Jump to content

Recommended Posts

Got this virus tonight while trying to find a site to watch an episode of Dexter. Dumb, I suppose. Followed the instructions in the "I'm infected - What do I do now?" thread, however the "HDD Rescue" program file remains on my computer and gives me all sorts of critical error messages when not running in Safe-Networking mode.

Thanks in advance for any help. Let me know if I've left anything out.

Cheers.

Here's my MBAM log:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5303

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 6.0.2900.2180

12/12/2010 9:54:25 PM

mbam-log-2010-12-12 (21-54-25).txt

Scan type: Full scan (C:\|)

Objects scanned: 200478

Time elapsed: 21 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\48595596 (Trojan.FakeAlert) -> Value: 48595596 -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\all users\documents\migration\permenant crack\wga-fix.exe (Hacktool.WGAFix) -> Quarantined and deleted successfully.

c:\program files\Adobe\adobe photoshop cs2\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

c:\program files\BitLord\downloads\Progs\permenant crack\wga-fix.exe (Hacktool.WGAFix) -> Quarantined and deleted successfully.

c:\program files\Nero\Nero8\nero8x.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-436374069-492894223-839522115-1003\Dc51\wga-fix.exe (Hacktool.WGAFix) -> Quarantined and deleted successfully.

c:\documents and settings\Winter\local settings\Temp\48595596.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

==========================

My DDS report:

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK

Run by Winter at 22:14:55.52 on Sun 12/12/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.740 [GMT -7:00]

AV: AVG 7.5.560 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Winter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [EKBSaFMWyG.exe] c:\docume~1\winter\locals~1\temp\EKBSaFMWyG.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [C-Media Mixer] Mixer.exe /startup

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE

StartupFolder: c:\docume~1\winter\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191688480479

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\winter\applic~1\mozilla\firefox\profiles\o05gppp7.default\

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [2007-10-6 26880]

R0 alihdd;alihdd;c:\windows\system32\drivers\alihdd.sys [2007-10-6 30533]

R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2008-3-2 10760]

S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2008-3-2 821856]

S1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2008-3-2 4224]

S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2008-3-2 27776]

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-12 11608]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-12 135336]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-12 267944]

S2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2008-3-2 418816]

S2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2008-3-2 49664]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-12 61960]

S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-29 24652]

S2 WMP300NSvc;WMP300NSvc;c:\program files\linksys\wmp300n\WLService.exe [2010-7-24 53307]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-7-24 14424]

S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [2007-10-17 822400]

=============== Created Last 30 ================

2010-12-13 05:02:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-13 05:02:39 -------- d-----w- c:\program files\Avira

2010-12-13 05:02:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-12-13 04:31:20 -------- d-----w- c:\docume~1\winter\applic~1\Malwarebytes

2010-12-13 04:31:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-13 04:31:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-12-13 04:31:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-13 04:31:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-25 15:28:25 -------- d-----w- c:\program files\iPod

2010-11-25 15:28:20 -------- d-----w- c:\program files\iTunes

2010-11-25 15:28:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-11-25 15:23:56 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-11-25 15:23:29 -------- d-----w- c:\program files\Bonjour

2010-11-15 18:53:33 -------- d-----w- c:\program files\common files\DivX Shared

2010-11-14 12:36:35 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2010-11-14 12:36:33 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

==================== Find3M ====================

2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2008-08-06 21:11:34 561664 ----a-w- c:\program files\ventrilo_srv-3.0.2-Windows.exe

2007-10-07 21:10:14 11548555 ----a-w- c:\program files\WMP300N_20061117_dr.exe

============= FINISH: 22:15:27.70 ===============

Attach.zip

ark.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Please uninstall your cracked software before proceeding.

Update MBAM, run a Quick Scan, and post its log.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Please uninstall your cracked software before proceeding.

Update MBAM, run a Quick Scan, and post its log.

Yargh! If I knew what it was, I'd get rid of it for you, pronto!! I am being 100% honest when I say this piece of crap PC is a loaner that my buddy is letting me use (I've had it for like a month, tops). He hadn't used it in a while, but told me not to mess with it too much. I am absolutely open to any suggestions here as to what I need to do to get you to help me! I'm a total novice as far as computer stuff, so please, let me know what programs I need to get rid of, and I'll do it ASAP!!! I'm not interested in using illegal software, I promise!!!

Link to post
Share on other sites

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again, except post DDS.txt and attach.txt in your reply. We'll take it from there.

Great, thanks. I think I may have gotten rid of the virus/malware, but want to make totally sure. Again, I have no idea what "cracked programs' are on this machine, as it's old and not mine, however if someone would point them out, I'd be happy to delete them if it makes your job easier. Thanks again!!

=================================================================

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5306

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

12/13/2010 4:25:50 PM

mbam-log-2010-12-13 (16-25-50).txt

Scan type: Quick scan

Objects scanned: 145302

Time elapsed: 14 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

=================================================================

And the DDS.txt:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Winter at 17:48:42.24 on Mon 12/13/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.466 [GMT -7:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Linksys\WMP300N\WLService.exe

C:\Program Files\Linksys\WMP300N\WMP300N.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Winter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [C-Media Mixer] Mixer.exe /startup

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\winter\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191688480479

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\winter\applic~1\mozilla\firefox\profiles\o05gppp7.default\

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [2007-10-6 26880]

R0 alihdd;alihdd;c:\windows\system32\drivers\alihdd.sys [2007-10-6 30533]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-12 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-12 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-12 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-12 61960]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-29 24652]

R2 WMP300NSvc;WMP300NSvc;c:\program files\linksys\wmp300n\WLService.exe [2010-7-24 53307]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-4 237008]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-7-24 14424]

S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [2007-10-17 822400]

=============== Created Last 30 ================

2010-12-13 22:29:55 -------- d-----w- c:\docume~1\winter\applic~1\SUPERAntiSpyware.com

2010-12-13 22:29:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-12-13 22:29:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-13 17:05:56 -------- d-----w- c:\docume~1\winter\applic~1\McAfee

2010-12-13 17:05:31 -------- d-----w- c:\program files\McAfee

2010-12-13 16:57:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2010-12-13 16:57:08 -------- d-----w- c:\program files\McAfee Security Scan

2010-12-13 16:10:33 -------- d-----w- c:\program files\ESET

2010-12-13 05:02:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-13 05:02:39 -------- d-----w- c:\program files\Avira

2010-12-13 05:02:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-12-13 04:31:20 -------- d-----w- c:\docume~1\winter\applic~1\Malwarebytes

2010-12-13 04:31:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-13 04:31:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-12-13 04:31:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-13 04:31:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-25 15:28:25 -------- d-----w- c:\program files\iPod

2010-11-25 15:28:20 -------- d-----w- c:\program files\iTunes

2010-11-25 15:28:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-11-25 15:23:56 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-11-25 15:23:29 -------- d-----w- c:\program files\Bonjour

2010-11-15 18:53:33 -------- d-----w- c:\program files\common files\DivX Shared

2010-11-14 12:36:35 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2010-11-14 12:36:33 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

==================== Find3M ====================

2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2008-08-06 21:11:34 561664 ----a-w- c:\program files\ventrilo_srv-3.0.2-Windows.exe

2007-10-07 21:10:14 11548555 ----a-w- c:\program files\WMP300N_20061117_dr.exe

============= FINISH: 17:49:32.34 ===============

=========++++============+++++================================

And the attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/5/2007 4:09:32 PM

System Uptime: 12/13/2010 4:29:52 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7A266

Processor: AMD Athlon XP2400+ | SOCKET A | 2014/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 76 GiB total, 15.619 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 4 GiB total, 3.638 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\4&2E6719A8&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&2E6719A8&0

Service: i8042prt

==== System Restore Points ===================

RP376: 11/6/2010 9:38:53 AM - System Checkpoint

RP377: 11/7/2010 1:15:46 PM - System Checkpoint

RP378: 11/8/2010 1:17:47 PM - System Checkpoint

RP379: 11/10/2010 8:44:58 AM - System Checkpoint

RP380: 11/11/2010 8:45:14 AM - System Checkpoint

RP381: 11/12/2010 9:43:41 AM - System Checkpoint

RP382: 11/13/2010 11:26:10 AM - System Checkpoint

RP383: 11/14/2010 11:36:43 AM - System Checkpoint

RP384: 11/15/2010 3:31:12 PM - System Checkpoint

RP385: 11/18/2010 12:21:03 PM - System Checkpoint

RP386: 11/19/2010 2:39:31 PM - System Checkpoint

RP387: 11/21/2010 12:29:57 PM - System Checkpoint

RP388: 11/23/2010 7:59:25 AM - System Checkpoint

RP389: 11/25/2010 8:01:19 PM - System Checkpoint

RP390: 11/29/2010 9:38:26 AM - System Checkpoint

RP391: 11/30/2010 5:36:39 PM - System Checkpoint

RP392: 12/2/2010 10:25:30 AM - System Checkpoint

RP393: 12/3/2010 11:41:38 AM - System Checkpoint

RP394: 12/4/2010 11:25:46 PM - System Checkpoint

RP395: 12/6/2010 11:26:48 AM - System Checkpoint

RP396: 12/7/2010 3:11:34 PM - System Checkpoint

RP397: 12/9/2010 10:07:43 AM - System Checkpoint

RP398: 12/10/2010 1:56:57 PM - System Checkpoint

RP399: 12/11/2010 3:13:51 PM - System Checkpoint

RP400: 12/12/2010 3:33:39 PM - System Checkpoint

RP401: 12/13/2010 4:28:15 PM - Removed AVG 7.5

RP402: 12/13/2010 4:28:49 PM - Installed AVG 7.5

==== Installed Programs ======================

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader 8.1.0

Adobe Shockwave Player

Adobe Stock Photos 1.0

AIM 7

ALi AGP Driver 1.91

ALi Ultra IDE Driver Uninstall

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Baldur's Gate II - Throne of Bhaal

BitLord 1.1

Bonjour

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

ccc-utility

DivX Content Uploader

DivX Converter

DivX Setup

Download Updater (AOL LLC)

EASEUS Data Recovery Wizard Professional 4.3.6

ESET Online Scanner v3

Formatta Filler 7.0

gBurner

Graph 4.3

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB896344)

Hotfix for Windows XP (KB926239)

iTunes

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Linksys Wireless-N PCI Adapter WMP300N

Magic ISO Maker v5.4 (build 0251)

Magic ISO Maker v5.4 (build 0256)

Malwarebytes' Anti-Malware

McAfee Security Scan Plus

McAfee Virtual Technician

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 3.0

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIRC

Mozilla Firefox (3.6.13)

MSXML 6.0 Parser (KB933579)

Nero 8 Demo

neroxml

NVIDIA Drivers

OpenOffice.org Installer 1.0

PC Inspector File Recovery

PCI Audio Driver

PeerBlock 1.0.0 (r181)

PowerArchiver 2007

QuickTime

RealPlayer

Rhapsody Player Engine

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938829)

Skins

Skype

Link to post
Share on other sites

  • Staff

The Photoshop and Nero software installed are cracked.. Please uninstall them from Add or Remove Programs.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

The Photoshop and Nero software installed are cracked.. Please uninstall them from Add or Remove Programs.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

awesome, thanks. i've uninstalled the programs and will run combofix tonight or tom while i'm at work.

i appreciate the help.

Link to post
Share on other sites

awesome, thanks. i've uninstalled the programs and will run combofix tonight or tom while i'm at work.

i appreciate the help.

Here's the Combofix log:

ComboFix 10-12-14.01 - Winter 12/14/2010 19:57:40.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.686 [GMT -7:00]

Running from: c:\documents and settings\Winter\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\setup.ini

E:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))

.

2010-12-15 02:50 . 2010-12-15 02:50 -------- d-----w- c:\documents and settings\Winter\Application Data\Avira

2010-12-14 17:10 . 2010-12-14 17:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-12-13 22:29 . 2010-12-13 22:29 -------- d-----w- c:\documents and settings\Winter\Application Data\SUPERAntiSpyware.com

2010-12-13 22:29 . 2010-12-13 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-12-13 22:29 . 2010-12-13 22:29 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-13 17:05 . 2010-12-13 17:05 -------- d-----w- c:\documents and settings\Winter\Application Data\McAfee

2010-12-13 17:05 . 2010-12-13 17:05 -------- d-----w- c:\program files\McAfee

2010-12-13 16:57 . 2010-12-13 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2010-12-13 16:57 . 2010-12-13 16:57 -------- d-----w- c:\program files\McAfee Security Scan

2010-12-13 16:57 . 2010-12-13 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-12-13 16:10 . 2010-12-13 16:10 -------- d-----w- c:\program files\ESET

2010-12-13 05:02 . 2010-12-01 01:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-13 05:02 . 2010-12-01 01:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-13 05:02 . 2010-06-17 21:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-12-13 05:02 . 2010-06-17 21:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-12-13 05:02 . 2010-12-13 05:02 -------- d-----w- c:\program files\Avira

2010-12-13 05:02 . 2010-12-13 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-12-13 04:31 . 2010-12-13 04:31 -------- d-----w- c:\documents and settings\Winter\Application Data\Malwarebytes

2010-12-13 04:31 . 2010-12-13 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-13 04:31 . 2010-11-30 00:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-13 04:31 . 2010-12-13 04:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-13 04:31 . 2010-11-30 00:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-01 02:55 . 2010-12-01 02:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2010-11-25 15:28 . 2010-11-25 15:28 -------- d-----w- c:\program files\iPod

2010-11-25 15:28 . 2010-11-25 15:29 -------- d-----w- c:\program files\iTunes

2010-11-25 15:28 . 2010-11-25 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-11-25 15:24 . 2010-11-25 15:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2010-11-25 15:23 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-11-25 15:23 . 2010-11-25 15:23 -------- d-----w- c:\program files\Bonjour

2010-11-15 18:53 . 2010-11-15 18:53 -------- d-----w- c:\program files\Common Files\DivX Shared

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 17:23 . 2010-10-07 17:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 17:23 . 2010-10-07 17:23 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-09-28 20:44 . 2008-01-28 21:38 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2008-08-06 21:11 . 2008-08-06 21:12 561664 ----a-w- c:\program files\ventrilo_srv-3.0.2-Windows.exe

2007-10-07 21:10 . 2007-10-07 21:10 11548555 ----a-w- c:\program files\WMP300N_20061117_dr.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"nwiz"="nwiz.exe" [2007-12-05 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 185896]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.188\SSScheduler.exe [2010-10-4 272528]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=

"c:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=

"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=

"c:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [10/6/2007 9:33 AM 26880]

R0 alihdd;alihdd;c:\windows\system32\drivers\alihdd.sys [10/6/2007 9:33 AM 30533]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/12/2010 10:02 PM 135336]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/29/2007 8:08 AM 24652]

R2 WMP300NSvc;WMP300NSvc;c:\program files\Linksys\WMP300N\WLService.exe [7/24/2010 11:43 AM 53307]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.188\McCHSvc.exe [10/4/2010 7:27 PM 237008]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [7/24/2010 12:05 PM 14424]

S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [10/17/2007 7:17 PM 822400]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/7/2007 6:56 PM 716272]

.

Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

FF - ProfilePath - c:\documents and settings\Winter\Application Data\Mozilla\Firefox\Profiles\o05gppp7.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe

Notify-AtiExtEvent - (no file)

Notify-WgaLogon - (no file)

AddRemove-Xtreme-G Catalyst 7.12 XP 32bit_is1 - c:\ati\SUPPORT\Xtreme-G Catalyst 7.12 XP 32bit\unins000.exe

AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe

AddRemove-{D050D7362D214723AD585B541FFB6C11} - c:\program files\DivX\DivXContentUploaderUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-14 20:01

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\System32\BCMLogon.dll

.

Completion time: 2010-12-14 20:03:58

ComboFix-quarantined-files.txt 2010-12-15 03:03

Pre-Run: 17,019,088,896 bytes free

Post-Run: 16,997,638,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F4810A27EAA18A8A6EF239C1AE9F6B5B

+++++++++++++++++++++++++++++++++++++++++++

And the new DDS report:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Winter at 20:06:28.23 on Tue 12/14/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.533 [GMT -7:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Linksys\WMP300N\WLService.exe

C:\Program Files\Linksys\WMP300N\WMP300N.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Winter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [C-Media Mixer] Mixer.exe /startup

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191688480479

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\winter\applic~1\mozilla\firefox\profiles\o05gppp7.default\

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [2007-10-6 26880]

R0 alihdd;alihdd;c:\windows\system32\drivers\alihdd.sys [2007-10-6 30533]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-12 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-12 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-12 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-12 61960]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-29 24652]

R2 WMP300NSvc;WMP300NSvc;c:\program files\linksys\wmp300n\WLService.exe [2010-7-24 53307]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-4 237008]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-7-24 14424]

S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [2007-10-17 822400]

=============== Created Last 30 ================

2010-12-15 02:56:18 -------- d-sha-r- C:\cmdcons

2010-12-15 02:54:10 98816 ----a-w- c:\windows\sed.exe

2010-12-15 02:54:10 89088 ----a-w- c:\windows\MBR.exe

2010-12-15 02:54:10 256512 ----a-w- c:\windows\PEV.exe

2010-12-15 02:54:10 161792 ----a-w- c:\windows\SWREG.exe

2010-12-15 02:50:40 -------- d-----w- c:\docume~1\winter\applic~1\Avira

2010-12-13 22:29:55 -------- d-----w- c:\docume~1\winter\applic~1\SUPERAntiSpyware.com

2010-12-13 22:29:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-12-13 22:29:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-13 17:05:56 -------- d-----w- c:\docume~1\winter\applic~1\McAfee

2010-12-13 17:05:31 -------- d-----w- c:\program files\McAfee

2010-12-13 16:57:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2010-12-13 16:57:08 -------- d-----w- c:\program files\McAfee Security Scan

2010-12-13 16:10:33 -------- d-----w- c:\program files\ESET

2010-12-13 05:02:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-13 05:02:39 -------- d-----w- c:\program files\Avira

2010-12-13 05:02:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-12-13 04:31:20 -------- d-----w- c:\docume~1\winter\applic~1\Malwarebytes

2010-12-13 04:31:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-13 04:31:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-12-13 04:31:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-13 04:31:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-25 15:28:25 -------- d-----w- c:\program files\iPod

2010-11-25 15:28:20 -------- d-----w- c:\program files\iTunes

2010-11-25 15:28:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-11-25 15:23:56 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-11-25 15:23:29 -------- d-----w- c:\program files\Bonjour

2010-11-15 18:53:33 -------- d-----w- c:\program files\common files\DivX Shared

==================== Find3M ====================

2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2008-08-06 21:11:34 561664 ----a-w- c:\program files\ventrilo_srv-3.0.2-Windows.exe

2007-10-07 21:10:14 11548555 ----a-w- c:\program files\WMP300N_20061117_dr.exe

============= FINISH: 20:06:54.01 ===============

Link to post
Share on other sites

  • Staff

Hi,

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

I'm running the Online Scan right now, but just wanted to let you know it keeps getting bogged down. The first time it happened was at 7%, it stayed there for a WHILE, scanning, weirdly (since i uninstalled it) Photoshop. Now, it's stuck at 14% scanning, again, weirdly, Nero (which i ALSO uninstalled). Thought it was worth mentioning....

Link to post
Share on other sites

I'm running the Online Scan right now, but just wanted to let you know it keeps getting bogged down. The first time it happened was at 7%, it stayed there for a WHILE, scanning, weirdly (since i uninstalled it) Photoshop. Now, it's stuck at 14% scanning, again, weirdly, Nero (which i ALSO uninstalled). Thought it was worth mentioning....

OK. So I stopped the scan, searched for and deleted the Photoshop and Nero files (although for each program, there seemed to be one file that wouldn't delete, seemingly they're on other drives?). Then I ran the scan again. Here's the log:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6415

# api_version=3.0.2

# EOSSerial=3d6bf1a9cd5fe34fb37f7002b862bfab

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-12-13 04:52:48

# local_time=2010-12-13 09:52:48 (-0700, Mountain Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1797 16775126 100 93 0 28678206 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=61453

# found=1

# cleaned=1

# scan_time=2316

C:\Program Files\Alcohol Soft\Alcohol 120\keymaker.exe probably a variant of Win32/Agent.CWORLZS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

can not get scanner. e_gle=1001

ESETSmartInstaller@High as downloader log:

Can not open internet# version=7

# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

# OnlineScanner.ocx=1.0.0.6415

# api_version=3.0.2

# EOSSerial=3d6bf1a9cd5fe34fb37f7002b862bfab

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-15 03:32:40

# local_time=2010-12-15 08:32:40 (-0700, Mountain Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1797 16775125 100 93 0 28846679 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=3373

# found=0

# cleaned=0

# scan_time=1844

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

# OnlineScanner.ocx=1.0.0.6415

# api_version=3.0.2

# EOSSerial=3d6bf1a9cd5fe34fb37f7002b862bfab

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-15 04:32:40

# local_time=2010-12-15 09:32:40 (-0700, Mountain Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1797 16775125 100 93 0 28849149 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=56499

# found=3

# cleaned=3

# scan_time=3014

C:\Program Files\Black Isle\BGII - SoA\patch.exe a variant of Win32/HackTool.Patcher.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F0473E0D-841B-46D8-BD05-4B7AA8164383}\RP400\A0057991.exe probably a variant of Win32/Agent.CWORLZS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F0473E0D-841B-46D8-BD05-4B7AA8164383}\RP405\A0059606.exe a variant of Win32/HackTool.Patcher.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

==============================================

Machine seems to be running OK, though seems there's still malicious stuff on here.

Link to post
Share on other sites

Hi,

Proceed with the SecurityCheck scan as outlined in my previous post..

Oops! Sorry about that, mate. Here's the contents of checkup.txt:

====================

Results of screen317's Security Check version 0.99.7

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

McAfee Security Scan Plus

McAfee Virtual Technician

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.1.102.64

Adobe Reader 8.1.0

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

  • Staff

Hi,

Considering the nature of cracks and keygens, and how they propagate, I would say it is a good idea to change all passwords and to inform any financial situations of a possible breach. At least that way their monitoring will be more meticulous and they'll know if any unauthorized charges were made.

With that said, how is the computer running now? Are there any remaining issues?

Link to post
Share on other sites

Hi,

Considering the nature of cracks and keygens, and how they propagate, I would say it is a good idea to change all passwords and to inform any financial situations of a possible breach. At least that way their monitoring will be more meticulous and they'll know if any unauthorized charges were made.

With that said, how is the computer running now? Are there any remaining issues?

Seems like it's running a tad slower, however that could just be from the updates it's had to install. As far as I can tell though, that original program is gone and not causing the problems it had been. I'll change my passwords, though if there's some sort of tracker on this machine, seems like it would know that I've done so and snag my new pw, or am I being paranoid?

Link to post
Share on other sites

  • Staff

A little paranoid, maybe. We would've identified anything that could still be collecting passwords and such, but it's ones in the past that you should be concerned with..

Next, please run the PCPitstop Full Tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.