probable malware

View previous topic View next topic Go down

probable malware

Post by ganjiry on Tue May 18, 2010 9:26 am

hi all at geek police... can u help plz my laptop has sudenly slowed down loads. i hav e run all my scans and removed a trojan but things still dont seem right. im runnin windows7. here r the logs from a scan jusst done.

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22/12/2009 15:56:11
System Uptime: 18/05/2010 08:37:16 (0 hours ago)

Motherboard: Packard Bell | | SJV50MV
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 181.966 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP266: 13/05/2010 15:01:59 - Installed Safari
RP267: 13/05/2010 16:10:40 - Advanced Uninstaller RestorePoint
RP268: 13/05/2010 16:16:08 - Windows Update
RP269: 14/05/2010 01:39:09 - StopZILLA! Restore Point.
RP270: 15/05/2010 14:17:24 - StopZILLA! Restore Point.
RP271: 17/05/2010 12:11:53 - StopZILLA! Restore Point.
RP272: 17/05/2010 15:05:11 - StopZILLA! Restore Point.
RP273: 17/05/2010 18:51:27 - Removed Call of Duty(R) 4 - Modern Warfare(TM)
RP274: 17/05/2010 22:33:00 - StopZILLA! Restore Point.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader 9.3.2 MUI
Advanced SystemCare 3
Amazonia
America's Army
America's Army 3
Apple Application Support
Apple Software Update
µTorrent
Backup Manager Basic
Big Kahuna Reef
Bubbletown
Call of Duty(R) 4 - Modern Warfare(TM)
CCleaner
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
Dairy Dash
Dream Day First Home
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
Farm Frenzy 2
Game Booster
Google Update Helper
Granny In Paradise
Heroes of Hellas
Identity Card
ImagXpress
iS3 STOPzilla Toolbar
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Kane & Lynch: Dead Men
Launch Manager
Merriam Websters Spell Jam
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
Norton 360
NVIDIA PhysX
OpenAL
OPERATION7
Packard Bell GameZone Console
Packard Bell InfoCentre
Packard Bell MyBackup
Packard Bell Power Management
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell Updater
PackardBell ScreenSaver
Pando Media Booster
PunkBuster Services
QuickTime
Realtek USB 2.0 Card Reader
RKMod COD 4
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shockwave
Sky Broadband
Skype™ 4.1
SkyPlayer for Windows Media Center
Star Defender 4
Steam
STOPzilla
System Requirements Lab
Tom Clancy's Rainbow Six Vegas
TTMessenger 4.0
Uniblue RegistryBooster
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Web Camera
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

==== Event Viewer Messages From Past Week ========

18/05/2010 08:38:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
18/05/2010 08:37:41, Error: volmgr [46] - Crash dump initialization failed!
17/05/2010 12:10:43, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
16/05/2010 23:50:12, Error: Service Control Manager [7030] - The Akamai NetSession Interface service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
15/05/2010 21:06:51, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
15/05/2010 21:06:51, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
DDS (Ver_10-03-17.01) - NTFSX64
Run by ryan at 8:51:13.81 on 18/05/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4091.2394 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
c:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\ryan\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page =
uSearch Bar =
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files (x86)\stopzilla!\toolbar\SZIESearchHook.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files (x86)\stopzilla!\toolbar\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\4.1.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\4.1.0.32\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files (x86)\stopzilla!\SZIEBHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\4.1.0.32\coIEPlg.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files (x86)\stopzilla!\toolbar\SZSG.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Pando Media Booster] c:\program files (x86)\pando networks\media booster\PMB.exe
uRunOnce: [RegistryBooster] c:\program files (x86)\uniblue\registrybooster\Launcher.exe delay
uRunOnce: [UniblueRegistryBooster] "c:\program files (x86)\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BackupManagerTray] "c:\program files (x86)\newtech infosystems\packard bell mybackup\BackupManagerTray.exe" -h -k
mRun: [Camera Assistant Software] "c:\program files (x86)\video web camera\traybar.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~2\epsons~1\eventm~1\EEventManager.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: CabBuilder - [You must be registered and logged in to see this link.]
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - [You must be registered and logged in to see this link.]
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - [You must be registered and logged in to see this link.]
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - [You must be registered and logged in to see this link.]
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - [You must be registered and logged in to see this link.]
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent64.exe
mRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun-x64: [Acer ePower Management] c:\program files\packard bell\packard bell power management\ePowerTray.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-5 55024]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2009-2-3 77432]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0401000.020\symds64.sys [2010-4-6 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0401000.020\symefa64.sys [2010-4-6 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx64.sys [2010-4-29 678448]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0401000.020\cchpx64.sys [2010-4-6 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100513.002\IDSviA64.sys [2010-5-18 466992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0401000.020\ironx64.sys [2010-4-6 149552]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0401000.020\symtdiv.sys [2010-4-6 451120]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 ePowerSvc;Acer ePower Service;c:\program files\packard bell\packard bell power management\ePowerSvc.exe [2009-11-5 844320]
R2 Greg_Service;GRegService;c:\program files (x86)\packard bell\registration\GregHSRW.exe [2009-6-4 1150496]
R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\4.1.0.32\ccsvchst.exe [2010-4-6 126392]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\packard bell mybackup\IScheduleSvc.exe [2009-8-21 62720]
R2 Updater Service;Updater Service;c:\program files\packard bell\packard bell updater\UpdaterService.exe [2009-8-16 240160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-1 132656]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-6-20 317480]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2009-11-5 6952960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-8-21 84512]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-16 216064]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 8:51:39.12 ===============
any help will b much apreciated. thank u in advance

ganjiry
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2010-05-10
Gender Gender : Male
OS OS : windows7
Protection Protection : net inteligence/ stopzilla/sptware terminater
Points Points : 24829
# Likes # Likes : 0

View user profile

Back to top Go down

Re: probable malware

Post by Kenny94 on Tue May 18, 2010 2:59 pm

Hi ganjiry And Welcome to GP!

Note: You should remove µTorrent. P2P (peer-to-peer) using P2P software is very risky, because it makes you very susceptible to infection, attack, exposure of personal or company information. But this is up to you to remove µTorrent.

Also, I see a few others programs that you should remove. We'll talked about this in a bit.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: probable malware

Post by ganjiry on Tue May 18, 2010 5:56 pm

thanks 4 the fast reply. RE utorrent. it is very rare that i use it im extremely carefull wot i download. i know this will not stop threats but i try. 1 log as requested.. ' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4112

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/05/2010 18:50:45
mbam-log-2010-05-18 (18-50-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 266521
Time elapsed: 58 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ganjiry
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2010-05-10
Gender Gender : Male
OS OS : windows7
Protection Protection : net inteligence/ stopzilla/sptware terminater
Points Points : 24829
# Likes # Likes : 0

View user profile

Back to top Go down

Re: probable malware

Post by Kenny94 on Tue May 18, 2010 9:28 pm

I see your Java is updated that is great. Lets run a Kaspersky scan.


Establish an internet connection & perform an online scan with Internet Explorer at [You must be registered and logged in to see this link.]

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: probable malware

Post by ganjiry on Wed May 19, 2010 1:14 pm

hi all at geek police. i have done the kerspersky scan. (my comp and critical areas) both didnt give a report. just said no infections found. oh and i dont know if u already know but kerspersky doesnt work on safari browser..........................................Wednesday, May 19, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, May 19, 2010 06:08:25
Records in database: 4131285
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Objects scanned 135773
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 03:33:56

No threats found. Scanned area is clean.
Selected area has been scanned.

ganjiry
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2010-05-10
Gender Gender : Male
OS OS : windows7
Protection Protection : net inteligence/ stopzilla/sptware terminater
Points Points : 24829
# Likes # Likes : 0

View user profile

Back to top Go down

Re: probable malware

Post by Kenny94 on Fri May 28, 2010 4:17 pm

Hi sorry for the delay. How are things now?

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: probable malware

Post by ganjiry on Fri May 28, 2010 6:55 pm

hi thanks 4 gettin bk 2 me. id 4got about it. yeah all is good now thanks. i do hav a question 4 u tho. i recently put comodo firewall and AV on my 9yr old daughters laptop but its a bit complicated 4 her and my mrs 2 use cos of the alerts. could u plz recomend another free firewall that is a bit more simple 4 them? microsoft security essentials is on it so just a firewall option if poss plz....many thanks again

ganjiry
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2010-05-10
Gender Gender : Male
OS OS : windows7
Protection Protection : net inteligence/ stopzilla/sptware terminater
Points Points : 24829
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum