Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Not quite sure what's going on...


Recommended Posts

Things have been weird for a while now. Over the past month, my computer has been rebooting itself intermittently. Today, Comodo AV had 4 detections, Malwarebytes had one. My firewall is showing over hundred connections to the internet. I never have that many. And svchost.exe is showing to be connected to the internet, which isn't something that happens either. Anyway, I'm hoping that I'm not infected. But I have a nagging suspicion something's not quite right.

I believe I have all the information necessary. I followed the directions from the "What Do I Do Now" page.

Malwarebytes' Anti-Malware 1.43

Database version: 3477

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/3/2010 8:45:53 AM

mbam-log-2010-01-03 (08-45-53).txt

Scan type: Quick Scan

Objects scanned: 124634

Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Kelley\My Documents\downloads\Video_Player_update.198.exe (Rogue.Installer) -> Quarantined and deleted successfully.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Kelley at 16:43:04.20 on Sun 01/03/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2610 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

svchost.exe

C:\Program Files\Comodo\COMODO Internet Security\cfp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\a-squared Free\a2service.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Kelley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uWinlogon: Shell=c:\documents and settings\kelley\application data\ccenter\ccmain.exe

BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ccagent.exe] c:\documents and settings\kelley\application data\ccenter\ccagent.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [readericon] c:\program files\digital media reader\readericon45G.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kelley\applic~1\mozilla\firefox\profiles\xo565ef9.default\

FF - component: c:\documents and settings\kelley\application data\mozilla\firefox\profiles\xo565ef9.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\documents and settings\kelley\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\kelley\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-28 40560]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-16 133064]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-16 25160]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\kelley\my documents\my received files\winxpvirtualcdcontrolpanel\VCdRom.sys [2001-12-19 8576]

R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-10-2 1858144]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-10-16 723632]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-1 235344]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-4-8 113896]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-1 19160]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

S2 RsScanSrv;Rising Scan Service;c:\program files\rising\rav\ScanFrm.exe [2009-10-13 51824]

=============== Created Last 30 ================

2010-01-02 20:22:18 0 d-----w- c:\docume~1\kelley\applic~1\CCenter

2010-01-01 23:32:46 0 ----a-w- c:\documents and settings\kelley\defogger_reenable

2010-01-01 17:41:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-01 17:41:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-01 17:41:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-24 18:44:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus

2009-12-24 18:44:11 0 d-----w- c:\docume~1\kelley\applic~1\Azureus

2009-12-24 18:43:09 0 d-----w- c:\program files\Vuze

2009-12-19 05:50:23 4994 ----a-w- c:\documents and settings\kelley\.recently-used.xbel

2009-12-16 23:18:16 0 d-----w- c:\program files\Corel

2009-12-16 23:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel

2009-12-11 20:40:24 178176 ----a-w- c:\windows\system32\unrar.dll

2009-12-11 20:40:22 38 ----a-w- c:\windows\avisplitter.ini

2009-12-11 20:40:19 414 ----a-w- c:\windows\system32\lame_acm.xml

2009-12-11 20:40:13 839680 ----a-w- c:\windows\system32\lameACM.acm

2009-12-11 20:40:11 118784 ----a-w- c:\windows\system32\ac3acm.acm

2009-12-11 20:40:10 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2009-12-11 20:40:09 881664 ----a-w- c:\windows\system32\xvidcore.dll

2009-12-11 20:40:08 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2009-12-11 20:40:04 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest

2009-12-11 20:40:03 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-12-11 20:39:59 0 d-----w- c:\program files\K-Lite Codec Pack

2009-12-11 20:18:03 0 d-----w- c:\program files\Windows Media Connect 2

2009-12-10 06:58:28 0 d-----w- C:\archive_db

2009-12-10 06:54:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Paragon

==================== Find3M ====================

2009-12-25 04:41:20 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2009-12-24 18:04:42 696832 ----a-w- c:\windows\isRS-000.tmp

2009-12-06 15:00:24 171552 ----a-w- c:\windows\system32\guard32.dll

2009-12-06 15:00:23 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2009-11-27 19:16:26 330092 ------w- c:\windows\fonts\BODYH___.ttf

2009-11-27 19:16:26 304411 ------w- c:\windows\fonts\BILLY-ARGEL-BODY-HUNTER-FONT-.jpg

2009-11-23 15:06:41 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-08 01:10:42 33280 ----a-w- c:\windows\system32\rundll32.exe

2009-10-07 05:32:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-10-07 05:32:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2008-09-08 19:39:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat

2008-09-08 19:39:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 16:44:50.29 ===============

attach.zip

Link to post
Share on other sites

It's been 48 hours. Does this mean I'm not infected with anything?

Things have been weird for a while now. Over the past month, my computer has been rebooting itself intermittently. Today, Comodo AV had 4 detections, Malwarebytes had one. My firewall is showing over hundred connections to the internet. I never have that many. And svchost.exe is showing to be connected to the internet, which isn't something that happens either. Anyway, I'm hoping that I'm not infected. But I have a nagging suspicion something's not quite right.

I believe I have all the information necessary. I followed the directions from the "What Do I Do Now" page.

Malwarebytes' Anti-Malware 1.43

Database version: 3477

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/3/2010 8:45:53 AM

mbam-log-2010-01-03 (08-45-53).txt

Scan type: Quick Scan

Objects scanned: 124634

Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Kelley\My Documents\downloads\Video_Player_update.198.exe (Rogue.Installer) -> Quarantined and deleted successfully.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Kelley at 16:43:04.20 on Sun 01/03/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2610 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

svchost.exe

C:\Program Files\Comodo\COMODO Internet Security\cfp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\a-squared Free\a2service.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Kelley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uWinlogon: Shell=c:\documents and settings\kelley\application data\ccenter\ccmain.exe

BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ccagent.exe] c:\documents and settings\kelley\application data\ccenter\ccagent.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [readericon] c:\program files\digital media reader\readericon45G.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kelley\applic~1\mozilla\firefox\profiles\xo565ef9.default\

FF - component: c:\documents and settings\kelley\application data\mozilla\firefox\profiles\xo565ef9.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\documents and settings\kelley\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\kelley\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-28 40560]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-16 133064]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-16 25160]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\kelley\my documents\my received files\winxpvirtualcdcontrolpanel\VCdRom.sys [2001-12-19 8576]

R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-10-2 1858144]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-10-16 723632]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-1 235344]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-4-8 113896]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-1 19160]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

S2 RsScanSrv;Rising Scan Service;c:\program files\rising\rav\ScanFrm.exe [2009-10-13 51824]

=============== Created Last 30 ================

2010-01-02 20:22:18 0 d-----w- c:\docume~1\kelley\applic~1\CCenter

2010-01-01 23:32:46 0 ----a-w- c:\documents and settings\kelley\defogger_reenable

2010-01-01 17:41:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-01 17:41:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-01 17:41:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-24 18:44:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus

2009-12-24 18:44:11 0 d-----w- c:\docume~1\kelley\applic~1\Azureus

2009-12-24 18:43:09 0 d-----w- c:\program files\Vuze

2009-12-19 05:50:23 4994 ----a-w- c:\documents and settings\kelley\.recently-used.xbel

2009-12-16 23:18:16 0 d-----w- c:\program files\Corel

2009-12-16 23:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel

2009-12-11 20:40:24 178176 ----a-w- c:\windows\system32\unrar.dll

2009-12-11 20:40:22 38 ----a-w- c:\windows\avisplitter.ini

2009-12-11 20:40:19 414 ----a-w- c:\windows\system32\lame_acm.xml

2009-12-11 20:40:13 839680 ----a-w- c:\windows\system32\lameACM.acm

2009-12-11 20:40:11 118784 ----a-w- c:\windows\system32\ac3acm.acm

2009-12-11 20:40:10 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2009-12-11 20:40:09 881664 ----a-w- c:\windows\system32\xvidcore.dll

2009-12-11 20:40:08 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2009-12-11 20:40:04 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest

2009-12-11 20:40:03 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-12-11 20:39:59 0 d-----w- c:\program files\K-Lite Codec Pack

2009-12-11 20:18:03 0 d-----w- c:\program files\Windows Media Connect 2

2009-12-10 06:58:28 0 d-----w- C:\archive_db

2009-12-10 06:54:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Paragon

==================== Find3M ====================

2009-12-25 04:41:20 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2009-12-24 18:04:42 696832 ----a-w- c:\windows\isRS-000.tmp

2009-12-06 15:00:24 171552 ----a-w- c:\windows\system32\guard32.dll

2009-12-06 15:00:23 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2009-11-27 19:16:26 330092 ------w- c:\windows\fonts\BODYH___.ttf

2009-11-27 19:16:26 304411 ------w- c:\windows\fonts\BILLY-ARGEL-BODY-HUNTER-FONT-.jpg

2009-11-23 15:06:41 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-08 01:10:42 33280 ----a-w- c:\windows\system32\rundll32.exe

2009-10-07 05:32:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-10-07 05:32:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2008-09-08 19:39:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat

2008-09-08 19:39:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 16:44:50.29 ===============

Link to post
Share on other sites

  • 2 weeks later...

Wow, Im not sure why I never got a response. But this is what my malwarebytes showed up with this morning. I just checked, Ccenter shows in my reports that I posted on January 3rd, two weeks ago. It's really great that I wasn't even given a reason why I wasn't attended to. I even sent something to a moderator (Hardhead) to bring it to attention. I had to pick a moderator, there didn't seem to be any online when I did come into the forum around the 5th to follow up. I hope this fixes things for my computer. I don't know what to think about being skipped over. I had 141 views. I'm really disappointed. But at least the software seems to work.

(It says, "no action taken" only because I hadn't removed it yet from the scan.)

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/16/2010 7:56:31 AM

mbam-log-2010-01-16 (07-56-16).txt

Scan type: Quick Scan

Objects scanned: 126645

Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\control center (Rogue.ControlCenter) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Kelley\Application Data\CCenter (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images (Rogue.ControlCenter) -> No action taken.

Files Infected:

C:\Documents and Settings\Kelley\Application Data\CCenter\settings.ini (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\uninstall.exe (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\guide.html (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\05.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\06.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\07.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\08.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\09.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Application Data\CCenter\faq\images\10.png (Rogue.ControlCenter) -> No action taken.

C:\Documents and Settings\Kelley\Desktop\Control Center.lnk (Rogue.ControlCenter) -> No action taken.

(It says, "no action taken" only because I hadn't removed it yet from the scan before copying the logfile.)

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.