Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wife blesses my DAW with lots of spyware love :)


  • This topic is locked This topic is locked
2 replies to this topic

#1 dfective

dfective

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 11 January 2009 - 10:40 PM

Wow has spyware came a long way. Never had anything like this before. I have tried several tools, superanti-spyware, malware bytes, combo, and was referred here by a buddy. Things are better but firefox launched itself earlier... something still lurks.

Originally I was getting "invalid floating point" errors crashing AVG, spybot and avast. After various scans and finds(i remember finding vundo but vundo fix didnt find it). It also screwed up my winsock, but i ran LSP to fix it after scanning with malware bytes, combo and superantispyware.

Great forum you have here!

-------

DDS (Ver_09-01-07.01) - FAT32x86
Run by Josh at 21:14:03.17 on 2009-01-11
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.493 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Sygate Personal Firewall *enabled*

============== Running Processes ===============

F:\WINXP\system32\svchost -k DcomLaunch
SVCHOST.EXE
F:\WINXP\System32\svchost.exe -k netsvcs
F:\WINXP\system32\svchost.exe -k WudfServiceGroup
F:\Program Files\Sygate\SPF\smc.exe
SVCHOST.EXE
F:\WINXP\Explorer.EXE
F:\WINXP\system32\ctfmon.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\WINXP\system32\spoolsv.exe
SVCHOST.EXE
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINXP\system32\drivers\CDAC11BA.EXE
d:\Digidesign\Digidesign\Drivers\MMERefresh.exe
F:\Program Files\GlidePoint\glidesvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\WINXP\System32\svchost.exe -k imgsvc
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
F:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
F:\WINXP\system32\vmnat.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\WINXP\system32\vmnetdhcp.exe
D:\Program Files\Trillian\trillian.exe
D:\Program Files\Safari\Safari.exe
F:\WINXP\system32\rundll32.exe
F:\Documents and Settings\Josh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - f:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - f:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\program files\spybot\SDHelper.dll
BHO: {826f260c-b043-49e7-a7e0-2f8422d90f2d} - f:\winxp\system32\cwzjkw.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - f:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - f:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - f:\winxp\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] f:\winxp\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] f:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot\SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - f:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: gebawxw - gebawxw.dll
Notify: qoMgHBrr - qoMgHBrr.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\josh\applic~1\mozilla\firefox\profiles\ep48nsgi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://audiojunk.blogspot.com/|http://sonictransfer.com/side-chain-compression-tutorial.shtml
FF - prefs.js: network.proxy.type - 4
FF - component: f:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - plugin: f:\documents and settings\all users.winxp\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: f:\documents and settings\josh\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npkanevapatch.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: f:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: f:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {D9F5BA84-4B0B-4A38-A64C-525FA36EAB95} - f:\documents and settings\josh\local settings\application data\{d9f5ba84-4b0b-4a38-a64c-525fa36eab95}\

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;f:\winxp\system32\drivers\DigiFilt.sys [2007-10-14 16384]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\winxp\system32\drivers\avgldx86.sys [2009-1-6 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;f:\winxp\system32\drivers\avgmfx86.sys [2009-1-6 26824]
R1 SASDIFSV;SASDIFSV;f:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;f:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R3 ethertap;EtherTap Adapter;f:\winxp\system32\drivers\ethertap.sys [2008-12-25 21930]
R3 RDID1003;EDIROL UM-2;f:\winxp\system32\drivers\Rdwm1003.sys [2006-4-8 66530]
R3 RDID1009;EDIROL UM-1;f:\winxp\system32\drivers\Rdwm1009.sys [2005-6-4 65794]
R3 SASENUM;SASENUM;f:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R3 UltraMonMirror;UltraMonMirror;f:\winxp\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
R3 vsdevbus;Virtual Serial Devices Bus Enumerator;f:\winxp\system32\drivers\vsdevbus.sys [2007-5-1 13312]
R3 wip0204;Wippien Network Adapter 2.4;f:\winxp\system32\drivers\wip0204.sys [2008-12-5 23480]
R4 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\avg\avg8\avgemc.exe [2009-1-6 875288]
R4 avg8wd;AVG Free8 WatchDog;f:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-6 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;f:\winxp\system32\drivers\avgtdix.sys [2009-1-6 76040]
R4 GlidePoint;GlidePoint Touchpad Client;f:\program files\glidepoint\glidesvc.exe [2005-11-18 131072]
R4 UltraMonUtility;UltraMon Utility Driver;f:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
S3 asbp2poa;asbp2poa;\??\f:\docume~1\josh\locals~1\temp\asbp2poa.sys --> f:\docume~1\josh\locals~1\temp\asbp2poa.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;f:\program files\alwil software\avast4\ashMaiSv.exe [2007-5-14 243328]
S3 avast! Web Scanner;avast! Web Scanner;f:\program files\alwil software\avast4\ashWebSv.exe [2007-5-14 345728]
S3 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;f:\cfusionmx\db\slserver52\bin\swagent.exe "coldfusion mx odbc agent" --> f:\cfusionmx\db\slserver52\bin\swagent.exe ColdFusion MX ODBC Agent [?]
S3 glidehid;GlidePoint HID Touchpad Minidriver;f:\winxp\system32\drivers\glidehid.sys [2005-11-18 33920]
S3 glideps2;GlidePoint PS/2 Touchpad Filter;f:\winxp\system32\drivers\glideps2.sys [2005-11-18 12672]
S3 Npfs2sser;Npfs2sser; [x]
S3 RDID1045;Roland FANTOM-X;f:\winxp\system32\drivers\RDWM1045.SYS [2004-1-20 59642]
S3 TwBus;MicroTouch Serial Bus Enumerator;f:\winxp\system32\drivers\twbus.sys --> f:\winxp\system32\drivers\TwBus.sys [?]
S3 TwTouch;MicroTouch touch screen;f:\winxp\system32\drivers\twtouch.sys --> f:\winxp\system32\drivers\TwTouch.sys [?]
S3 vnullmod;Virtual Null Modem Device Driver;f:\winxp\system32\drivers\vnullmod.sys [2007-5-1 26368]
S4 avast! Antivirus;avast! Antivirus;f:\program files\alwil software\avast4\ashServ.exe [2007-5-14 132736]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"f:\program files\viewpoint\common\viewpointservice.exe" --> f:\program files\viewpoint\common\ViewpointService.exe [?]
S4 vsdatant;vsdatant; [x]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;f:\program files\webroot\spy sweeper\SpySweeper.exe [2007-5-15 3376704]

=============== Created Last 30 ================

2009-01-11 20:22 161,792 a------- f:\winxp\SWREG.exe
2009-01-11 20:22 98,816 a------- f:\winxp\sed.exe
2009-01-11 20:22 389,120 a------- f:\winxp\system32\CF29933.exe
2009-01-11 20:22 <DIR> --d----- F:\soldier
2009-01-11 20:21 2,914,743 a----r-- F:\soldier.exe
2009-01-11 20:20 389,120 a------- f:\winxp\system32\CF29629.exe
2009-01-11 20:20 <DIR> --d----- F:\ComboFix
2009-01-11 20:19 14,568 a------- f:\winxp\system32\drivers\wg5n.sys
2009-01-11 20:19 14,568 a------- f:\winxp\system32\drivers\wg6n.sys
2009-01-11 20:19 14,568 a------- f:\winxp\system32\drivers\wg4n.sys
2009-01-11 20:19 14,568 a------- f:\winxp\system32\drivers\wg3n.sys
2009-01-11 20:15 <DIR> --dsh--- F:\FOUND.017
2009-01-11 01:20 389,120 a------- f:\winxp\system32\CF2806.exe
2009-01-11 01:19 <DIR> --d----- F:\32788R22FWJFW.0.tmp
2009-01-11 01:19 <DIR> --d----- F:\VundoFix Backups
2009-01-11 01:19 <DIR> --d----- f:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-01-11 01:19 <DIR> --d----- f:\program files\SUPERAntiSpyware
2009-01-11 01:19 <DIR> --d----- f:\docume~1\josh\applic~1\SUPERAntiSpyware.com
2009-01-11 01:17 <DIR> --d----- f:\program files\CCleaner
2009-01-11 01:17 <DIR> --d----- f:\docume~1\josh\applic~1\Malwarebytes
2009-01-11 01:17 15,504 a------- f:\winxp\system32\drivers\mbam.sys
2009-01-11 01:17 38,496 a------- f:\winxp\system32\drivers\mbamswissarmy.sys
2009-01-11 01:17 <DIR> --d----- f:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-01-11 01:17 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware
2009-01-06 14:38 552 a------- f:\winxp\system32\d3d8caps.dat
2009-01-06 14:02 0 a------- f:\winxp\system32\REN19.tmp
2009-01-06 14:02 0 a------- f:\winxp\system32\REN18.tmp
2009-01-06 14:02 0 a------- f:\winxp\system32\REN17.tmp
2009-01-06 14:02 0 a------- f:\winxp\system32\REN13.tmp
2009-01-06 14:02 0 a------- f:\winxp\system32\REN12.tmp
2009-01-06 14:02 0 a------- f:\winxp\system32\REN11.tmp
2009-01-06 00:56 <DIR> --d-h--- F:\$AVG8.VAULT$
2009-01-06 00:48 10,520 a------- f:\winxp\system32\avgrsstx.dll
2009-01-06 00:48 97,928 a------- f:\winxp\system32\drivers\avgldx86.sys
2009-01-06 00:48 76,040 a------- f:\winxp\system32\drivers\avgtdix.sys
2009-01-06 00:48 <DIR> --d----- f:\winxp\system32\drivers\Avg
2009-01-06 00:48 <DIR> --d----- f:\program files\AVG
2009-01-06 00:48 <DIR> --d----- f:\docume~1\alluse~1.win\applic~1\avg8
2009-01-06 00:46 <DIR> --d----- f:\program files\Spybot
2009-01-05 23:48 111,616 a------- f:\winxp\system32\dllcache\userinit.exe
2009-01-05 11:59 135,168 a------- f:\winxp\udapafiq.dll
2009-01-04 22:50 <DIR> --d----- f:\docume~1\josh\applic~1\aicon
2008-12-26 02:49 <DIR> --dsh--- f:\winxp\ftpcache
2008-12-26 02:30 <DIR> --d----- f:\program files\iConcepts Music Express
2008-12-25 22:57 21,930 a------- f:\winxp\system32\drivers\ethertap.sys
2008-12-25 22:57 <DIR> --d----- f:\program files\NatNix
2008-12-25 22:48 26,309 a------- f:\winxp\scunin.dat
2008-12-25 22:48 70,656 a------- f:\winxp\ScUnin.exe
2008-12-25 22:48 967 a------- f:\winxp\ScUnin.pif
2008-12-18 00:21 <DIR> --d----- f:\docume~1\alluse~1.win\applic~1\acccore
2008-12-18 00:19 <DIR> --d----- f:\program files\AIM6
2008-12-15 03:41 <DIR> --d----- f:\program files\Red Kawa
2008-12-15 03:41 <DIR> --d----- f:\program files\AviSynth 2.5

==================== Find3M ====================

2009-01-05 23:48 111,616 a------- f:\winxp\system32\userinit.exe
2008-12-16 00:05 716,272 a------- f:\winxp\system32\drivers\sptd.sys
2008-12-09 03:02 32,463 a------- f:\winxp\system32\ForceBindIP-Uninstaller.exe
2008-12-09 02:29 25,280 a------- f:\winxp\system32\drivers\hamachi.sys
2008-12-05 02:02 62,140 a---h--- f:\winxp\system32\mlfcache.dat
2008-11-23 00:41 0 a---h--- f:\winxp\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-11-23 00:41 0 a---h--- f:\winxp\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-11-23 00:41 0 a---h--- f:\winxp\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-11-23 00:32 0 a---h--- f:\winxp\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-11-23 00:32 0 a---h--- f:\winxp\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-11-23 00:19 4,028 a------- f:\winxp\system32\PerfStringBackup.TMP
2008-11-23 00:09 86,315 a------- f:\winxp\pchealth\helpctr\offlinecache\index.dat
2008-10-16 14:13 1,809,944 a------- f:\winxp\system32\dllcache\wuaueng.dll
2008-10-16 14:12 323,608 a------- f:\winxp\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- f:\winxp\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- f:\winxp\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- f:\winxp\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- f:\winxp\system32\dllcache\wups.dll
2008-07-21 22:30 56 a--sh--- f:\docume~1\alluse~1.win\applic~1\dc64vg9.sys
2008-06-09 00:34 100 a------- f:\docume~1\alluse~1.win\applic~1\alchemisttest.dat
2006-10-14 02:34 98 a------- f:\documents and settings\josh\log.dat
2006-10-14 02:34 88 a------- f:\documents and settings\josh\U64KeyMap.dat
2007-05-14 16:59 5 a--sh--- f:\winxp\system32\baeadbdaf_s.dll
2007-05-17 17:09 975 ---sh--- f:\winxp\registration\crmlog\ntp2.ini2

============= FINISH: 21:14:52.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:34 AM

Posted 12 January 2009 - 06:13 AM

Hi,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

I also see you have been using Combofix. Please rerun it again (update if necessary) and post the log (C:\Combofix.txt) in your next reply
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:34 AM

Posted 21 January 2009 - 09:12 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users