Jump to content

Gnarly problems: opencloud av, MBAM crashing, can't access MBAM file


Recommended Posts

Hello everyone, I'm losing it trying to solve this problem, could really use some help.

My Firefox wound up downloading this phony anti-malware software Opencloud AV. I can't do much of anything when I'm not in safe mode, but safe mode appears to make most things work. I am running XP, SP3.

I read this article on Bleeping Computer and I can get up to step 16, when I run the MalwareBytes scan. Rkill has been run already, and I'm doing this in safe mode. I install the MalwareBytes program, update it, and start a scan (full or quick, same thing happens either way), and then once the scan starts to go, it starts scanning C:\WINDOWS\SYSTEM32, then it bombs. If I then try to restart the program, I get an error message that reads:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Uninstalling and re-installing Malwarebytes gives me the exact same results. I have followed all of the steps for troubleshooting MBAM on an infected machine but nothing works.

Any advice? Could really use some help.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

Hello screen317, thanks for getting back to me; here is the TDSSKILLER. log:

01:56:16.0984 0520 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46

01:56:17.0593 0520 ============================================================

01:56:17.0593 0520 Current date / time: 2011/10/07 01:56:17.0593

01:56:17.0593 0520 SystemInfo:

01:56:17.0593 0520

01:56:17.0593 0520 OS Version: 5.1.2600 ServicePack: 3.0

01:56:17.0593 0520 Product type: Workstation

01:56:17.0593 0520 ComputerName: SALTED-35573805

01:56:17.0593 0520 UserName: Harry Ballsonia

01:56:17.0593 0520 Windows directory: C:\WINDOWS

01:56:17.0593 0520 System windows directory: C:\WINDOWS

01:56:17.0593 0520 Processor architecture: Intel x86

01:56:17.0593 0520 Number of processors: 1

01:56:17.0593 0520 Page size: 0x1000

01:56:17.0593 0520 Boot type: Safe boot with network

01:56:17.0593 0520 ============================================================

01:56:19.0390 0520 Initialize success

01:56:21.0859 0572 ============================================================

01:56:21.0859 0572 Scan started

01:56:21.0859 0572 Mode: Manual;

01:56:21.0859 0572 ============================================================

01:56:23.0546 0572 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

01:56:23.0562 0572 61883 - ok

01:56:24.0406 0572 Abiosdsk - ok

01:56:25.0250 0572 abp480n5 - ok

01:56:26.0109 0572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

01:56:26.0109 0572 ACPI - ok

01:56:26.0984 0572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

01:56:26.0984 0572 ACPIEC - ok

01:56:27.0171 0572 ad827760 (a5bb3a84ba80655b6308b09f1d552173) C:\WINDOWS\1618444973:1383958687.exe

01:56:27.0171 0572 Suspicious file (Hidden): C:\WINDOWS\1618444973:1383958687.exe. md5: a5bb3a84ba80655b6308b09f1d552173

01:56:27.0171 0572 ad827760 ( HiddenFile.Multi.Generic ) - warning

01:56:27.0171 0572 ad827760 - detected HiddenFile.Multi.Generic (1)

01:56:27.0906 0572 adpu160m - ok

01:56:28.0781 0572 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys

01:56:28.0796 0572 aeaudio - ok

01:56:29.0671 0572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

01:56:29.0671 0572 aec - ok

01:56:30.0515 0572 AFD (8d499b1276012eb907e7a9e0f4d8fda4) C:\WINDOWS\System32\drivers\afd.sys

01:56:30.0531 0572 AFD - ok

01:56:31.0375 0572 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

01:56:31.0390 0572 agp440 - ok

01:56:32.0218 0572 Aha154x - ok

01:56:33.0109 0572 aic78u2 - ok

01:56:33.0953 0572 aic78xx - ok

01:56:34.0921 0572 AliIde - ok

01:56:35.0812 0572 amsint - ok

01:56:36.0765 0572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

01:56:36.0781 0572 Arp1394 - ok

01:56:37.0593 0572 asc - ok

01:56:38.0484 0572 asc3350p - ok

01:56:39.0406 0572 asc3550 - ok

01:56:40.0328 0572 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\Aspi32.sys

01:56:40.0328 0572 Aspi32 - ok

01:56:41.0203 0572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

01:56:41.0218 0572 AsyncMac - ok

01:56:42.0125 0572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

01:56:42.0125 0572 atapi - ok

01:56:43.0000 0572 Atdisk - ok

01:56:43.0921 0572 atinrvxx (a7a01b907db63898d40b0a14248ff9a2) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys

01:56:43.0937 0572 atinrvxx - ok

01:56:44.0796 0572 ATITUNEP (edd66332608d27f4fd5069bcd0bc5164) C:\WINDOWS\system32\DRIVERS\atintuxx.sys

01:56:44.0796 0572 ATITUNEP - ok

01:56:45.0640 0572 ativraxx (da36687d701c833430605a298731410b) C:\WINDOWS\system32\DRIVERS\atinraxx.sys

01:56:45.0640 0572 ativraxx - ok

01:56:46.0515 0572 ATIXSAudio (77b575d7aab35d5908ae6ce681608d62) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys

01:56:46.0515 0572 ATIXSAudio - ok

01:56:47.0390 0572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

01:56:47.0421 0572 Atmarpc - ok

01:56:48.0296 0572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

01:56:48.0296 0572 audstub - ok

01:56:49.0187 0572 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

01:56:49.0203 0572 Avc - ok

01:56:49.0328 0572 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

01:56:49.0328 0572 AVG Anti-Spyware Driver - ok

01:56:50.0250 0572 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

01:56:50.0250 0572 AvgAsCln - ok

01:56:51.0125 0572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

01:56:51.0125 0572 Beep - ok

01:56:52.0000 0572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

01:56:52.0000 0572 cbidf2k - ok

01:56:52.0875 0572 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

01:56:52.0875 0572 CCDECODE - ok

01:56:53.0718 0572 cd20xrnt - ok

01:56:54.0625 0572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

01:56:54.0625 0572 Cdaudio - ok

01:56:55.0468 0572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

01:56:55.0468 0572 Cdfs - ok

01:56:56.0359 0572 Cdrom (d3562d6356f45939e0edba895837ef46) C:\WINDOWS\system32\DRIVERS\cdrom.sys

01:56:56.0359 0572 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: d3562d6356f45939e0edba895837ef46, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc

01:56:56.0375 0572 Cdrom ( ForgedFile.Multi.Generic ) - warning

01:56:56.0375 0572 Cdrom - detected ForgedFile.Multi.Generic (1)

01:56:57.0218 0572 Changer - ok

01:56:58.0187 0572 CmdIde - ok

01:56:59.0109 0572 Cpqarray - ok

01:56:59.0984 0572 dac2w2k - ok

01:57:00.0828 0572 dac960nt - ok

01:57:01.0734 0572 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys

01:57:01.0734 0572 Disk - ok

01:57:02.0609 0572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

01:57:02.0625 0572 dmboot - ok

01:57:03.0531 0572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

01:57:03.0531 0572 dmio - ok

01:57:04.0406 0572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

01:57:04.0406 0572 dmload - ok

01:57:05.0281 0572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

01:57:05.0281 0572 DMusic - ok

01:57:06.0156 0572 dpti2o - ok

01:57:07.0015 0572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

01:57:07.0015 0572 drmkaud - ok

01:57:07.0906 0572 EL2000 (9d356817b223067ff6f7f9eb867585ef) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys

01:57:07.0906 0572 EL2000 - ok

01:57:08.0812 0572 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys

01:57:08.0812 0572 exFat - ok

01:57:09.0671 0572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

01:57:09.0671 0572 Fastfat - ok

01:57:10.0546 0572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

01:57:10.0562 0572 Fdc - ok

01:57:11.0453 0572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

01:57:11.0453 0572 Fips - ok

01:57:12.0343 0572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

01:57:12.0343 0572 Flpydisk - ok

01:57:13.0203 0572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

01:57:13.0234 0572 FltMgr - ok

01:57:14.0093 0572 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys

01:57:14.0093 0572 Fs_Rec - ok

01:57:14.0953 0572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

01:57:14.0968 0572 Ftdisk - ok

01:57:15.0843 0572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

01:57:15.0843 0572 Gpc - ok

01:57:16.0734 0572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

01:57:16.0734 0572 HidUsb - ok

01:57:17.0593 0572 hpn - ok

01:57:18.0468 0572 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys

01:57:18.0468 0572 HTTP - ok

01:57:19.0375 0572 i2omgmt - ok

01:57:20.0250 0572 i2omp - ok

01:57:21.0125 0572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

01:57:21.0125 0572 i8042prt - ok

01:57:22.0000 0572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

01:57:22.0015 0572 Imapi - ok

01:57:22.0906 0572 ini910u - ok

01:57:23.0859 0572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

01:57:23.0859 0572 IntelIde - ok

01:57:24.0718 0572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

01:57:24.0734 0572 intelppm - ok

01:57:25.0625 0572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

01:57:25.0625 0572 Ip6Fw - ok

01:57:26.0500 0572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

01:57:26.0500 0572 IpFilterDriver - ok

01:57:27.0375 0572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

01:57:27.0375 0572 IpInIp - ok

01:57:28.0218 0572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

01:57:28.0250 0572 IpNat - ok

01:57:29.0140 0572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

01:57:29.0140 0572 IPSec - ok

01:57:30.0015 0572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

01:57:30.0015 0572 IRENUM - ok

01:57:30.0937 0572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

01:57:30.0937 0572 isapnp - ok

01:57:31.0859 0572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

01:57:31.0859 0572 Kbdclass - ok

01:57:32.0734 0572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

01:57:32.0750 0572 kbdhid - ok

01:57:33.0625 0572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

01:57:33.0625 0572 kmixer - ok

01:57:34.0484 0572 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys

01:57:34.0500 0572 KSecDD - ok

01:57:35.0406 0572 lbrtfdc - ok

01:57:36.0437 0572 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys

01:57:36.0453 0572 MidiSyn - ok

01:57:37.0296 0572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

01:57:37.0312 0572 mnmdd - ok

01:57:38.0171 0572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

01:57:38.0171 0572 Modem - ok

01:57:39.0046 0572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

01:57:39.0046 0572 Mouclass - ok

01:57:39.0937 0572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

01:57:39.0937 0572 mouhid - ok

01:57:40.0796 0572 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys

01:57:40.0796 0572 MountMgr - ok

01:57:41.0609 0572 mraid35x - ok

01:57:42.0578 0572 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

01:57:42.0593 0572 MRxDAV - ok

01:57:43.0484 0572 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

01:57:43.0484 0572 MRxSmb - ok

01:57:44.0390 0572 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

01:57:44.0406 0572 MSDV - ok

01:57:45.0312 0572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

01:57:45.0312 0572 Msfs - ok

01:57:46.0171 0572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

01:57:46.0171 0572 MSKSSRV - ok

01:57:47.0015 0572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

01:57:47.0031 0572 MSPCLOCK - ok

01:57:47.0890 0572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

01:57:47.0890 0572 MSPQM - ok

01:57:48.0734 0572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

01:57:48.0734 0572 mssmbios - ok

01:57:49.0609 0572 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

01:57:49.0609 0572 MSTEE - ok

01:57:50.0468 0572 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys

01:57:50.0484 0572 Mup - ok

01:57:51.0359 0572 MVDCODEC (ed4c2bf8403f4437987c0ba09cf48716) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys

01:57:51.0359 0572 MVDCODEC - ok

01:57:52.0203 0572 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

01:57:52.0218 0572 NABTSFEC - ok

01:57:53.0140 0572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

01:57:53.0156 0572 NDIS - ok

01:57:54.0015 0572 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

01:57:54.0015 0572 NdisIP - ok

01:57:54.0843 0572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

01:57:54.0859 0572 NdisTapi - ok

01:57:55.0734 0572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

01:57:55.0734 0572 Ndisuio - ok

01:57:56.0578 0572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

01:57:56.0593 0572 NdisWan - ok

01:57:57.0453 0572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

01:57:57.0453 0572 NDProxy - ok

01:57:58.0375 0572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

01:57:58.0375 0572 NetBIOS - ok

01:57:59.0218 0572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

01:57:59.0218 0572 NetBT - ok

01:58:00.0203 0572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

01:58:00.0203 0572 NIC1394 - ok

01:58:01.0093 0572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

01:58:01.0093 0572 Npfs - ok

01:58:01.0968 0572 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys

01:58:01.0968 0572 Ntfs - ok

01:58:02.0875 0572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

01:58:02.0875 0572 Null - ok

01:58:03.0953 0572 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

01:58:04.0109 0572 nv - ok

01:58:05.0031 0572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

01:58:05.0046 0572 NwlnkFlt - ok

01:58:05.0921 0572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

01:58:05.0921 0572 NwlnkFwd - ok

01:58:06.0812 0572 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

01:58:06.0812 0572 ohci1394 - ok

01:58:07.0750 0572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

01:58:07.0765 0572 Parport - ok

01:58:08.0640 0572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

01:58:08.0640 0572 PartMgr - ok

01:58:09.0515 0572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

01:58:09.0515 0572 ParVdm - ok

01:58:10.0406 0572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

01:58:10.0406 0572 PCI - ok

01:58:11.0250 0572 PCIDump - ok

01:58:12.0125 0572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

01:58:12.0125 0572 PCIIde - ok

01:58:13.0000 0572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

01:58:13.0000 0572 Pcmcia - ok

01:58:13.0875 0572 PDCOMP - ok

01:58:14.0718 0572 PDFRAME - ok

01:58:15.0609 0572 PDRELI - ok

01:58:16.0453 0572 PDRFRAME - ok

01:58:17.0328 0572 perc2 - ok

01:58:18.0171 0572 perc2hib - ok

01:58:19.0187 0572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

01:58:19.0187 0572 PptpMiniport - ok

01:58:20.0046 0572 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys

01:58:20.0046 0572 PSched - ok

01:58:20.0921 0572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

01:58:20.0921 0572 Ptilink - ok

01:58:21.0812 0572 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

01:58:21.0812 0572 PxHelp20 - ok

01:58:22.0671 0572 ql1080 - ok

01:58:23.0562 0572 Ql10wnt - ok

01:58:24.0437 0572 ql12160 - ok

01:58:25.0312 0572 ql1240 - ok

01:58:26.0187 0572 ql1280 - ok

01:58:27.0078 0572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

01:58:27.0078 0572 RasAcd - ok

01:58:27.0968 0572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

01:58:27.0968 0572 Rasl2tp - ok

01:58:28.0875 0572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

01:58:28.0875 0572 RasPppoe - ok

01:58:29.0750 0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

01:58:29.0750 0572 Raspti - ok

01:58:30.0640 0572 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys

01:58:30.0640 0572 Rdbss - ok

01:58:31.0531 0572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

01:58:31.0531 0572 RDPCDD - ok

01:58:32.0421 0572 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

01:58:32.0421 0572 rdpdr - ok

01:58:33.0296 0572 RDPWD (3348e61a78ba4f79c795aad6565d3b6f) C:\WINDOWS\system32\drivers\RDPWD.sys

01:58:33.0312 0572 RDPWD - ok

01:58:34.0218 0572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

01:58:34.0218 0572 redbook - ok

01:58:35.0265 0572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

01:58:35.0265 0572 Secdrv - ok

01:58:36.0187 0572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

01:58:36.0203 0572 serenum - ok

01:58:37.0078 0572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

01:58:37.0078 0572 Serial - ok

01:58:38.0000 0572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

01:58:38.0000 0572 Sfloppy - ok

01:58:38.0937 0572 Si3112 (f459dd5ee69d4b68cb6767c9731b5faf) C:\WINDOWS\system32\drivers\Si3112.sys

01:58:38.0953 0572 Si3112 - ok

01:58:39.0796 0572 Simbad - ok

01:58:40.0734 0572 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

01:58:40.0734 0572 SLIP - ok

01:58:41.0625 0572 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys

01:58:41.0625 0572 smwdm - ok

01:58:42.0515 0572 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\WINDOWS\system32\DRIVERS\snman380.sys

01:58:42.0546 0572 snapman380 - ok

01:58:43.0421 0572 Sparrow - ok

01:58:44.0296 0572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

01:58:44.0296 0572 splitter - ok

01:58:45.0140 0572 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\WINDOWS\System32\Drivers\sptd.sys

01:58:45.0156 0572 sptd - ok

01:58:46.0031 0572 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

01:58:46.0046 0572 Sr - ok

01:58:46.0968 0572 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys

01:58:46.0984 0572 Srv - ok

01:58:47.0890 0572 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

01:58:47.0890 0572 streamip - ok

01:58:48.0750 0572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

01:58:48.0750 0572 swenum - ok

01:58:49.0593 0572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

01:58:49.0609 0572 swmidi - ok

01:58:50.0484 0572 symc810 - ok

01:58:51.0359 0572 symc8xx - ok

01:58:52.0218 0572 sym_hi - ok

01:58:53.0125 0572 sym_u3 - ok

01:58:54.0015 0572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

01:58:54.0015 0572 sysaudio - ok

01:58:54.0937 0572 Tcpip (474d3dccb57defcd917311eec47204b9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

01:58:54.0953 0572 Tcpip - ok

01:58:55.0812 0572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

01:58:55.0812 0572 TDPIPE - ok

01:58:56.0671 0572 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\WINDOWS\system32\DRIVERS\tdrpm174.sys

01:58:56.0687 0572 tdrpman174 - ok

01:58:57.0593 0572 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys

01:58:57.0593 0572 TDTCP - ok

01:58:58.0468 0572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

01:58:58.0468 0572 TermDD - ok

01:58:59.0406 0572 timounter (711fcff933b1e5da14dcbaaa9655d282) C:\WINDOWS\system32\DRIVERS\timntr.sys

01:58:59.0421 0572 timounter - ok

01:59:00.0281 0572 TosIde - ok

01:59:00.0468 0572 TrueSight - ok

01:59:01.0421 0572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

01:59:01.0421 0572 Udfs - ok

01:59:02.0296 0572 ultra - ok

01:59:03.0234 0572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

01:59:03.0250 0572 Update - ok

01:59:04.0156 0572 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys

01:59:04.0156 0572 usbehci - ok

01:59:05.0046 0572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

01:59:05.0046 0572 usbhub - ok

01:59:05.0937 0572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

01:59:05.0937 0572 USBSTOR - ok

01:59:06.0812 0572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

01:59:06.0812 0572 usbuhci - ok

01:59:07.0718 0572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

01:59:07.0718 0572 VgaSave - ok

01:59:08.0546 0572 ViaIde - ok

01:59:09.0500 0572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

01:59:09.0500 0572 VolSnap - ok

01:59:10.0421 0572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

01:59:10.0421 0572 Wanarp - ok

01:59:11.0265 0572 WDICA - ok

01:59:12.0140 0572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

01:59:12.0140 0572 wdmaud - ok

01:59:13.0140 0572 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys

01:59:13.0140 0572 WmBEnum - ok

01:59:14.0046 0572 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys

01:59:14.0062 0572 WmFilter - ok

01:59:15.0000 0572 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys

01:59:15.0000 0572 WmVirHid - ok

01:59:15.0875 0572 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys

01:59:15.0875 0572 WmXlCore - ok

01:59:16.0734 0572 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

01:59:16.0734 0572 WSTCODEC - ok

01:59:17.0609 0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

01:59:17.0609 0572 WudfPf - ok

01:59:18.0515 0572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

01:59:18.0515 0572 WudfRd - ok

01:59:18.0687 0572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

01:59:18.0703 0572 \Device\Harddisk0\DR0 - ok

01:59:18.0734 0572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

01:59:18.0828 0572 \Device\Harddisk1\DR1 - ok

01:59:18.0859 0572 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR4

01:59:18.0875 0572 \Device\Harddisk2\DR4 - ok

01:59:18.0906 0572 Boot (0x1200) (25398d38b64a21f0c9fdd303f48e04ee) \Device\Harddisk0\DR0\Partition0

01:59:18.0906 0572 \Device\Harddisk0\DR0\Partition0 - ok

01:59:18.0937 0572 Boot (0x1200) (2fb17eac7802f05990e1ba700a62fbe2) \Device\Harddisk1\DR1\Partition0

01:59:18.0937 0572 \Device\Harddisk1\DR1\Partition0 - ok

01:59:18.0968 0572 Boot (0x1200) (61ef0a3e7d94c3f7e0b8799f76176432) \Device\Harddisk2\DR4\Partition0

01:59:18.0968 0572 \Device\Harddisk2\DR4\Partition0 - ok

01:59:18.0984 0572 ============================================================

01:59:18.0984 0572 Scan finished

01:59:18.0984 0572 ============================================================

01:59:19.0046 0564 Detected object count: 2

01:59:19.0046 0564 Actual detected object count: 2

01:59:58.0062 0564 HKLM\SYSTEM\ControlSet001\services\ad827760 - will be deleted on reboot

01:59:58.0093 0564 HKLM\SYSTEM\ControlSet003\services\ad827760 - will be deleted on reboot

01:59:58.0125 0564 C:\WINDOWS\1618444973:1383958687.exe - will be deleted on reboot

01:59:58.0125 0564 ad827760 ( HiddenFile.Multi.Generic ) - User select action: Delete

01:59:58.0156 0564 HKLM\SYSTEM\ControlSet001\services\Cdrom - will be deleted on reboot

01:59:58.0156 0564 HKLM\SYSTEM\ControlSet003\services\Cdrom - will be deleted on reboot

01:59:58.0171 0564 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be deleted on reboot

01:59:58.0171 0564 Cdrom ( ForgedFile.Multi.Generic ) - User select action: Delete

02:00:04.0984 0512 Deinitialize success

And here is the DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by Harry Ballsonia at 19:55:43 on 2011-10-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2875.2396 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [AdobeBridge]

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [blackArmorBackupMonitor.exe] c:\program files\seagate\blackarmorbackup\BlackArmorBackupMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\seagate\blackarmorbackup\TimounterMonitor.exe

mRun: [seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [dUVVrllONtx0uS28234A] c:\windows\system32\GRRZqhhYCw.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [ctfmon.exe] ctfmon.exe

dRun: [iDMan] c:\program files\internet download manager\IDMan.exe /s

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\harryb~1\startm~1\programs\startup\autosh~1.lnk - c:\program files\auto shutdown\AutoShutdown.exe

StartupFolder: c:\docume~1\harryb~1\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\harry ballsonia\application data\leadertech\powerregister\Seagate Product Registration.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoInstrumentation = 1 (0x1)

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoInstrumentation = 1 (0x1)

dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\harry ballsonia\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133

TCP: Interfaces\{B783288D-04CF-4CBE-8C10-06B545FDE227} : DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SecurityProviders: schannel.dll, credssp.dll, digest.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\harry ballsonia\application data\mozilla\firefox\profiles\3rhjld7a.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-4-9 10872]

S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]

S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-11-20 617984]

S3 TrueSight;TrueSight;\??\c:\documents and settings\harry ballsonia\desktop\truesight.sys --> c:\documents and settings\harry ballsonia\desktop\TrueSight.sys [?]

.

=============== Created Last 30 ================

.

2011-10-04 05:08:37 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-04 05:08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-04 05:01:20 -------- d-----w- c:\documents and settings\harry ballsonia\application data\PqUeIrPyAuD

2011-10-04 05:01:18 -------- d-----w- c:\documents and settings\harry ballsonia\application data\waJdKfZhXjVlBz0

2011-10-04 04:57:15 -------- d-----w- c:\documents and settings\harry ballsonia\application data\xlNx0c2b3n5

2011-10-04 04:57:14 -------- d-----w- c:\documents and settings\harry ballsonia\application data\JoFpHsJdL

2011-10-03 04:52:08 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 04:41:05 -------- d-----w- c:\program files\tdsskiller

2011-10-03 04:13:59 -------- d-----w- c:\documents and settings\harry ballsonia\application data\pGaHsKfLgXjCkBz

2011-10-03 04:13:58 -------- d-----w- c:\documents and settings\harry ballsonia\application data\KQ6E8RhXUeOxy1b

2011-10-03 04:11:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-10-03 04:11:15 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-10-03 03:17:01 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2011-10-03 03:17:00 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2011-10-03 03:17:00 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2011-10-03 03:17:00 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2011-10-03 01:29:12 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qL8gTZqjY

2011-10-03 01:29:12 -------- d-----w- c:\documents and settings\harry ballsonia\application data\hrzONtxA0v2b3m5

2011-10-03 01:19:38 -------- d-----w- c:\documents and settings\harry ballsonia\application data\V6dEK8gRZhXkVlB

2011-10-03 01:19:38 -------- d-----w- c:\documents and settings\harry ballsonia\application data\QONyxA0uv2b3m5Q

2011-10-03 00:41:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-03 00:35:55 -------- d-----w- c:\documents and settings\harry ballsonia\application data\Malwarebytes

2011-10-03 00:27:04 -------- d-----w- c:\documents and settings\harry ballsonia\application data\C5sQJ6dEKgZhXkV

2011-10-03 00:27:04 -------- d-----w- c:\documents and settings\harry ballsonia\application data\AONyxA0uv2b3

2011-10-03 00:19:03 -------- d-----w- c:\documents and settings\harry ballsonia\application data\r9gTZqjYC

2011-10-03 00:18:48 -------- d-----w- c:\documents and settings\harry ballsonia\application data\RCkVzNx0v2b3m5Q

2011-10-03 00:18:48 -------- d-----w- c:\documents and settings\harry ballsonia\application data\DE8R9YwUeOtPySi

2011-10-03 00:17:32 -------- d-----w- c:\documents and settings\harry ballsonia\application data\q6KfLgXjC

2011-10-03 00:17:32 -------- d-----w- c:\documents and settings\harry ballsonia\application data\eQJ6dKgZhwUlBx

2011-10-02 21:37:57 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qycS1ibD3n4Q6W7

2011-10-02 21:37:57 -------- d-----w- c:\documents and settings\harry ballsonia\application data\D0uvS2oF3m5Q6E8

2011-10-02 21:19:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\wonF4amH5QTqYer

2011-10-02 21:19:00 -------- d-----w- c:\documents and settings\harry ballsonia\application data\gTXwjUCelBzNc1v

2011-10-02 21:13:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-10-02 20:47:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qG5aQdK8fZhXjVl

2011-10-02 20:47:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\IYCkIVrOtAuSiFp

2011-10-02 20:36:53 -------- d-----w- c:\documents and settings\harry ballsonia\application data\xvSS2oobF4pG5QJ

2011-10-02 20:36:53 -------- d-----w- c:\documents and settings\harry ballsonia\application data\NddEKK8gRZqhXw

2011-10-02 20:36:27 2400768 ----a-w- c:\windows\system32\GRRZqhhYCw.exe

2011-10-02 20:36:27 -------- d-----w- c:\documents and settings\harry ballsonia\application data\TooobF4pm5sQdL8

2011-09-25 20:24:38 -------- d-----w- c:\program files\Veetle

2011-09-25 20:21:54 -------- d-----w- c:\program files\StreamTorrent 1.0

2011-09-25 20:21:54 -------- d-----w- c:\documents and settings\harry ballsonia\application data\StreamTorrent

.

==================== Find3M ====================

.

2011-09-30 19:42:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll

2011-08-10 01:02:54 73 ----a-w- c:\windows\system32\ssprs.dll

2011-08-10 01:02:54 205 ----a-w- c:\windows\system32\lsprst7.dll

2011-07-15 13:29:35 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\sysprs7.dll

2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\clauth2.dll

2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\clauth1.dll

2011-04-14 20:32:58 44 ---h--w- c:\program files\74b06f26.tmp

.

============= FINISH: 19:56:19.60 ===============

Again, thanks for all your help.

Link to post
Share on other sites

Hi Screen; here is my ComboFix log:

ComboFix 11-10-10.04 - Harry Ballsonia 10/10/2011 15:14:56.1.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2875.2588 [GMT -7:00]

Running from: c:\documents and settings\Harry Ballsonia\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Harry Ballsonia\Application Data\C5sQJ6dEKgZhXkVOpen Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\DE8R9YwUeOtPySiOpen Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\hrzONtxA0v2b3m5Open Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\NddEKK8gRZqhXwOpen Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\pGaHsKfLgXjCkBzOpen Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\PqUeIrPyAuDOpen Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\q6KfLgXjCOpen Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\qG5aQdK8fZhXjVlOpen Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\qycS1ibD3n4Q6W7Open Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\V6dEK8gRZhXkVlBOpen Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\wonF4amH5QTqYerOpen Cloud AV.ico

c:\documents and settings\Harry Ballsonia\Application Data\xlNx0c2b3n5Open Cloud AV.ico

c:\program files\Toolbar

c:\windows\$NtUninstallKB9501$

c:\windows\$NtUninstallKB9501$\1011943226

c:\windows\$NtUninstallKB9501$\2911008608\@

c:\windows\$NtUninstallKB9501$\2911008608\bckfg.tmp

c:\windows\$NtUninstallKB9501$\2911008608\cfg.ini

c:\windows\$NtUninstallKB9501$\2911008608\Desktop.ini

c:\windows\$NtUninstallKB9501$\2911008608\keywords

c:\windows\$NtUninstallKB9501$\2911008608\kwrd.dll

c:\windows\$NtUninstallKB9501$\2911008608\L\hlmmrqan

c:\windows\$NtUninstallKB9501$\2911008608\U\00000001.@

c:\windows\$NtUninstallKB9501$\2911008608\U\00000002.@

c:\windows\$NtUninstallKB9501$\2911008608\U\80000000.@

c:\windows\$NtUninstallKB9501$\2911008608\U\80000032.@

c:\windows\system32\d3d9caps.dat

c:\windows\system32\lsprst7.dll

c:\windows\system32\ssprs.dll

.

Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected

Restored copy from - The cat found it :)

c:\windows\system32\drivers\cdrom.sys . . . is missing!!

.

.

((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))

.

.

2011-10-10 22:24 . 2011-10-10 22:24 -------- d-----w- c:\windows\system32\xircom

2011-10-10 22:24 . 2011-10-10 22:24 -------- d-----w- c:\windows\system32\wbem\snmp

2011-10-10 22:24 . 2011-10-10 22:24 -------- d-----w- c:\windows\srchasst

2011-10-04 05:08 . 2011-10-04 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-04 05:08 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-04 05:01 . 2011-10-04 05:01 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\PqUeIrPyAuD

2011-10-04 05:01 . 2011-10-04 05:01 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\waJdKfZhXjVlBz0

2011-10-04 04:57 . 2011-10-04 04:57 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\xlNx0c2b3n5

2011-10-04 04:57 . 2011-10-04 04:57 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\JoFpHsJdL

2011-10-03 04:52 . 2011-10-03 04:52 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 04:41 . 2011-10-03 04:41 -------- d-----w- c:\program files\tdsskiller

2011-10-03 04:13 . 2011-10-03 04:13 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\pGaHsKfLgXjCkBz

2011-10-03 04:13 . 2011-10-03 04:13 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\KQ6E8RhXUeOxy1b

2011-10-03 04:11 . 2011-10-03 04:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-10-03 04:11 . 2011-10-03 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-10-03 03:17 . 2011-10-03 03:17 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2011-10-03 03:17 . 2011-10-03 03:17 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2011-10-03 03:17 . 2011-10-03 03:17 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2011-10-03 03:17 . 2011-10-03 03:17 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2011-10-03 01:29 . 2011-10-03 01:29 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\qL8gTZqjY

2011-10-03 01:29 . 2011-10-03 01:29 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\hrzONtxA0v2b3m5

2011-10-03 01:19 . 2011-10-03 01:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\V6dEK8gRZhXkVlB

2011-10-03 01:19 . 2011-10-03 01:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\QONyxA0uv2b3m5Q

2011-10-03 00:41 . 2011-10-04 05:09 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-03 00:35 . 2011-10-03 00:35 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\Malwarebytes

2011-10-03 00:27 . 2011-10-03 00:27 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\C5sQJ6dEKgZhXkV

2011-10-03 00:27 . 2011-10-03 00:27 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\AONyxA0uv2b3

2011-10-03 00:19 . 2011-10-03 00:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\r9gTZqjYC

2011-10-03 00:18 . 2011-10-03 00:18 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\RCkVzNx0v2b3m5Q

2011-10-03 00:18 . 2011-10-03 00:18 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\DE8R9YwUeOtPySi

2011-10-03 00:17 . 2011-10-03 00:17 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\q6KfLgXjC

2011-10-03 00:17 . 2011-10-03 00:17 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\eQJ6dKgZhwUlBx

2011-10-02 21:37 . 2011-10-02 21:37 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\qycS1ibD3n4Q6W7

2011-10-02 21:37 . 2011-10-02 21:37 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\D0uvS2oF3m5Q6E8

2011-10-02 21:19 . 2011-10-02 21:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\wonF4amH5QTqYer

2011-10-02 21:19 . 2011-10-02 21:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\gTXwjUCelBzNc1v

2011-10-02 21:13 . 2011-10-02 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-02 20:59 . 2011-10-02 20:59 -------- d-----w- c:\documents and settings\Administrator

2011-10-02 20:47 . 2011-10-02 20:47 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\qG5aQdK8fZhXjVl

2011-10-02 20:47 . 2011-10-02 20:47 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\IYCkIVrOtAuSiFp

2011-10-02 20:36 . 2011-10-02 20:36 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\xvSS2oobF4pG5QJ

2011-10-02 20:36 . 2011-10-02 20:36 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\NddEKK8gRZqhXw

2011-10-02 20:36 . 2011-10-02 20:36 2400768 ----a-w- c:\windows\system32\GRRZqhhYCw.exe

2011-10-02 20:36 . 2011-10-02 20:36 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\TooobF4pm5sQdL8

2011-09-25 20:24 . 2011-09-25 20:24 -------- d-----w- c:\program files\Veetle

2011-09-25 20:21 . 2011-09-25 20:21 -------- d-----w- c:\program files\StreamTorrent 1.0

2011-09-25 20:21 . 2011-09-25 20:21 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\StreamTorrent

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-30 19:42 . 2011-05-26 20:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:11 . 2010-03-13 00:44 599552 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29 . 2010-05-04 14:20 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-14 20:32 . 2011-04-16 08:32 44 ---h--w- c:\program files\74b06f26.tmp

2011-09-30 19:44 . 2011-04-15 08:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-15 399736]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"BlackArmorBackupMonitor.exe"="c:\program files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2009-11-20 4352976]

"AcronisTimounterMonitor"="c:\program files\Seagate\BlackArmorBackup\TimounterMonitor.exe" [2009-11-20 963784]

"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-20 376288]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"nwiz"="nwiz.exe" [2008-10-07 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]

"dUVVrllONtx0uS28234A"="c:\windows\system32\GRRZqhhYCw.exe" [2011-10-02 2400768]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-07 128512]

.

c:\documents and settings\Harry Ballsonia\Start Menu\Programs\Startup\

Auto Shutdown.lnk - c:\program files\Auto Shutdown\AutoShutdown.exe [2011-4-18 468480]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2011-4-19 81997]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders schannel.dll, credssp.dll, digest.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [11/20/2009 1:07 AM 617984]

S3 TrueSight;TrueSight;\??\c:\documents and settings\Harry Ballsonia\Desktop\TrueSight.sys --> c:\documents and settings\Harry Ballsonia\Desktop\TrueSight.sys [?]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\Harry Ballsonia\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133

FF - ProfilePath - c:\documents and settings\Harry Ballsonia\Application Data\Mozilla\Firefox\Profiles\3rhjld7a.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

HKU-Default-Run-IDMan - c:\program files\Internet Download Manager\IDMan.exe

SafeBoot-87682320.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-10 15:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:f9,b3,f2,bc,a1,64,d6,fa,7b,2e,bd,1a,86,e6,6e,32,5a,76,aa,1f,3d,

45,86,03,45,3f,f3,f3,e6,71,64,6a,e9,13,c0,31,bb,dd,2e,ff,5c,54,c4,61,04,e4,\

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:f9,b3,f2,bc,a1,64,d6,fa,7b,2e,bd,1a,86,e6,6e,32,5a,76,aa,1f,3d,

45,86,03,45,3f,f3,f3,e6,71,64,6a,e9,13,c0,31,bb,dd,2e,ff,5c,54,c4,61,04,e4,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4052)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Completion time: 2011-10-10 15:27:43 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-10 22:27

.

Pre-Run: 282,012,975,104 bytes free

Post-Run: 282,291,728,384 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

.

- - End Of File - - CC97EA6596E68469EA63F12ACE95B297

And here's another DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by Harry Ballsonia at 15:31:21 on 2011-10-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2875.2482 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [blackArmorBackupMonitor.exe] c:\program files\seagate\blackarmorbackup\BlackArmorBackupMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\seagate\blackarmorbackup\TimounterMonitor.exe

mRun: [seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [dUVVrllONtx0uS28234A] c:\windows\system32\GRRZqhhYCw.exe

dRun: [ctfmon.exe] ctfmon.exe

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\harryb~1\startm~1\programs\startup\autosh~1.lnk - c:\program files\auto shutdown\AutoShutdown.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoInstrumentation = 1 (0x1)

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoInstrumentation = 1 (0x1)

dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\harry ballsonia\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133

TCP: Interfaces\{B783288D-04CF-4CBE-8C10-06B545FDE227} : DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SecurityProviders: schannel.dll, credssp.dll, digest.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\harry ballsonia\application data\mozilla\firefox\profiles\3rhjld7a.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-4-9 10872]

S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]

S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-11-20 617984]

S3 TrueSight;TrueSight;\??\c:\documents and settings\harry ballsonia\desktop\truesight.sys --> c:\documents and settings\harry ballsonia\desktop\TrueSight.sys [?]

.

=============== Created Last 30 ================

.

2011-10-10 22:25:09 -------- d-----w- c:\documents and settings\harry ballsonia\application data\nOtP0GHKL

2011-10-10 22:25:08 -------- d-----w- c:\documents and settings\harry ballsonia\application data\avF4pmH5sJdLgZh

2011-10-10 22:24:04 -------- d-----w- c:\windows\system32\xircom

2011-10-10 22:24:04 -------- d-----w- c:\windows\system32\wbem\snmp

2011-10-10 22:24:04 -------- d-----w- c:\windows\srchasst

2011-10-10 22:09:38 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-10-10 22:06:46 98816 ----a-w- c:\windows\sed.exe

2011-10-10 22:06:46 518144 ----a-w- c:\windows\SWREG.exe

2011-10-10 22:06:46 256000 ----a-w- c:\windows\PEV.exe

2011-10-10 22:06:46 208896 ----a-w- c:\windows\MBR.exe

2011-10-04 05:08:37 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-04 05:08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-04 05:01:20 -------- d-----w- c:\documents and settings\harry ballsonia\application data\PqUeIrPyAuD

2011-10-04 05:01:18 -------- d-----w- c:\documents and settings\harry ballsonia\application data\waJdKfZhXjVlBz0

2011-10-04 04:57:15 -------- d-----w- c:\documents and settings\harry ballsonia\application data\xlNx0c2b3n5

2011-10-04 04:57:14 -------- d-----w- c:\documents and settings\harry ballsonia\application data\JoFpHsJdL

2011-10-03 04:52:08 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 04:41:05 -------- d-----w- c:\program files\tdsskiller

2011-10-03 04:13:59 -------- d-----w- c:\documents and settings\harry ballsonia\application data\pGaHsKfLgXjCkBz

2011-10-03 04:13:58 -------- d-----w- c:\documents and settings\harry ballsonia\application data\KQ6E8RhXUeOxy1b

2011-10-03 04:11:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-10-03 04:11:15 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-10-03 03:17:01 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2011-10-03 03:17:00 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2011-10-03 03:17:00 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2011-10-03 03:17:00 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2011-10-03 01:29:12 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qL8gTZqjY

2011-10-03 01:29:12 -------- d-----w- c:\documents and settings\harry ballsonia\application data\hrzONtxA0v2b3m5

2011-10-03 01:19:38 -------- d-----w- c:\documents and settings\harry ballsonia\application data\V6dEK8gRZhXkVlB

2011-10-03 01:19:38 -------- d-----w- c:\documents and settings\harry ballsonia\application data\QONyxA0uv2b3m5Q

2011-10-03 00:41:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-03 00:35:55 -------- d-----w- c:\documents and settings\harry ballsonia\application data\Malwarebytes

2011-10-03 00:27:04 -------- d-----w- c:\documents and settings\harry ballsonia\application data\C5sQJ6dEKgZhXkV

2011-10-03 00:27:04 -------- d-----w- c:\documents and settings\harry ballsonia\application data\AONyxA0uv2b3

2011-10-03 00:19:03 -------- d-----w- c:\documents and settings\harry ballsonia\application data\r9gTZqjYC

2011-10-03 00:18:48 -------- d-----w- c:\documents and settings\harry ballsonia\application data\RCkVzNx0v2b3m5Q

2011-10-03 00:18:48 -------- d-----w- c:\documents and settings\harry ballsonia\application data\DE8R9YwUeOtPySi

2011-10-03 00:17:32 -------- d-----w- c:\documents and settings\harry ballsonia\application data\q6KfLgXjC

2011-10-03 00:17:32 -------- d-----w- c:\documents and settings\harry ballsonia\application data\eQJ6dKgZhwUlBx

2011-10-02 21:37:57 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qycS1ibD3n4Q6W7

2011-10-02 21:37:57 -------- d-----w- c:\documents and settings\harry ballsonia\application data\D0uvS2oF3m5Q6E8

2011-10-02 21:19:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\wonF4amH5QTqYer

2011-10-02 21:19:00 -------- d-----w- c:\documents and settings\harry ballsonia\application data\gTXwjUCelBzNc1v

2011-10-02 21:13:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-10-02 20:47:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qG5aQdK8fZhXjVl

2011-10-02 20:47:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\IYCkIVrOtAuSiFp

2011-10-02 20:36:53 -------- d-----w- c:\documents and settings\harry ballsonia\application data\xvSS2oobF4pG5QJ

2011-10-02 20:36:53 -------- d-----w- c:\documents and settings\harry ballsonia\application data\NddEKK8gRZqhXw

2011-10-02 20:36:27 2400768 ----a-w- c:\windows\system32\GRRZqhhYCw.exe

2011-10-02 20:36:27 -------- d-----w- c:\documents and settings\harry ballsonia\application data\TooobF4pm5sQdL8

2011-09-25 20:24:38 -------- d-----w- c:\program files\Veetle

2011-09-25 20:21:54 -------- d-----w- c:\program files\StreamTorrent 1.0

2011-09-25 20:21:54 -------- d-----w- c:\documents and settings\harry ballsonia\application data\StreamTorrent

.

==================== Find3M ====================

.

2011-09-30 19:42:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29:35 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\sysprs7.dll

2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\clauth2.dll

2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\clauth1.dll

2011-04-14 20:32:58 44 ---h--w- c:\program files\74b06f26.tmp

.

============= FINISH: 15:31:58.56 ===============

Thanks again for all your help.

Link to post
Share on other sites

Hi all; unless anyone has any different advice for me, I think I'm going to just reformat the hard drive. This thing is way too much of a pain, and I've been over a week without a half-decent computer.

Also, any advice on some good anti-virus software so I don't get infected in the future?

Thanks

Link to post
Share on other sites

  • Staff

Hi,

Okay. Here are my recommendations for after you format your hard drive and reinstall Windows:

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is imperative that you have an antivirus. You are basically asking for infection without one. :lol:

All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials

AntiVir

avast!.

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.