Yesterday AVG showed that my NBA 2K11.exe file has Win32/Heur so I deleted it quickly (I don't know if it was a good decision). So I thought the virus was gone, but when I downloaded the same application again, AVG showed me the same thing. So I deleted it too. Then I scanned with AVG the whole computer and it showed only this:
-----------------------------------------------
Scan "Whole computer scan" completed.
Information;"1"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"Wednesday, March 09, 2011, 2:08:38 PM"
Scan finished:;"Wednesday, March 09, 2011, 2:29:08 PM (20 minute(s) 29 second(s))"
Total object scanned:;"791524"
User who launched the scan:;"Justinas"
Information
;"File";"Information";"Result"
;"C:\Windows\System32\pbsvc.exe";"The file is signed with a broken digital signature, issued by: Even Balance.";""
------------------------------------------------------
Today I took all 8 steps Windows and here are the logs, before I updated Windows:
------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5997
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/9/2011 2:43:21 PM
mbam-log-2011-03-09 (14-43-21).txt
Scan type: Quick scan
Objects scanned: 165552
Time elapsed: 3 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-09 14:57:54
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST380817AS rev.3.42
Running: vb515xdt.exe; Driver: C:\Users\Justinas\AppData\Local\Temp\kwrdapoc.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854E41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 854E41F8
Device \Driver\atapi \Device\Ide\IdePort0 854E41F8
Device \Driver\atapi \Device\Ide\IdePort1 854E41F8
Device \Driver\atapi \Device\Ide\IdePort2 854E41F8
Device \Driver\atapi \Device\Ide\IdePort3 854E41F8
Device \Driver\atapi \Device\Ide\IdePort4 854E41F8
Device \Driver\atapi \Device\Ide\IdePort5 854E41F8
Device \FileSystem\Ntfs \Ntfs 854DB1F8
AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
--------------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Justinas at 15:08:29.00 on Wed 03/09/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2505 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Justinas\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.lt/
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [RGSC] c:\games\gta iv\rockstar games social club\RGSCLauncher.exe /silent
uRun: [BitComet] "c:\games\lost horizon\bitcomet\BitComet.exe" /tray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "c:\games\steam\Steam.exe" -silent
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-16 218688]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-13 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-1 1343400]
.
=============== Created Last 30 ================
.
2011-03-09 12:39:15 -------- d-----w- c:\users\justinas\appdata\roaming\Malwarebytes
2011-03-09 12:38:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-09 12:38:54 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-09 12:38:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 12:38:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-08 13:54:42 -------- d-----w- c:\progra~2\STOPzilla!
2011-03-08 11:53:08 -------- d-----w- c:\program files\CamStudio
2011-03-08 11:09:44 -------- d--h--w- C:\$AVG
2011-03-06 17:25:18 -------- d-----w- c:\progra~2\Codemasters
2011-03-03 15:24:25 74240 ----a-w- C:\eazip.exe
2011-03-01 16:21:49 -------- d-----w- c:\program files\iPod
2011-02-28 19:38:38 -------- d-----w- c:\windows\PCHEALTH
2011-02-28 19:37:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-27 14:27:41 -------- d-----w- c:\program files\common files\Steam
2011-02-27 14:23:25 -------- d-----w- c:\users\justinas\New folder
2011-02-27 11:49:06 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-02-27 11:49:06 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-27 11:39:09 -------- d-----w- c:\windows\system32\appmgmt
2011-02-24 17:56:43 -------- d-----w- c:\users\justinas\appdata\roaming\GetRightToGo
2011-02-23 17:56:34 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 13:36:48 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 13:36:48 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 07:58:54 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-02-17 18:36:04 -------- d-----w- c:\windows\system32\directx
2011-02-17 18:07:49 -------- d-----w- c:\users\justinas\appdata\local\CrashRpt
2011-02-16 08:47:13 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-16 08:46:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-16 08:42:28 181608 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10137.bin
2011-02-09 12:24:03 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 12:23:49 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 12:23:40 428032 ----a-w- c:\windows\system32\vbscript.dll
.
==================== Find3M ====================
.
2011-03-06 16:56:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-06 12:52:16 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-05 19:43:30 22328 ----a-w- c:\users\justinas\appdata\roaming\PnkBstrK.sys
2011-03-05 19:43:05 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-02 19:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-09 20:10:17 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-23 21:36:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:08:46.02 ===============
Any help would be very appreciated. Thanks
p.s. sorry if my English is bad and there may be traces of bitcomet and utorrent
-----------------------------------------------
Scan "Whole computer scan" completed.
Information;"1"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"Wednesday, March 09, 2011, 2:08:38 PM"
Scan finished:;"Wednesday, March 09, 2011, 2:29:08 PM (20 minute(s) 29 second(s))"
Total object scanned:;"791524"
User who launched the scan:;"Justinas"
Information
;"File";"Information";"Result"
;"C:\Windows\System32\pbsvc.exe";"The file is signed with a broken digital signature, issued by: Even Balance.";""
------------------------------------------------------
Today I took all 8 steps Windows and here are the logs, before I updated Windows:
------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5997
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/9/2011 2:43:21 PM
mbam-log-2011-03-09 (14-43-21).txt
Scan type: Quick scan
Objects scanned: 165552
Time elapsed: 3 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-09 14:57:54
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST380817AS rev.3.42
Running: vb515xdt.exe; Driver: C:\Users\Justinas\AppData\Local\Temp\kwrdapoc.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854E41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 854E41F8
Device \Driver\atapi \Device\Ide\IdePort0 854E41F8
Device \Driver\atapi \Device\Ide\IdePort1 854E41F8
Device \Driver\atapi \Device\Ide\IdePort2 854E41F8
Device \Driver\atapi \Device\Ide\IdePort3 854E41F8
Device \Driver\atapi \Device\Ide\IdePort4 854E41F8
Device \Driver\atapi \Device\Ide\IdePort5 854E41F8
Device \FileSystem\Ntfs \Ntfs 854DB1F8
AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
--------------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Justinas at 15:08:29.00 on Wed 03/09/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2505 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Justinas\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.lt/
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [RGSC] c:\games\gta iv\rockstar games social club\RGSCLauncher.exe /silent
uRun: [BitComet] "c:\games\lost horizon\bitcomet\BitComet.exe" /tray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "c:\games\steam\Steam.exe" -silent
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-16 218688]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-13 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-1 1343400]
.
=============== Created Last 30 ================
.
2011-03-09 12:39:15 -------- d-----w- c:\users\justinas\appdata\roaming\Malwarebytes
2011-03-09 12:38:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-09 12:38:54 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-09 12:38:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 12:38:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-08 13:54:42 -------- d-----w- c:\progra~2\STOPzilla!
2011-03-08 11:53:08 -------- d-----w- c:\program files\CamStudio
2011-03-08 11:09:44 -------- d--h--w- C:\$AVG
2011-03-06 17:25:18 -------- d-----w- c:\progra~2\Codemasters
2011-03-03 15:24:25 74240 ----a-w- C:\eazip.exe
2011-03-01 16:21:49 -------- d-----w- c:\program files\iPod
2011-02-28 19:38:38 -------- d-----w- c:\windows\PCHEALTH
2011-02-28 19:37:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-27 14:27:41 -------- d-----w- c:\program files\common files\Steam
2011-02-27 14:23:25 -------- d-----w- c:\users\justinas\New folder
2011-02-27 11:49:06 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-02-27 11:49:06 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-27 11:39:09 -------- d-----w- c:\windows\system32\appmgmt
2011-02-24 17:56:43 -------- d-----w- c:\users\justinas\appdata\roaming\GetRightToGo
2011-02-23 17:56:34 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 13:36:48 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 13:36:48 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 07:58:54 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-02-17 18:36:04 -------- d-----w- c:\windows\system32\directx
2011-02-17 18:07:49 -------- d-----w- c:\users\justinas\appdata\local\CrashRpt
2011-02-16 08:47:13 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-16 08:46:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-16 08:42:28 181608 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10137.bin
2011-02-09 12:24:03 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 12:23:49 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 12:23:40 428032 ----a-w- c:\windows\system32\vbscript.dll
.
==================== Find3M ====================
.
2011-03-06 16:56:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-06 12:52:16 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-05 19:43:30 22328 ----a-w- c:\users\justinas\appdata\roaming\PnkBstrK.sys
2011-03-05 19:43:05 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-02 19:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-09 20:10:17 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-23 21:36:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:08:46.02 ===============
Any help would be very appreciated. Thanks
p.s. sorry if my English is bad and there may be traces of bitcomet and utorrent