows\system32\drivers\peltt.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-5 1684736]
S3 cpuz132;cpuz132;\??\c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-6 38224]
S3 speccy;speccy;\??\c:\docume~1\admini~1\locals~1\temp\f86506e9-986e-435a-8ae8-1d7760614b0e --> c:\docume~1\admini~1\locals~1\temp\f86506e9-986e-435a-8ae8-1d7760614b0e [?]
.
=============== Created Last 30 ================
.
2011-03-14 07:39:54 99044 ----a-w- C:\rlgb.pif
2011-03-14 03:37:54 739840 ----a-w- c:\windows\system32\drivers\cvwgex.sys
2011-03-09 03:21:30 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-03-09 03:21:30 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-03-09 03:21:29 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-09 03:21:29 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-06 15:50:45 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-03-06 15:50:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 15:50:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-06 15:50:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 15:50:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 13:31:25 -------- d-----w- c:\program files\Bonjour
2011-03-06 13:27:52 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-03-04 16:59:39 -------- d-----w- c:\docume~1\admini~1\applic~1\LimeWire
2011-03-04 16:49:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-04 16:49:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-02-28 16:11:20 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
2011-02-28 15:57:54 -------- d-----w- c:\docume~1\admini~1\applic~1\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
2011-02-28 15:56:49 -------- d-----w- c:\program files\Fanbase
2011-02-27 08:15:46 487479 ----a-w- c:\windows\system32\SkinMagic.dll
2011-02-27 08:03:58 -------- d-----w- c:\docume~1\admini~1\applic~1\Grisoft
2011-02-27 08:03:53 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2011-02-27 08:03:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Grisoft
2011-02-27 07:12:11 -------- d-----w- C:\Mp3 Output
2011-02-27 07:12:10 8676883 ----a-w- c:\windows\system32\mp3Media2.dll
2011-02-21 15:46:11 -------- d-----w- c:\program files\WinSplit Revolution
2011-02-16 14:26:45 -------- d-----w- c:\program files\Power Tab Software
2011-02-16 14:21:33 -------- d-----w- c:\docume~1\admini~1\applic~1\Dev-Cpp
2011-02-15 15:59:07 185344 -c--a-w- c:\windows\system32\dllcache\thawbrkr.dll
2011-02-15 15:59:07 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2011-02-15 15:59:06 5632 -c--a-w- c:\windows\system32\dllcache\kbdusa.dll
2011-02-15 15:59:06 5632 ----a-w- c:\windows\system32\kbdusa.dll
2011-02-15 15:59:06 19456 -c--a-w- c:\windows\system32\dllcache\agt0401.dll
2011-02-15 15:59:06 10752 -c--a-w- c:\windows\system32\dllcache\c_iscii.dll
2011-02-15 15:59:06 10752 ----a-w- c:\windows\system32\c_iscii.dll
2011-02-15 15:59:05 19456 -c--a-w- c:\windows\system32\dllcache\agt040d.dll
2011-02-15 15:58:51 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2011-02-15 15:58:51 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2011-02-15 15:33:55 -------- d-sh--w- c:\docume~1\admini~1\locals~1\applic~1\.#
2011-02-14 18:44:18 -------- d-----w- c:\windows\system32\appmgmt
2011-02-14 12:43:50 -------- d-----w- c:\docume~1\admini~1\applic~1\Styler
2011-02-14 12:42:13 -------- d-----w- c:\windows\Logs
2011-02-14 08:20:20 -------- d--h--w- C:\VritualRoot
2011-02-14 08:11:51 191024 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-02-14 08:05:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2011-02-14 08:05:35 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-02-14 07:33:17 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-14 07:33:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-14 07:06:35 -------- d-----w- c:\program files\Styler
2011-02-14 06:24:40 218624 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-02-14 05:36:29 -------- d-----w- c:\docume~1\admini~1\applic~1\Winsplit Revolution
2011-02-14 05:12:54 -------- d-----w- c:\program files\ViGlance
2011-02-14 05:12:54 -------- d-----w- c:\docume~1\admini~1\applic~1\ViGlance
2011-02-12 13:21:46 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\PasswordSafe
2011-02-12 13:21:36 -------- d-----w- c:\program files\Password Safe
.
==================== Find3M ====================
.
2011-02-08 13:40:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-08 13:40:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 14:33:15.29 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2011 11:12:34 AM
System Uptime: 3/14/2011 1:08:29 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N68-AM Plus
Processor: AMD Athlon(tm) II X2 250 Processor | AM2 | 3013/200mhz
Processor: AMD Athlon(tm) II X2 250 Processor | AM2 | 3013/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 58.749 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 147 GiB total, 47.212 GiB free.
F: is FIXED (NTFS) - 122 GiB total, 100.495 GiB free.
G: is FIXED (NTFS) - 122 GiB total, 29.598 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 3/9/2011 6:19:15 PM - System Checkpoint
RP51: 3/10/2011 7:17:37 PM - System Checkpoint
RP52: 3/12/2011 1:06:56 PM - System Checkpoint
RP53: 3/12/2011 11:32:17 PM - Restore Operation
RP54: 3/14/2011 12:10:31 PM - System Checkpoint
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.0.1)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced SystemCare 3
AHV content for Acrobat and Flash
AVG Anti-Spyware 7.5
CCleaner
Crystal XI
Download Accelerator Plus (DAP)
Fanbase
Freez FLV to MP3 Converter
Freez Screen Video Capture v1.2
GCH Guitar academy
High Definition Audio Driver Package - KB888111
IcoFX 1.6.4
IObit Toolbar v4.1
iZotope Ozone Free 1.0 for Winamp
Java Auto Updater
Java(TM) 6 Update 18
LG CyberLink Power2Go
LG Power Tools
LimeWire 5.5.14
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
MoRUN.net Sticker Lite
Mozilla Firefox (3.6.13)
Need For Speed Underground Demo
NVIDIA Drivers
ObjectDock
OrCAD 15.7 Demo
Password Safe
PDF Settings
Power Tab Editor 1.7
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Speccy
SpeedBit Toolbar
SpeedBit Video Downloader
TheSage
VLC media player 1.0.1
WebFldrs XP
Winamp
Winamp Detector Plug-in
Winamp Essentials Pack
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Installer 3.1 (KB893803)
WinRAR archiver
WinSplit Revolution (v11.02)
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/8/2011 8:09:06 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
3/14/2011 9:07:54 AM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
3/14/2011 1:09:09 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
3/12/2011 11:08:02 PM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
.
==== End Of File ===========================
Hello, Somjit. You posted "...then back it up, n do a reformat n a fresh install.. i think my computer is infested with a lot of malware so i was thinking of this reformat."
Yes, there is a lot of malware, including a bootkit, a rootkit and Sality virus, and because you are not averse to the idea of saving wanted files [DATA only, such as picture files, documents etc because Sality is an executable process infector] and then reformating, reinstalling, I feel that is the best option, likely the quickest and easiest, also. You've pointed out that some of your applications are not working correctly - Sality may have infected their executables, and you would need to reinstall them anyway.
Choosing that path gives you the security of knowing that your system will then at least start off clean. It will only stay clean if you dump outdated software such as Grisoft's AS_7.5 ... gee, that is old. And run your chosen AV service.
Save your data files to cd, don't save any executables, even possibly desirable ones such as application installers.
You might start a cleaning job by these initial steps:
-run CCleaner in EACH user's accounts.
-run mbrcheck.exe from http://ad13.geekstogo.com/MBRCheck.exe run it, then close the cmd window and post the log.
-delete C:\rlgb.pif and c:\windows\system32\drivers\cvwgex.sys
-download and run Salitykiller.zip and then Sality Regkeys.zip as per instructions here: http://support.kaspersky.com/viruses/solutions?qid=208279889
-turn System Restore off for all drives, then turn it on again and make a Restore Point.
-==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : close other applications and save work, turn off your Antivirus, Antispyware and Firewall for the duration of this scan.
- to run it dclick the Combofix.exe icon and follow the prompts to start it. If you do not have it installed already, Combofix will download and install the Recovery Console on your system.
A word of caution - do not touch your mouse/keyboard until the scan has completed [your computer will restart automatically] when a log, C:\Combofix.txt , will pop onto your desktop - post that log in your next reply.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Save your data files to cd, don't save any executables, even possibly desirable ones such as application installers.
by executables, do u mean setup files?
and ccleaner isnt running... it just shows an error message saying R6002 floating point support not loaded.
and how do i turn system restore off? i dont know how to do that. about two days ago, i tried to restore my computer to an earlier point, but it didnt happen.. i got a message saying that the windows wasnt able to restore my computer to the chosen earlier time period. and since then im getting that problem iv mentioned -
Error while unpacking program, code LP5. Please report to author
im planning to buy this years release of kaspersky AV. if i install n run it on my computer, will that kill the sality virus? since u mentioned kaspersky labs, so im asking this.. the caution warning u gave abt combofix really is scary... especially as im not much of any geek etc. iv had kaspersky for one year, n i didnt have any problms.. just in one month that im going without an antivirus that so much damage has been made to my computer!
turn off your Antivirus, Antispyware and Firewall for the duration of this scan.
i dont have any antivirus now, n iv turned avg anti spyware off. but iv heard that windows has its own firewall, do i need to turn that of? if so.. please let me know how to do that as i havent done that before.
*off ... spelling check!!
i ran mbr check.. but i had to do it using IE, as firefox gave that same message "Error while unpacking program, code LP5. Please report to author" and didnt open this site. just thought i let u know..
im posting the mbr log below....
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB7EAF000 cvwgex.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7E90000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E6A000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7E52000 atapi.sys
0xB7E2D000 nvgts.sys
0xB7E15000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DF6000 fltMgr.sys
0xB7DE4000 sr.sys
0xB80F8000 PxHelp20.sys
0xB7DCD000 KSecDD.sys
0xB7D40000 Ntfs.sys
0xB7D13000 NDIS.sys
0xB7CF8000 Mup.sys
0xB8308000 \SystemRoot\system32\DRIVERS\processr.sys
0xB7C46000 \SystemRoot\system32\DRIVERS\parport.sys
0xB85DA000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB8318000 \SystemRoot\system32\DRIVERS\serial.sys
0xB85A4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB7C23000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83B8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xB7BFE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8138000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB7B14000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB8148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7AF1000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7341000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB732D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB87C3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7CCC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7316000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7265000 \SystemRoot\system32\DRIVERS\psched.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8418000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8430000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6F74000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8298000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8420000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8428000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6EA0000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C76000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB82A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xADB16000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB8606000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xADB06000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xAC89C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAC87A000 \SystemRoot\system32\drivers\portcls.sys
0xACF3E000 \SystemRoot\system32\drivers\drmk.sys
0xB862E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8720000 \SystemRoot\System32\Drivers\Null.SYS
0xB8630000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8721000 \SystemRoot\System32\DRIVERS\AvgAsCln.sys
0xAD095000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAD08D000 \SystemRoot\System32\drivers\vga.sys
0xB8632000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8634000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAD085000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAD07D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4667000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAC82E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAC7D6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAC7AE000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6EF4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAC78C000 \SystemRoot\System32\drivers\afd.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAD075000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xAC760000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAC6F1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB81A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8752000 \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
0xB83C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB857C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB46DD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB858C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB7C62000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB46CD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB83D8000 \SystemRoot\System32\watchdog.sys
0xAD9C1000 \SystemRoot\System32\drivers\Dxapi.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB87ED000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xABE54000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xABD2F000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6F14000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB82B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8658000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAB6E8000 \SystemRoot\system32\DRIVERS\srv.sys
0xB46FD000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB8612000 \??\C:\WINDOWS\system32\drivers\peltt.sys
0xAB24D000 \SystemRoot\System32\Drivers\HTTP.sys
0xAA5ED000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 46):
0 System Idle Process
4 System
736 C:\WINDOWS\system32\smss.exe
784 csrss.exe
808 C:\WINDOWS\system32\winlogon.exe
852 C:\WINDOWS\system32\services.exe
864 C:\WINDOWS\system32\lsass.exe
1036 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1212 C:\WINDOWS\system32\svchost.exe
1316 svchost.exe
1400 svchost.exe
1700 C:\WINDOWS\system32\spoolsv.exe
2000 C:\WINDOWS\explorer.exe
220 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
236 C:\WINDOWS\system32\rundll32.exe
248 C:\WINDOWS\RTHDCPL.EXE
268 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
292 C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
320 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
372 E:\winamp installed\Winamp\winampa.exe
496 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
524 C:\Program Files\Common Files\Java\Java Update\jusched.exe
548 F:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
576 C:\WINDOWS\system32\ctfmon.exe
584 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
648 C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
760 C:\Program Files\WinSplit Revolution\WinSplit.exe
1152 C:\Program Files\Application Updater\ApplicationUpdater.exe
1180 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
1204 C:\Program Files\Bonjour\mDNSResponder.exe
1312 C:\Program Files\Java\jre6\bin\jqs.exe
1508 C:\WINDOWS\system32\nvsvc32.exe
1572 C:\Program Files\Password Safe\pwsafe.exe
1588 C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
680 C:\WINDOWS\system32\svchost.exe
2168 C:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
3360 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
2860 C:\WINDOWS\system32\svchost.exe
2896 C:\WINDOWS\system32\svchost.exe
1120 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\imnc.exe
2392 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wvbq.exe
3952 E:\after xp install\firefox.exe
2672 C:\WINDOWS\system32\rundll32.exe
772 C:\Program Files\Internet Explorer\IEXPLORE.EXE
2536 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1O43MQAW\MBRCheck[1].exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`ad10ae00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000037`5539b800 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000055`e2e95c00 (NTFS)
PhysicalDrive0 Model Number: WDCWD5000AAKS-00V1A0, Rev: 05.01D05
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
delete C:\rlgb.pif and c:\windows\system32\drivers\cvwgex.sys
i deleted the first, but windows is showing a message that it cannot delete c:\windows\system32\drivers\cvwgex.sys.
starting to get a bit worried to be honest.. nothing like this has happened to before! :(
Ok, let's try this, go to this page http://virusscan.jotti.org/en and upload that file c:\windows\system32\drivers\cvwgex.sys.
to have it scanned by multiple scanners and let me know what it finds.
i was a bit scared to open my computer yesterday.. so the late reply, ok, im doing it .. thanks for keeping up with me.. :)
i tried both firefox and IE, but that site isnt loading! its just stuck there. is it becuse of the virus?
um.. yeah. is that unusual? i tried 3-4 times.. but that site wont load. ok im trying this one out...
ok.. when i click on the link, the page doesnt load, but however, i did a google search, n a page http://virustotal-uploader.en.softonic.com/ did load. its about the virus total uploader. will this help?
You don't need a special program to go to that website. Don't download anything unless told to do so. If you can't get to the site then downloading some program isn't going to help you get there.
Please continue with combofix
sorry... ok ill do that.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.