I think my pc is infected

[medeadly]

I dont know what to do because everything is working and I tried to system restore but when I open folders up i get a windows restart each time then my taskbar restarts. I think I got something but Im not sure and my system restore is disabled and I cant turn it back on. Can you guys help me?:sad:

[So_sad]

Welcome to the forums, medeadly :-)

 

Are you really *deadly* ? Should I be careful ? :-D

 

Ok, let's see if we can make some sense out of this : did you install something fishy lately ? Download any risky files ? Clicked on any suspicious looking links ?

 

Let's do a scan first : please follow instructions from the following link, for Step #3, then post both DDS log files in your reply here. Use one message per log :

http://forums.iobit.com/showthread.php?t=6216

 

See you later ;)

 

===

[medeadly]

Oh ok I will do this now Because I think I seen it on my malware but some how it restarted and I was busy doing other stuff so I will focus on just scanning first. :-P

[medeadly]

DDS (Ver_10-12-12.02) - NTFSx86

Run by Dk at 13:18:54.19 on Tue 12/21/2010

Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_21

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3036.1506 [GMT -5:00]

 

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\LEXBCES.EXE

C:\Windows\System32\LEXPPS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\java.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdmserv.exe

C:\Windows\system32\lxdmcoms.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Windows\system32\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Dk\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Windows\system32\msfeedssync.exe

C:\Users\Dk\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = 68.180.184.231:80

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: @c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

uPolicies-explorer: NoFolderOptions = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab

DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\dk\appdata\roaming\mozilla\firefox\profiles\6i1kaow3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll

FF - plugin: c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\sony online entertainment\npsoe.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\dk\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\dk\appdata\roaming\mozilla\firefox\profiles\6i1kaow3.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\windows\system32\npmirage.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: XULRunner: {3D9981AC-7D95-4F23-A07A-92BC6C6D2AA2} - c:\users\dk\appdata\local\{3D9981AC-7D95-4F23-A07A-92BC6C6D2AA2}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

 

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

 

============= SERVICES / DRIVERS ===============

 

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2010-12-14 15672]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-11-6 312152]

R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-21 363344]

R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-10 24652]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-5 112128]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S2 StudioPro;StudioPro webcam;c:\windows\system32\drivers\StudioPro.sys [2009-5-20 124416]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-1-19 84832]

S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-6-24 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-6-7 1424232]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-3-12 30576]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 wlcrasvc;Windows Live Devices remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-6-4 49504]

 

=============== Created Last 30 ================

 

2010-12-21 15:59:42 624128 ----a-w- c:\users\dk\dds.scr

2010-12-21 15:55:11 446464 ----a-w- c:\users\dk\TFC.exe

2010-12-21 15:51:49 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{c3245d46-e6fd-432a-8aa1-f60ec16995a2}\mpengine.dll

2010-12-21 15:38:58 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%

2010-12-21 15:03:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 15:03:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-21 15:03:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-21 13:32:13 2066944 ----a-w- c:\users\dk\RappelzUSDownloader20100915.exe

2010-12-21 12:57:59 -------- d-----w- c:\users\dk\appdata\local\SCE

2010-12-21 03:52:34 4750912 ----a-w- c:\users\dk\EQ2X_setup.exe

2010-12-21 02:16:18 7622112 ----a-w- c:\users\dk\mbam-setup-1.50.0.0.exe

2010-12-20 21:09:39 -------- d-----w- C:\gPotato.com

2010-12-20 14:13:02 2028400 ----a-w- c:\users\dk\AllodsOnline_20101216_Downloader.exe

2010-12-20 03:10:39 1261096 ----a-w- c:\users\dk\CrimeCraft_Downloader.exe

2010-12-16 02:11:02 66048 ----a-w- c:\program files\windows mail\wabmig.exe

2010-12-16 02:11:02 515584 ----a-w- c:\program files\windows mail\wab.exe

2010-12-16 02:11:02 33280 ----a-w- c:\program files\windows mail\wabfind.dll

2010-12-16 02:10:59 2038272 ----a-w- c:\windows\system32\win32k.sys

2010-12-16 02:10:57 601600 ----a-w- c:\windows\system32\schedsvc.dll

2010-12-16 02:10:56 352768 ----a-w- c:\windows\system32\taskschd.dll

2010-12-16 02:10:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-12-16 02:10:56 270336 ----a-w- c:\windows\system32\taskcomp.dll

2010-12-16 02:10:56 171520 ----a-w- c:\windows\system32\taskeng.exe

2010-12-16 02:10:54 81920 ----a-w- c:\windows\system32\consent.exe

2010-12-16 02:10:52 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-12-16 02:10:52 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-12-16 02:10:52 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-16 02:10:43 2048 ----a-w- c:\windows\system32\tzres.dll

2010-12-16 02:10:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2010-12-15 06:58:38 2963664 ----a-w- c:\users\dk\ccsetup301.exe

2010-12-15 01:46:07 27472 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2010-12-15 01:46:07 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2010-12-15 01:45:35 2242680 ----a-w- c:\users\dk\defrag-setup-beta.exe

2010-12-12 01:40:05 10385392 ----a-w- c:\users\dk\asc4-setup-beta1.exe

2010-12-12 01:33:00 4327336 ----a-w- c:\users\dk\gamebooster.exe

2010-12-10 02:12:36 418616 ----a-w- c:\users\dk\msgr10us.exe

2010-12-04 06:46:54 -------- d-----w- c:\program files\Xilisoft

2010-12-04 06:46:54 -------- d-----w- c:\progra~2\Xilisoft

2010-12-04 06:29:32 -------- d-----w- c:\users\dk\appdata\local\HandBrake

2010-12-04 06:29:22 -------- d-----w- c:\users\dk\appdata\roaming\HandBrake

2010-12-04 06:29:18 -------- d-----w- c:\program files\Handbrake

2010-12-04 06:24:54 4886870 ----a-w- c:\users\dk\HandBrake-0.9.4-Win_GUI.exe

2010-12-02 05:52:18 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2010-12-02 05:52:16 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys

2010-12-02 03:49:51 -------- d-----w- c:\program files\TweetDeck

2010-11-29 07:04:56 -------- d-----w- c:\users\dk\Office Genuine Advantage

2010-11-27 22:11:02 -------- d-----w- c:\users\dk\DivX_8_PLUS__DivX-Player__HD_Encoder__Decoder__Codecs_

2010-11-24 07:03:16 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2010-11-24 07:03:11 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2010-11-24 07:03:11 21312 ----a-w- c:\windows\system32\authuitu.dll

2010-11-24 07:02:25 -------- d-----w- c:\program files\TuneUp Utilities 2011

2010-11-24 07:01:41 -------- d-sh--w- c:\progra~2\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2010-11-24 06:22:03 -------- d-----w- c:\users\dk\appdata\roaming\Uniblue

2010-11-24 03:54:49 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-24 03:54:49 1448448 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-22 21:23:17 0 ----a-w- c:\users\dk\dvd-to-avi-mpg-wmv.exe

 

==================== Find3M ====================

 

2010-11-25 00:43:20 5344555 ----a-w- c:\users\dk\SetupImgBurn_2.5.2.0.exe

2010-11-19 17:09:23 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-19 17:09:23 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-11-19 03:38:44 2251368 ----a-w- c:\users\dk\BearShareV9.exe

2010-11-19 03:34:45 9039288 ----a-w- c:\users\dk\Vuze_Installer.exe

2010-11-18 15:09:20 319456 ----a-w- c:\windows\DIFxAPI.dll

2010-11-13 04:09:21 4317344 ----a-w- c:\users\dk\easy_duplicate_setup.exe

2010-11-09 00:13:02 689560 ----a-w- c:\users\dk\iobituninstaller.exe

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-10 21:12:50 2658362 ----a-w- c:\users\dk\TwitteristFree.exe

2010-10-05 03:02:56 53248 ----a-w- c:\windows\system32\CSVer.dll

 

============= FINISH: 13:19:37.39 ===============

[medeadly]

IObit Security 360

 

OS:Windows Vista

Version:1.5.0.13

Define Version:2040

Time Elapsed:00:52:35

Objects Scanned:89379

Threats Found:6

 

|Name|Type|Description|ID|

Misleading.SecurityTool, File, C:\Program Files\Xilisoft\Video Converter Ultimate 6\real-supports\pncrt.dll, 8-519

Misleading.SecurityTool, File, C:\Program Files\Sony\Vegas Movie Studio HD Platinum 10.0\FileIO Plug-Ins\rm9plug\pncrt.dll, 8-519

Misleading.SecurityTool, File, C:\Program Files\Sony\Vegas Pro 8.0\FileIO Plug-Ins\rm9plug\pncrt.dll, 8-519

Trojan.Keygen, File, C:\Users\Dk\Pictures\Advanced_SystemCare_Pro_v3.3.4\Advanced SystemCare Pro v3.3.4\Patch & Keygen.exe, 9-20055

Trojan.Keygen, File, C:\Windows.old\Documents and Settings\Dk\Pictures\Advanced_SystemCare_Pro_v3.3.4\Advanced SystemCare Pro v3.3.4\Patch & Keygen.exe, 9-20055

Trojan.Keygen, File, C:\Windows.old\Users\Dk\Documents\My Pictures\Advanced_SystemCare_Pro_v3.3.4\Advanced SystemCare Pro v3.3.4\Patch & Keygen.exe, 9-20055

[medeadly]

I removed the six trojans on the 360 and took them out the quarantine. Do I have to show you guys the attach.txt ? im still lost :sad:

[medeadly]

Also i think my little cousin was on my pc downloading stuff because I had a paid iobit with my xxxxxxxxxxxxxx@hotmail.com for iobit product :x but i think it expired like a week ago

 

EDIT:For security reasons, it is not a good idea to post your e-mail address in the forum.

[medeadly]

I uninstalled microsoft essential and trying avg because I couldnt scan or do anything with it. I am on safemode just scanning both just to see before you guys can help me:cry:

[enoskype]

Well, well, well, our member was using illegitimate license code for Advanced SystemCare3!

Good for you to come to IObit Forum for your PC infection medeadly!!!

 

Using that kind of crack patches and keygens for programs, you will never be clean from malware, as the sources are always after you, the user of those patches..

 

 

I leave medeadly to you So_sad! :|

Cheers.

[medeadly]

Well, well, well, our member was using illegitimate license code for Advanced SystemCare3!

Good for you to come to IObit Forum for your PC infection medeadly!!!

 

Using that kind of crack patches and keygens for programs, you will never be clean from malware, as the sources are always after you, the user of those patches..

 

 

I leave medeadly to you So_sad! :|

Cheers.

 

Its old and I had a license but It expired so i didnt need it I think my cousin did it when he used my pc. thats why I put my email if they wanted to verify it just stopped likea week ago but i did pay for my product so i wouldnt need it. can you help me?

[medeadly]

I could show my paypal when I got it so people wont think I would do that but I do have a cousin that uses my pc too and maybe he wanted it for his because I told him long time ago he couldnt get it :cry: . I could of acted like that wasnt on my pc and ignored it showing just my ddos.txt but im not a lier thats why I put my email if anyone from iobit want to verify.

[enoskype]

Hi medeadly,

 

No problem, please wait for So_sad.

 

Thank you and cheers.

[So_sad]

Hmmmmm.

 

@medeadly : did your cousin also install those peer-to-peer programs ? And how about that "TwitteristFree" program, used to spam on Twitter by creating multiple accounts ? I also see some other high risk apps on that machine and, well, there's no way you can hope to have a clean computer using those regularly.

 

About the cracked ASC Pro : we can't prove who it was, but then again it shows that the computer is used (or should I say abused) by *someone* and it will be in a long term state of mess if surfing behaviors don't improve drastically.

 

Now : are there any signs or symptoms of infections ?

 

===