Not quite sure what's going on...

burnttoads · January 4, 2010

Things have been weird for a while now. Over the past month, my computer has been rebooting itself intermittently. Today, Comodo AV had 4 detections, Malwarebytes had one. My firewall is showing over hundred connections to the internet. I never have that many. And svchost.exe is showing to be connected to the internet, which isn't something that happens either. Anyway, I'm hoping that I'm not infected. But I have a nagging suspicion something's not quite right.

I believe I have all the information necessary. I followed the directions from the "What Do I Do Now" page.

Malwarebytes' Anti-Malware 1.43

Database version: 3477

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/3/2010 8:45:53 AM

mbam-log-2010-01-03 (08-45-53).txt

Scan type: Quick Scan

Objects scanned: 124634

Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Kelley\My Documents\downloads\Video_Player_update.198.exe (Rogue.Installer) -> Quarantined and deleted successfully.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Kelley at 16:43:04.20 on Sun 01/03/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2610 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

svchost.exe

C:\Program Files\Comodo\COMODO Internet Security\cfp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\a-squared Free\a2service.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Kelley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uWinlogon: Shell=c:\documents and settings\kelley\application data\ccenter\ccmain.exe

BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ccagent.exe] c:\documents and settings\kelley\application data\ccenter\ccagent.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [readericon] c:\program files\digital media reader\readericon45G.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kelley\applic~1\mozilla\firefox\profiles\xo565ef9.default\

FF - component: c:\documents and settings\kelley\application data\mozilla\firefox\profiles\xo565ef9.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\documents and settings\kelley\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\kelley\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-28 40560]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-16 133064]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-16 25160]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\kelley\my documents\my received files\winxpvirtualcdcontrolpanel\VCdRom.sys [2001-12-19 8576]

R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-10-2 1858144]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-10-16 723632]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-1 235344]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-4-8 113896]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-1 19160]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

S2 RsScanSrv;Rising Scan Service;c:\program files\rising\rav\ScanFrm.exe [2009-10-13 51824]

=============== Created Last 30 ================

2010-01-02 20:22:18 0 d-----w- c:\docume~1\kelley\applic~1\CCenter

2010-01-01 23:32:46 0 ----a-w- c:\documents and settings\kelley\defogger_reenable

2010-01-01 17:41:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-01 17:41:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-01 17:41:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-24 18:44:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus

2009-12-24 18:44:11 0 d-----w- c:\docume~1\kelley\applic~1\Azureus

2009-12-24 18:43:09 0 d-----w- c:\program files\Vuze

2009-12-19 05:50:23 4994 ----a-w- c:\documents and settings\kelley\.recently-used.xbel

2009-12-16 23:18:16 0 d-----w- c:\program files\Corel

2009-12-16 23:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel

2009-12-11 20:40:24 178176 ----a-w- c:\windows\system32\unrar.dll

2009-12-11 20:40:22 38 ----a-w- c:\windows\avisplitter.ini

2009-12-11 20:40:19 414 ----a-w- c:\windows\system32\lame_acm.xml

2009-12-11 20:40:13 839680 ----a-w- c:\windows\system32\lameACM.acm

2009-12-11 20:40:11 118784 ----a-w- c:\windows\system32\ac3acm.acm

2009-12-11 20:40:10 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2009-12-11 20:40:09 881664 ----a-w- c:\windows\system32\xvidcore.dll

2009-12-11 20:40:08 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2009-12-11 20:40:04 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest

2009-12-11 20:40:03 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-12-11 20:39:59 0 d-----w- c:\program files\K-Lite Codec Pack

2009-12-11 20:18:03 0 d-----w- c:\program files\Windows Media Connect 2

2009-12-10 06:58:28 0 d-----w- C:\archive_db

2009-12-10 06:54:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Paragon

==================== Find3M ====================

2009-12-25 04:41:20 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2009-12-24 18:04:42 696832 ----a-w- c:\windows\isRS-000.tmp

2009-12-06 15:00:24 171552 ----a-w- c:\windows\system32\guard32.dll

2009-12-06 15:00:23 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2009-11-27 19:16:26 330092 ------w- c:\windows\fonts\BODYH___.ttf

2009-11-27 19:16:26 304411 ------w- c:\windows\fonts\BILLY-ARGEL-BODY-HUNTER-FONT-.jpg

2009-11-23 15:06:41 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-08 01:10:42 33280 ----a-w- c:\windows\system32\rundll32.exe

2009-10-07 05:32:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-10-07 05:32:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2008-09-08 19:39:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat

2008-09-08 19:39:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 16:44:50.29 ===============

attach.zip

burnttoads · January 5, 2010

It's been 48 hours. Does this mean I'm not infected with anything?

Things have been weird for a while now. Over the past month, my computer has been rebooting itself intermittently. Today, Comodo AV had 4 detections, Malwarebytes had one. My firewall is showing over hundred connections to the internet. I never have that many. And svchost.exe is showing to be connected to the internet, which isn't something that happens either. Anyway, I'm hoping that I'm not infected. But I have a nagging suspicion something's not quite right.
I believe I have all the information necessary. I followed the directions from the "What Do I Do Now" page.
Malwarebytes' Anti-Malware 1.43
Database version: 3477
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/3/2010 8:45:53 AM
mbam-log-2010-01-03 (08-45-53).txt
Scan type: Quick Scan
Objects scanned: 124634
Time elapsed: 7 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Kelley\My Documents\downloads\Video_Player_update.198.exe (Rogue.Installer) -> Quarantined and deleted successfully.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Kelley at 16:43:04.20 on Sun 01/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2610 [GMT -5:00]
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Kelley\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uWinlogon: Shell=c:\documents and settings\kelley\application data\ccenter\ccmain.exe
BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ccagent.exe] c:\documents and settings\kelley\application data\ccenter\ccagent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [soundMan] SOUNDMAN.EXE
mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kelley\applic~1\mozilla\firefox\profiles\xo565ef9.default\
FF - component: c:\documents and settings\kelley\application data\mozilla\firefox\profiles\xo565ef9.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\documents and settings\kelley\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\kelley\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-28 40560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-16 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-16 25160]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\kelley\my documents\my received files\winxpvirtualcdcontrolpanel\VCdRom.sys [2001-12-19 8576]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-10-2 1858144]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-10-16 723632]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-1 235344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-4-8 113896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-1 19160]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 RsScanSrv;Rising Scan Service;c:\program files\rising\rav\ScanFrm.exe [2009-10-13 51824]
=============== Created Last 30 ================
2010-01-02 20:22:18 0 d-----w- c:\docume~1\kelley\applic~1\CCenter
2010-01-01 23:32:46 0 ----a-w- c:\documents and settings\kelley\defogger_reenable
2010-01-01 17:41:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 17:41:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 17:41:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-24 18:44:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus
2009-12-24 18:44:11 0 d-----w- c:\docume~1\kelley\applic~1\Azureus
2009-12-24 18:43:09 0 d-----w- c:\program files\Vuze
2009-12-19 05:50:23 4994 ----a-w- c:\documents and settings\kelley\.recently-used.xbel
2009-12-16 23:18:16 0 d-----w- c:\program files\Corel
2009-12-16 23:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel
2009-12-11 20:40:24 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-11 20:40:22 38 ----a-w- c:\windows\avisplitter.ini
2009-12-11 20:40:19 414 ----a-w- c:\windows\system32\lame_acm.xml
2009-12-11 20:40:13 839680 ----a-w- c:\windows\system32\lameACM.acm
2009-12-11 20:40:11 118784 ----a-w- c:\windows\system32\ac3acm.acm
2009-12-11 20:40:10 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-11 20:40:09 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-11 20:40:08 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-11 20:40:04 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-12-11 20:40:03 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-11 20:39:59 0 d-----w- c:\program files\K-Lite Codec Pack
2009-12-11 20:18:03 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-10 06:58:28 0 d-----w- C:\archive_db
2009-12-10 06:54:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Paragon
==================== Find3M ====================
2009-12-25 04:41:20 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-12-24 18:04:42 696832 ----a-w- c:\windows\isRS-000.tmp
2009-12-06 15:00:24 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-06 15:00:23 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-27 19:16:26 330092 ------w- c:\windows\fonts\BODYH___.ttf
2009-11-27 19:16:26 304411 ------w- c:\windows\fonts\BILLY-ARGEL-BODY-HUNTER-FONT-.jpg
2009-11-23 15:06:41 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 01:10:42 33280 ----a-w- c:\windows\system32\rundll32.exe
2009-10-07 05:32:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-07 05:32:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2008-09-08 19:39:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat
2008-09-08 19:39:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat
============= FINISH: 16:44:50.29 ===============

burnttoads · January 16, 2010

Wow, Im not sure why I never got a response. But this is what my malwarebytes showed up with this morning. I just checked, Ccenter shows in my reports that I posted on January 3rd, two weeks ago. It's really great that I wasn't even given a reason why I wasn't attended to. I even sent something to a moderator (Hardhead) to bring it to attention. I had to pick a moderator, there didn't seem to be any online when I did come into the forum around the 5th to follow up. I hope this fixes things for my computer. I don't know what to think about being skipped over. I had 141 views. I'm really disappointed. But at least the software seems to work.

(It says, "no action taken" only because I hadn't removed it yet from the scan.)

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/16/2010 7:56:31 AM

mbam-log-2010-01-16 (07-56-16).txt

Scan type: Quick Scan

Objects scanned: 126645

Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\control center (Rogue.ControlCenter) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Kelley\Application Data\CCenter (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images (Rogue.ControlCenter) -> No action taken.

Files Infected:

C:\Documents and Settings\Kelley\Application Data\CCenter\settings.ini (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\uninstall.exe (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\guide.html (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\05.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\06.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\07.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\08.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\09.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\10.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Desktop\Control Center.lnk (Rogue.ControlCenter) -> No action taken.

(It says, "no action taken" only because I hadn't removed it yet from the scan before copying the logfile.)

Sign In

Not quite sure what's going on...

Recommended Posts

burnttoads

Link to post

Share on other sites

burnttoads

Link to post

Share on other sites

burnttoads

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information