Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Shuts Down on it`s Own!!!


  • This topic is locked This topic is locked
25 replies to this topic

#1 KEEVO

KEEVO

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 21 August 2009 - 07:56 AM

hello, well i`ve got a problem here with my pc as it has now shut down by it`s self 3 times now, the first 2 times it done it i ran Malwarebytes Anti-Malware, ATF Cleaner and SUPERAntiSpyware this is the log`s from the first time it shut down on Tuesday 19th Aug 09

Malwarebytes' Anti-Malware 1.40
Database version: 2651
Windows 5.1.2600 Service Pack 2

19/08/2009 00:41:13
mbam-log-2009-08-19 (00-41-13).txt

Scan type: Quick Scan
Objects scanned: 103470
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/19/2009 at 02:27 AM

Application Version : 4.27.1000

Core Rules Database Version : 4061
Trace Rules Database Version: 2001

Scan type : Custom Scan
Total Scan Time : 01:41:10

Memory items scanned : 438
Memory threats detected : 0
Registry items scanned : 7128
Registry threats detected : 9
File items scanned : 84755
File threats detected : 5

Rogue.Component/Trace
HKLMSoftwareMicrosoft3C70AE48
HKLMSoftwareMicrosoft3C70AE48#3c70ae48
HKLMSoftwareMicrosoft3C70AE48#Version
HKLMSoftwareMicrosoft3C70AE48#3c7003c8
HKLMSoftwareMicrosoft3C70AE48#3c706a2d
HKUS-1-5-21-1644491937-1677128483-682003330-1003SoftwareMicrosoftFIAS4018

Trojan.Fake-Alert/Trace
HKUS-1-5-21-1644491937-1677128483-682003330-1003SOFTWAREMicrosoftfias4013

Rootkit.TDSServ
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTDSSserv.sys
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTDSSserv.sys

Trojan.Agent/Gen-FSG
C:AHEAD NERO V7 0 PREMIUM EDITION FULLXILISOFT.DVD.RIPPER.V3.0.5.912.WINALL.INCL.KEYGEN-BRDXILISOFT.DVD.RIPPER.V3.0.5.912.WINALL.INCL.KEYGEN-BRDKEYGENKEYGEN.EXE

Trojan.Agent/Gen-Keygen
C:DOCUMENTS AND SETTINGSDEMMYDESKTOPME PROGRAMSVSO.CONVERTXTODVD.V3.0.0.13.WINALL.INCL.KEYGEN-BRDKEYGEN BY TEAM BRDKEYGEN.EXE
C:DOCUMENTS AND SETTINGSDEMMYDESKTOPME STUFFBITS N BOBSVSO.CONVERTXTODVD.V3.1.1.31.INCL.KEYGEN-BRDKEYGEN-BRDKEYGEN.EXE

Trojan.Unknown Origin
C:WINDOWSSYSTEM32TDSSBRSR.DAT

Rootkit.TDSServ-Trace
C:WINDOWSSYSTEM32TDSSOSVD.DAT

now my pc shut down again it`s self lastnight so i ran Malwarebytes Anti-Malware, then ran GMER 1.0.15 here is the logs.

Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 2

21/08/2009 00:52:06
mbam-log-2009-08-21 (00-52-06).txt

Scan type: Quick Scan
Objects scanned: 104577
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:Documents and SettingsDEMMYLocal SettingsTempie3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


GMER 1.0.15.15077 [u39xjy67.exe] - http://www.gmer.net
Rootkit scan 2009-08-21 06:16:49
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

.text USBPORT.SYS!DllUnload F6B5A62C 5 Bytes JMP 87224970
? C:WINDOWSsystem32driverssptd.sys The process cannot access the file because it is being used by another process.
? C:WINDOWSSystem32DriversSPTDDRV1.SYS The process cannot access the file because it is being used by another process.
? winbmvrx.sys The system cannot find the file specified. !
? System32Driversatm0fqal.SYS The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice DriverTcpip DeviceIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceRawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceTcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceUdp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice FileSystemFastfat Fat eBoost.sys (eBoostr Filter Driver/eBoostr.com)
AttachedDevice FileSystemNtfs Ntfs eBoost.sys (eBoostr Filter Driver/eBoostr.com)

Device FileSystemUdfs UdfsCdRom 86EFB990
Device FileSystemUdfs UdfsDisk 86EFB990
Device FileSystemCdfs Cdfs 86F21528
Device FileSystemFastfat Fat 86F22788
Device FileSystemFastfat FatCdrom 86F22788
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 86F48990
Device FileSystemMRxSmb DeviceLanmanRedirector 86F48990
Device DriverNetBT DeviceNetbiosSmb 86F50308
Device DriverNetBT DeviceNetBT_Tcpip_{AA40EEC3-012F-4165-8954-0150D12B57EA} 86F50308
Device DriverNetBT DeviceNetBt_Wins_Export 86F50308
Device Driveratm0fqal DeviceScsiatm0fqal1 87191990
Device Driveratm0fqal DeviceScsiatm0fqal1Port4Path0Target0Lun0 87191990
Device DriverCdrom DeviceCdRom0 87225990
Device DriverCdrom DeviceCdRom1 87225990
Device DriverCdrom DeviceCdRom2 87225990
Device DriverCdrom DeviceCdRom3 87225990
Device Driverusbuhci DeviceUSBFDO-0 8726E990
Device Driverusbuhci DeviceUSBFDO-1 8726E990
Device Driverusbuhci DeviceUSBFDO-2 8726E990
Device Driverusbuhci DeviceUSBFDO-3 8726E990
Device Driverusbuhci DeviceUSBPDO-0 8726E990
Device Driverusbuhci DeviceUSBPDO-1 8726E990
Device Driverusbuhci DeviceUSBPDO-2 8726E990
Device Driverusbuhci DeviceUSBPDO-3 8726E990
Device Driverusbehci DeviceUSBFDO-4 8726F990
Device Driverusbehci DeviceUSBPDO-4 8726F990
Device FileSystemNtfs Ntfs 8736A1D8
Device Driveratapi DeviceIdeIdeDeviceP2T0L0-1c 8736B1D8
Device Driveratapi DeviceIdeIdeDeviceP2T1L0-24 8736B1D8
Device Driveratapi DeviceIdeIdeDeviceP3T0L0-8 8736B1D8
Device Driveratapi DeviceIdeIdeDeviceP3T1L0-10 8736B1D8
Device Driveratapi DeviceIdeIdePort0 8736B1D8
Device Driveratapi DeviceIdeIdePort1 8736B1D8
Device Driveratapi DeviceIdeIdePort2 8736B1D8
Device Driveratapi DeviceIdeIdePort3 8736B1D8
Device DriverFtdisk DeviceFtControl 8736C1D8
Device DriverFtdisk DeviceHarddiskVolume1 8736C1D8
Device DriverFtdisk DeviceHarddiskVolume2 8736C1D8
Device Driverdmio DeviceDmControlDmConfig 873D11D8
Device Driverdmio DeviceDmControlDmInfo 873D11D8
Device Driverdmio DeviceDmControlDmIoDaemon 873D11D8
Device Driverdmio DeviceDmControlDmPnP 873D11D8
Device Driveratapi DeviceIdeIdeDeviceP2T0L0-1c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device Driveratapi DeviceIdeIdeDeviceP2T1L0-24 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device Driveratapi DeviceIdeIdeDeviceP3T0L0-8 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device Driveratapi DeviceIdeIdeDeviceP3T1L0-10 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device Driveratapi DeviceIdeIdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device Driveratapi DeviceIdeIdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device Driveratapi DeviceIdeIdePort2 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device Driveratapi DeviceIdeIdePort3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device Driver00000052 Device00000068 sptd.sys

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7687AB6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7687B76] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7687BEE] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76885F2] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F768871C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76976C4] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7697718] sptd.sys
IAT SystemRootSystem32DRIVERSi8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76AC7AE] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76AD394] sptd.sys
IAT SystemRootSystem32DRIVERScdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76AD4E8] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76AD4E8] sptd.sys

---- Registry - GMER 1.0.15 ----

Reg HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules (not active ControlSet)
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules (not active ControlSet)
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA400000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 -934827687
Reg HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@khjeh 0x23 0x7F 0x6B 0x3C ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@khjeh 0x23 0x7F 0x6B 0x3C ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@khjeh 0x23 0x7F 0x6B 0x3C ...
Reg HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x8C 0x60 0x5A 0xD4 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x8C 0x60 0x5A 0xD4 ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x8C 0x60 0x5A 0xD4 ...
Reg HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40@khjeh 0xC9 0xAF 0x60 0xFF ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40@khjeh 0xC9 0xAF 0x60 0xFF ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40@khjeh 0xC9 0xAF 0x60 0xFF ...
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)@start 1
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)@type 1
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys@start 1
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys@type 1
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)@start 1
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)@type 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 1
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)@start 1
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)@type 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 2118105194
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)@imagepath systemrootsystem32driversTDSSmhxt.sys
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@TDSSserv systemrootsystem32driversTDSSmhxt.sys
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)@imagepath systemrootsystem32driversTDSSmhxt.sys
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@TDSSserv systemrootsystem32driversTDSSmhxt.sys
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)@imagepath systemrootsystem32driversTDSSmhxt.sys
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@TDSSserv systemrootsystem32driversTDSSmhxt.sys
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys@imagepath systemrootsystem32driversTDSSmqlt.sys
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@TDSSserv systemrootsystem32driversTDSSmqlt.sys
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@TDSSproc systemrootsystem32TDSSbqbx.log
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@TDSSproc systemrootsystem32TDSSbqbx.log
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@TDSSproc systemrootsystem32TDSSbqbx.log
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@TDSSproc systemrootsystem32TDSSbqbx.log
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@tdssservers systemrootsystem32TDSSbrsr.dat
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@tdssadw systemrootsystem32TDSScfum.dll
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@tdssadw systemrootsystem32TDSScfum.dll
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@tdssadw systemrootsystem32TDSScfum.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@tdssinit systemrootsystem32TDSSfxwp.dll
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@tdssinit systemrootsystem32TDSSfxwp.dll
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@tdssinit systemrootsystem32TDSSfxwp.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@tdssadw systemrootsystem32TDSSlxwp.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@tdssinit systemrootsystem32TDSSnmxh.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@tdssurls systemrootsystem32TDSSnmxh.log
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@tdssurls systemrootsystem32TDSSnmxh.log
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@tdssurls systemrootsystem32TDSSnmxh.log
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@tdssmain systemrootsystem32TDSSnrsr.dll
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@tdssmain systemrootsystem32TDSSnrsr.dll
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@tdssmain systemrootsystem32TDSSnrsr.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@TDSSl systemrootsystem32TDSSofxh.dll
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@TDSSl systemrootsystem32TDSSofxh.dll
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@TDSSl systemrootsystem32TDSSofxh.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@TDSSl systemrootsystem32TDSSoixh.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@tdssservers systemrootsystem32TDSSosvd.dat
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@tdssservers systemrootsystem32TDSSosvd.dat
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@tdssservers systemrootsystem32TDSSosvd.dat
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@tdssserf systemrootsystem32TDSSrhym.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@tdsspanels systemrootsystem32TDSSrhym.dll
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@tdssserf systemrootsystem32TDSSrhym.dll
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@tdssserf systemrootsystem32TDSSrhym.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@tdsslog systemrootsystem32TDSSriqp.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@tdssmain systemrootsystem32TDSSriqp.dll
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@tdsslog systemrootsystem32TDSSriqp.dll
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@tdsslog systemrootsystem32TDSSriqp.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@tdsspanels systemrootsystem32TDSSsbhc.dll
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@tdsspanels systemrootsystem32TDSSsbhc.dll
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@tdsspanels systemrootsystem32TDSSsbhc.dll
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@tdssurls systemrootsystem32TDSSsihc.log
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@tdsserrors systemrootsystem32TDSStkdu.log
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys)modules@tdsserrors systemrootsystem32TDSStkdv.log
Reg HKLMSYSTEMControlSet002ServicesTDSSserv.sys)modules@tdsserrors systemrootsystem32TDSStkdv.log
Reg HKLMSYSTEMCurrentControlSetServicesTDSSserv.sys)modules@tdsserrors systemrootsystem32TDSStkdv.log
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sysmodules@tdsslog systemrootsystem32TDSSxfum.dll
Reg HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools
Reg HKLMSYSTEMControlSet001ServicesTDSSserv.sys@group file system

---- Services - GMER 1.0.15 ----

Service system32driversTDSSmhxt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys) <-- ROOTKIT !!!

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF76870B0]
SSDT sptd.sys ZwEnumerateKey [0xF768BD1C]
SSDT sptd.sys ZwEnumerateValueKey [0xF768C0BC]
SSDT sptd.sys ZwOpenKey [0xF7687090]
SSDT sptd.sys ZwQueryKey [0xF768C194]
SSDT sptd.sys ZwQueryValueKey [0xF768C014]
SSDT sptd.sys ZwSetValueKey [0xF768C226]
SSDT ??C:Program FilesSUPERAntiSpywareSASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3DD2F20]

---- EOF - GMER 1.0.15 ----

can i just delete Service system32driversTDSSmhxt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys) <-- ROOTKIT !!!
or do i need a program to do it :thumbup2:

just downloaded HijackThis v2.0.2 and ran a scan just incase i was asked to do so, here`s the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:43, on 21/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:WINDOWSsystem32CTsvcCDA.EXE
C:Program FileseBoostrEBstrSvc.exe
C:PROGRA~1AVGAVG8avgam.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:Program FilesBrowser mouse1.3mouse32a.exe
C:Program FilesSlySoftAnyDVDAnyDVD.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesMultimedia keyboard utility1.3KbdAp32A.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FileseBoostreBoostrCP.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32rundll32.exe
C:Documents and SettingsDEMMYDesktopHiJackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: .150.205
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O1 - Hosts: 193.125.23.12 updates.sald.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6B71304F-D259-480D-8A09-5F1624155694} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.15642swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll
O2 - BHO: {5424c107-b914-f768-3404-4ad1e653d8ad} - {da8d356e-1da4-4043-867f-419b701c4245} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: (no name) - {C777BE34-F82E-436A-85BF-D6723D53DB3A} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [FLMMEDIONMOUSE] "C:Program FilesBrowser mouse1.3mouse32a.exe"
O4 - HKLM..Run: [FLMK08KB] "C:Program FilesMultimedia keyboard utility1.3MMKEYBD.EXE"
O4 - HKLM..Run: [AnyDVD] "C:Program FilesSlySoftAnyDVDAnyDVD.exe"
O4 - HKLM..Run: [LanguageShortcut] "C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe"
O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SoundMax] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: eBoostr Control Panel.lnk = C:Program FileseBoostreBoostrCP.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32mswsock32.dll
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114878264420
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~3GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.EXE
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:Program FileseBoostrEBstrSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared filesRichVideo.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Professional 2005RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Professional 2005RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe

--
End of file - 9504 bytes

Merged 4 posts. ~ OB

Edited by Orange Blossom, 21 August 2009 - 09:44 AM.


BC AdBot (Login to Remove)

 


#2 KEEVO

KEEVO
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 21 August 2009 - 10:32 AM

don`t know what`s going on here :thumbup2: as i`ve not done anything, but i got hit by a
Trojan.Agent Virus see log below.

Malwarebytes' Anti-Malware 1.40
Database version: 2670
Windows 5.1.2600 Service Pack 2

21/08/2009 16:01:41
mbam-log-2009-08-21 (16-01-41).txt

Scan type: Quick Scan
Objects scanned: 104489
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\DEMMY\Local Settings\Temp\ie3.tmp (Trojan.Agent) -> Delete on reboot.

#3 KEEVO

KEEVO
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 21 August 2009 - 01:05 PM

just updating, well i`ve` disabled TDSSERV.sys in Non-Plug and Play Drivers in Device Manager
but i`ve got 2 exclamation mark`s at Beep plus FileDisk
don`t know if i should disabled them whilst waiting on help :thumbup2:
===========

Hello

Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I'd advise checking your topic for responses once a day.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 21 August 2009 - 01:09 PM.


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:28 PM

Posted 01 September 2009 - 04:00 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 KEEVO

KEEVO
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 07 September 2009 - 12:06 PM

hope i`ve done this right

DDS (Ver_09-07-30.01) - NTFSx86
Run by DEMMY at 17:41:40.20 on 07/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
mSearchAssistant = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6B71304F-D259-480D-8A09-5F1624155694} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: {da8d356e-1da4-4043-867f-419b701c4245} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C777BE34-F82E-436A-85BF-D6723D53DB3A} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [FLMMEDIONMOUSE] "c:\program files\browser mouse\1.3\mouse32a.exe"
mRun: [FLMK08KB] "c:\program files\multimedia keyboard utility\1.3\MMKEYBD.EXE"
mRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to AD Black List
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block All Images from the Same Server
IE: Highlight
IE: Open All Links in This Page...
IE: Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: Microsoft XML Parser for Java
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114878264420
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\peluloge.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\demmy\applic~1\mozilla\firefox\profiles\5y0lkmyi.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmeadax.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-29 00:53 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-26 22:58 2,187,360 a------- C:\JoinVideo_aud.mpg
2009-08-26 22:58 0 a------- C:\JoinVideo_vid.m2v
2009-08-26 22:58 0 a------- C:\JoinVideo.mpg
2009-08-26 22:15 7,420,416 a------- C:\JoinVideo.avi
2009-08-19 19:09 <DIR> --d----- c:\program files\Sophos
2009-08-09 19:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk

==================== Find3M ====================

2009-08-03 18:13 13,312 a------- c:\windows\system32\userinit.exe
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 ac------ c:\windows\system32\drivers\mbam.sys
2009-07-31 11:36 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 11:36 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-06-09 18:54 737,280 ac------ c:\windows\iun6002.exe
2009-06-09 18:51 4,755,829 a------- C:\Fruit Machine Emulator Installation Wizard.zip
2007-06-01 23:49 87,608 ac------ c:\docume~1\demmy\applic~1\inst.exe
2007-06-01 23:49 47,360 ac------ c:\docume~1\demmy\applic~1\pcouffin.sys
2008-10-14 09:57 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat
2008-12-03 22:01 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120320081204\index.dat
2008-12-06 04:00 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 17:41:57.71 ===============

Edited by KEEVO, 07 September 2009 - 03:39 PM.


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 AM

Posted 10 September 2009 - 05:30 PM

Hello.

Sorry for the delay.

Run RootRepeal for me please and let's see what may still be left. Then take a new DDS run and post back with both the DDS.txt and Attach.txt logs as well.

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Posted Image tab at the bottom.
  • Now press the Posted Image button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 KEEVO

KEEVO
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 10 September 2009 - 07:59 PM

thanks for taken the time to try and help me extremeboy.

DDS (Ver_09-07-30.01) - NTFSx86
Run by DEMMY at 1:06:23.93 on 11/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
mSearchAssistant = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6B71304F-D259-480D-8A09-5F1624155694} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: {da8d356e-1da4-4043-867f-419b701c4245} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C777BE34-F82E-436A-85BF-D6723D53DB3A} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [FLMMEDIONMOUSE] "c:\program files\browser mouse\1.3\mouse32a.exe"
mRun: [FLMK08KB] "c:\program files\multimedia keyboard utility\1.3\MMKEYBD.EXE"
mRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to AD Black List
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block All Images from the Same Server
IE: Highlight
IE: Open All Links in This Page...
IE: Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: Microsoft XML Parser for Java
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114878264420
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\peluloge.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\demmy\applic~1\mozilla\firefox\profiles\5y0lkmyi.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmeadax.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-09-10 12:27 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-09-10 12:27 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-09-10 12:27 65,602 a------- c:\windows\system32\cook3260.dll
2009-09-10 12:27 1,645,320 a------- c:\windows\gdiplus.dll
2009-08-29 00:53 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-26 22:58 2,187,360 a------- C:\JoinVideo_aud.mpg
2009-08-26 22:58 0 a------- C:\JoinVideo_vid.m2v
2009-08-26 22:58 0 a------- C:\JoinVideo.mpg
2009-08-26 22:15 7,420,416 a------- C:\JoinVideo.avi
2009-08-19 19:09 <DIR> --d----- c:\program files\Sophos

==================== Find3M ====================

2009-08-03 18:13 13,312 a------- c:\windows\system32\userinit.exe
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 ac------ c:\windows\system32\drivers\mbam.sys
2009-07-31 11:36 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 11:36 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2007-06-01 23:49 87,608 ac------ c:\docume~1\demmy\applic~1\inst.exe
2007-06-01 23:49 47,360 ac------ c:\docume~1\demmy\applic~1\pcouffin.sys
2008-10-14 09:57 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat
2008-12-03 22:01 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120320081204\index.dat
2008-12-06 04:00 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 1:06:52.89 ===============


==== Installed Programs ======================


#1 Video Converter 3.4.7
Absolute MP3 Splitter version 2.6.9
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AnyDVD
Avatar Sizer
AVG 8.5
AVI to MPEG Converter
BitTorrent
Browser mouse 1.3
CCleaner (remove only)
Choice Guard
ConvertXtoDVD 2.2.0.251
ConvertXtoDVD 3.0.0.13
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen MicroPhoto
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec 3.1alpha release
DNA
Driver Magician 3.4
DVD-lab PRO 1.00
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD2one 1.5.1
DVDFab Platinum 2.87
Easy DVD Shrink
eBoostr 2
EPSON PhotoQuicker3.5
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR200 Reference Guide
ESPR200 Software Guide
Fruit Machine Emulators
Google Desktop
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel® 537 Modem
IsoBuster 1.4
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 15
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
K-Lite Mega Codec Pack 1.30
LiveUpdate BVRP Software
LoveChess Age Of Egypt
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mirar
mobile PhoneTools
Mozilla Firefox (3.0.13)
Mp3 Audio Editor
MP3 Remix Player
Mp3Doctor 5.10.955
MSVCRT
Multimedia keyboard utility 1.3
Nero 7
Nero Mega Plugin Pack
NewsLeecher v3.9 Beta 1
NVIDIA Drivers
nzbval v 1.0
OpenOffice.org Installer 1.0
PartitionMagic
PC Connectivity Solution
PCRepair 2005
PIF DESIGNER2.1
Platform
PowerDVD
PowerQuest PartitionMagic 8.0
QuickPar 0.9
Realtek AC'97 Audio
RegDoctor 2.05
RegistryFix v3.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SiSoftware Sandra Professional 2005 (Win64/32/CE)
Sophos Anti-Rootkit 1.5.0
SoundMAX
Spybot - Search & Destroy 1.4
SSC Service Utility v3.80
Super Video Converter 1.4
Super Video Joiner 5.7.1
SUPERAntiSpyware Free Edition
Switch Sound File Converter
System Requirements Lab
Tag&Rename 3.4.6
Ulead DVD MovieFactory 3 Disc Creator Trial
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VSO CopyToDVD 4
WebFldrs XP
WinAVIVideoConverter
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2
Wondershare Scrapbook Studio (1.0.0) Trial Version
XoftSpy
xp-AntiSpy 3.97-3
XRECODE

==== End Of File ===========================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 01:10
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000052
Image Path: \Driver\00000052
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: axc9w0io.SYS
Image Path: C:\WINDOWS\System32\Drivers\axc9w0io.SYS
Address: 0xF6657000 Size: 303104 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3C8E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7CA7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB6DB8000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\DEMMY\Desktop\me programs\BF2_PA~1.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\DEMMY\Desktop\me programs\Trojan_hunter\Trojan hunter\TROJAN~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\DEMMY\Desktop\me stuff\bits n bobs\WINRAR FILES\BLONDI~1.RAR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf76870b0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf768bd1c

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf768c0bc

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf7687090

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf768c194

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf768c014

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf768c226

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8736a1d8 Size: 202

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x86eea990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_CREATE]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_CLOSE]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_READ]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_WRITE]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_CLEANUP]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Udfsȅ扏济偰醐Ȃఄ扏济WINT, IRP_MJ_PNP]
Process: System Address: 0x86ee7990 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x873c7750 Size: 447

Object: Hidden Code [Driver: axc9w0ioЅఇ浍浓蜮Ā, IRP_MJ_CREATE]
Process: System Address: 0x87275718 Size: 447

Object: Hidden Code [Driver: axc9w0ioЅఇ浍浓蜮Ā, IRP_MJ_CLOSE]
Process: System Address: 0x87275718 Size: 447

Object: Hidden Code [Driver: axc9w0ioЅఇ浍浓蜮Ā, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87275718 Size: 447

Object: Hidden Code [Driver: axc9w0ioЅఇ浍浓蜮Ā, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87275718 Size: 447

Object: Hidden Code [Driver: axc9w0ioЅఇ浍浓蜮Ā, IRP_MJ_POWER]
Process: System Address: 0x87275718 Size: 447

Object: Hidden Code [Driver: axc9w0ioЅఇ浍浓蜮Ā, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87275718 Size: 447

Object: Hidden Code [Driver: axc9w0ioЅఇ浍浓蜮Ā, IRP_MJ_PNP]
Process: System Address: 0x87275718 Size: 447

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8736b1d8 Size: 447

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8736b1d8 Size: 447

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8736b1d8 Size: 447

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8736b1d8 Size: 447

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8736b1d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x873d11d8 Size: 447

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x871d71d8 Size: 447

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x871d71d8 Size: 447

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871d71d8 Size: 447

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871d71d8 Size: 447

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x871d71d8 Size: 447

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871d71d8 Size: 447

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x871d71d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8736c1d8 Size: 447

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86f421d8 Size: 447

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86f421d8 Size: 447

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f421d8 Size: 447

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f421d8 Size: 447

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86f421d8 Size: 447

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86f421d8 Size: 447

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x871aa7b0 Size: 447

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x871aa7b0 Size: 447

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871aa7b0 Size: 447

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871aa7b0 Size: 447

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x871aa7b0 Size: 447

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871aa7b0 Size: 447

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x871aa7b0 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86f3e990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_CREATE]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_CLOSE]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_READ]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_CLEANUP]
Process: System Address: 0x86ee6990 Size: 447

Object: Hidden Code [Driver: CdfsЅ扏济Ёఅ瑎獆똘桐藸, IRP_MJ_PNP]
Process: System Address: 0x86ee6990 Size: 447

Hidden Services
-------------------
Service Name: TDSSserv.sys)
Image Path: C:\WINDOWS\system32\drivers\TDSSmhxt.sys

==EOF==

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 AM

Posted 10 September 2009 - 08:06 PM

Hello again.

I do see one of the infection as a backdoor.rootkit. Regarding that...

Posted ImageRootkit Threat

Unfortunatly One or more of the identified infections is a Rootkit/backdoor trojan.

IMPORTANT NOTE: Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Tell me what you want to do.

If you wish to continue, please follow the instructions below please...



Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 KEEVO

KEEVO
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 10 September 2009 - 08:39 PM

extremeboy here`s the log report from ComboFix.txt

ComboFix 09-08-20.07 - DEMMY 11/09/2009 2:17.1.1 - NTFSx86
Running from: c:\documents and settings\DEMMY\Desktop\scanning stuff\Combo-Fix-Pc.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2220515932-6245673080-977313871-3074
c:\recycler\S-1-5-21-2220515932-6245673080-977313871-3074\Desktop.ini
c:\recycler\S-1-5-21-7503395558-8232382256-635328052-2639
c:\recycler\S-1-5-21-7503395558-8232382256-635328052-2639\Desktop.ini
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\Install.txt
c:\windows\system32\Install.txt
c:\windows\system32\open.ico

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-10 11:27 . 2007-03-18 20:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-09-10 11:27 . 2006-05-20 16:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-09-10 11:27 . 2006-05-11 19:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-09-10 11:27 . 2004-05-04 11:53 1645320 ----a-w- c:\windows\gdiplus.dll
2009-08-28 23:53 . 2009-08-28 23:53 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-19 18:09 . 2009-08-19 18:09 -------- d-----w- c:\program files\Sophos
2009-08-18 23:12 . 2009-08-18 23:12 -------- d-----w- c:\documents and settings\Administrator.DEMMY-QDWXJIYDX\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 01:21 . 2009-05-12 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2009-09-10 23:04 . 2007-11-02 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-10 18:58 . 2005-04-30 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-10 16:51 . 2007-06-01 22:49 -------- d-----w- c:\docume~1\DEMMY\APPLIC~1\Vso
2009-09-10 11:27 . 2005-09-23 20:35 -------- d-----w- c:\program files\vso
2009-08-29 21:11 . 2008-10-10 23:57 -------- d-----w- c:\docume~1\DEMMY\APPLIC~1\BitTorrent
2009-08-29 07:15 . 2009-05-07 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-27 13:02 . 2006-06-09 12:48 -------- d-----w- c:\program files\Java
2009-08-09 18:40 . 2009-08-09 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-08-05 00:28 . 2008-12-07 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 12:36 . 2008-12-07 16:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2008-12-07 16:15 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 10:36 . 2009-05-07 21:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 10:36 . 2009-05-07 21:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 10:36 . 2009-05-07 21:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-30 12:30 . 2009-07-30 12:30 -------- d-----w- c:\program files\Intelore-rar-password-recovery
2009-07-29 01:14 . 2008-10-12 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 00:17 . 2009-07-28 13:22 -------- d-----w- c:\program files\TagRename
2009-07-29 00:17 . 2009-05-20 18:51 -------- d-----w- c:\program files\Open In Regedit
2009-07-29 00:17 . 2009-06-09 17:54 -------- d-----w- c:\program files\Fruit Machine Emulation
2009-07-25 04:23 . 2008-12-06 17:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:47 . 2009-07-23 19:13 -------- d-----w- c:\program files\NCH Swift Sound
2009-07-24 15:47 . 2009-07-23 19:13 -------- d-----w- c:\docume~1\DEMMY\APPLIC~1\NCH Swift Sound
2009-07-23 19:44 . 2009-07-23 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-07-23 19:13 . 2009-07-23 19:13 -------- d-----w- c:\program files\NCH Software
2008-11-16 20:06 . 2008-11-16 20:06 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"FLMMEDIONMOUSE"="c:\program files\Browser mouse\1.3\mouse32a.exe" [2005-05-03 356352]
"FLMK08KB"="c:\program files\Multimedia keyboard utility\1.3\MMKEYBD.EXE" [2005-05-03 207360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2005-03-13 378368]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-8-8 1011320]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 06:52 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 10:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5 Professional\

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^DEMMY^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [07/05/2009 22:16 12552]
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [08/08/2008 13:17 96376]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [24/04/2007 10:11 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/05/2009 22:15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/05/2009 22:16 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [03/09/2008 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14:07 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [07/05/2009 22:15 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/05/2009 13:53 297752]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [08/08/2008 13:17 843384]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [02/11/2007 12:32 29744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14:07 7408]
S3 SGUARD;SGUARD; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-02 17:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6B71304F-D259-480D-8A09-5F1624155694} - (no file)
BHO-{da8d356e-1da4-4043-867f-419b701c4245} - (no file)
Toolbar-{C777BE34-F82E-436A-85BF-D6723D53DB3A} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: Add to AD Black List
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block All Images from the Same Server
IE: Highlight
IE: Open All Links in This Page...
IE: Search
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\docume~1\DEMMY\APPLIC~1\Mozilla\Firefox\Profiles\5y0lkmyi.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmeadax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 02:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDSSserv.sys)]
"imagepath"="\systemroot\system32\drivers\TDSSmhxt.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1677128483-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDSSserv.sys)]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\TDSSmhxt.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Browser mouse\1.3\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Multimedia keyboard utility\1.3\KBDAP32A.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-09-11 2:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 01:26

Pre-Run: 40,669,417,472 bytes free
Post-Run: 40,638,533,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

238 --- E O F --- 2009-05-01 14:10

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 AM

Posted 11 September 2009 - 02:50 PM

Hello.

You didn't seem to follow my instructions correctly.

ComboFix 09-08-20.07 - DEMMY 11/09/2009 2:17.1.1 - NTFSx86

This is an older version of Combofix you have. Therefore, please delete the on you currently have and re-download one of those two links I told you to download in my previous reply and save it to your desktop.

Then, run it. If it doesn't work, try re-naming it.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 KEEVO

KEEVO
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 11 September 2009 - 05:12 PM

sorry about that extremeboy. well i had to run combo fix twice as the first time it said my AVG Anti-Virus was enabled.
here is the 2 logs from combo fix.

ComboFix 09-09-10.03 - DEMMY 11/09/2009 22:02.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.565 [GMT 1:00]
Running from: c:\documents and settings\DEMMY\Desktop\Combo-Fix-Pc.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\DEMMY\Application Data\inst.exe
c:\windows\Installer\5c37e3.msi
c:\windows\system32\Ultra.dll

----- BITS: Possible infected sites -----

hxxp://online2168.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS)
-------\Legacy_ZESOFT
-------\Service_TDSSserv.sys)


((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 18:14 . 2009-09-11 18:14 -------- d-----w- c:\program files\Realtek AC97
2009-09-10 11:27 . 2007-03-18 20:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-09-10 11:27 . 2006-05-20 16:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-09-10 11:27 . 2006-05-11 19:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-09-10 11:27 . 2004-05-04 11:53 1645320 ----a-w- c:\windows\gdiplus.dll
2009-08-28 23:53 . 2009-08-28 23:53 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-19 18:09 . 2009-08-19 18:09 -------- d-----w- c:\program files\Sophos
2009-08-18 23:12 . 2009-08-18 23:12 -------- d-----w- c:\documents and settings\Administrator.DEMMY-QDWXJIYDX\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 21:15 . 2009-05-12 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2009-09-11 18:08 . 2009-02-20 01:32 -------- d-----w- c:\program files\Driver Magician
2009-09-11 10:53 . 2005-04-30 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-11 10:52 . 2007-06-01 22:49 -------- d-----w- c:\documents and settings\DEMMY\Application Data\Vso
2009-09-10 23:04 . 2007-11-02 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-10 11:27 . 2005-09-23 20:35 -------- d-----w- c:\program files\vso
2009-08-29 21:11 . 2008-10-10 23:57 -------- d-----w- c:\documents and settings\DEMMY\Application Data\BitTorrent
2009-08-29 07:15 . 2009-05-07 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-27 13:02 . 2006-06-09 12:48 -------- d-----w- c:\program files\Java
2009-08-09 18:40 . 2009-08-09 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-08-05 00:28 . 2008-12-07 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 12:36 . 2008-12-07 16:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2008-12-07 16:15 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 10:36 . 2009-05-07 21:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 10:36 . 2009-05-07 21:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 10:36 . 2009-05-07 21:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-30 12:30 . 2009-07-30 12:30 -------- d-----w- c:\program files\Intelore-rar-password-recovery
2009-07-29 01:14 . 2008-10-12 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 00:17 . 2009-07-28 13:22 -------- d-----w- c:\program files\TagRename
2009-07-29 00:17 . 2009-05-20 18:51 -------- d-----w- c:\program files\Open In Regedit
2009-07-29 00:17 . 2009-06-09 17:54 -------- d-----w- c:\program files\Fruit Machine Emulation
2009-07-25 04:23 . 2008-12-06 17:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:47 . 2009-07-23 19:13 -------- d-----w- c:\program files\NCH Swift Sound
2009-07-24 15:47 . 2009-07-23 19:13 -------- d-----w- c:\documents and settings\DEMMY\Application Data\NCH Swift Sound
2009-07-23 19:44 . 2009-07-23 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-07-23 19:13 . 2009-07-23 19:13 -------- d-----w- c:\program files\NCH Software
2008-11-16 20:06 . 2008-11-16 20:06 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"FLMMEDIONMOUSE"="c:\program files\Browser mouse\1.3\mouse32a.exe" [2005-05-03 356352]
"FLMK08KB"="c:\program files\Multimedia keyboard utility\1.3\MMKEYBD.EXE" [2005-05-03 207360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2005-03-13 378368]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-8-8 1011320]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 06:52 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 10:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5 Professional\

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^DEMMY^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [07/05/2009 22:16 12552]
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [08/08/2008 13:17 96376]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [24/04/2007 10:11 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/05/2009 22:15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/05/2009 22:16 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [03/09/2008 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14:07 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [07/05/2009 22:15 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/05/2009 13:53 297752]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [08/08/2008 13:17 843384]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [02/11/2007 12:32 29744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14:07 7408]
S3 SGUARD;SGUARD; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-02 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: Add to AD Black List
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block All Images from the Same Server
IE: Highlight
IE: Open All Links in This Page...
IE: Search
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\DEMMY\Application Data\Mozilla\Firefox\Profiles\5y0lkmyi.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmeadax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 22:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1677128483-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(564)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Browser mouse\1.3\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Multimedia keyboard utility\1.3\KBDAP32A.EXE
.
**************************************************************************
.
Completion time: 2009-09-11 22:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 21:20

Pre-Run: 41,042,767,872 bytes free
Post-Run: 41,132,404,736 bytes free

217 --- E O F --- 2009-05-01 14:10

ComboFix 09-09-11.01 - DEMMY 11/09/2009 22:26.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.553 [GMT 1:00]
Running from: c:\documents and settings\DEMMY\Desktop\Combo-Fix-Pc.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 18:14 . 2009-09-11 18:14 -------- d-----w- c:\program files\Realtek AC97
2009-09-10 11:27 . 2007-03-18 20:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-09-10 11:27 . 2006-05-20 16:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-09-10 11:27 . 2006-05-11 19:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-09-10 11:27 . 2004-05-04 11:53 1645320 ----a-w- c:\windows\gdiplus.dll
2009-08-28 23:53 . 2009-08-28 23:53 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-19 18:09 . 2009-08-19 18:09 -------- d-----w- c:\program files\Sophos
2009-08-18 23:12 . 2009-08-18 23:12 -------- d-----w- c:\documents and settings\Administrator.DEMMY-QDWXJIYDX\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 21:15 . 2009-05-12 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2009-09-11 18:08 . 2009-02-20 01:32 -------- d-----w- c:\program files\Driver Magician
2009-09-11 10:53 . 2005-04-30 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-11 10:52 . 2007-06-01 22:49 -------- d-----w- c:\documents and settings\DEMMY\Application Data\Vso
2009-09-10 23:04 . 2007-11-02 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-10 11:27 . 2005-09-23 20:35 -------- d-----w- c:\program files\vso
2009-08-29 21:11 . 2008-10-10 23:57 -------- d-----w- c:\documents and settings\DEMMY\Application Data\BitTorrent
2009-08-29 07:15 . 2009-05-07 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-27 13:02 . 2006-06-09 12:48 -------- d-----w- c:\program files\Java
2009-08-09 18:40 . 2009-08-09 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-08-05 00:28 . 2008-12-07 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 12:36 . 2008-12-07 16:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2008-12-07 16:15 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 10:36 . 2009-05-07 21:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 10:36 . 2009-05-07 21:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 10:36 . 2009-05-07 21:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-30 12:30 . 2009-07-30 12:30 -------- d-----w- c:\program files\Intelore-rar-password-recovery
2009-07-29 01:14 . 2008-10-12 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 00:17 . 2009-07-28 13:22 -------- d-----w- c:\program files\TagRename
2009-07-29 00:17 . 2009-05-20 18:51 -------- d-----w- c:\program files\Open In Regedit
2009-07-29 00:17 . 2009-06-09 17:54 -------- d-----w- c:\program files\Fruit Machine Emulation
2009-07-25 04:23 . 2008-12-06 17:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:47 . 2009-07-23 19:13 -------- d-----w- c:\program files\NCH Swift Sound
2009-07-24 15:47 . 2009-07-23 19:13 -------- d-----w- c:\documents and settings\DEMMY\Application Data\NCH Swift Sound
2009-07-23 19:44 . 2009-07-23 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-07-23 19:13 . 2009-07-23 19:13 -------- d-----w- c:\program files\NCH Software
2008-11-16 20:06 . 2008-11-16 20:06 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"FLMMEDIONMOUSE"="c:\program files\Browser mouse\1.3\mouse32a.exe" [2005-05-03 356352]
"FLMK08KB"="c:\program files\Multimedia keyboard utility\1.3\MMKEYBD.EXE" [2005-05-03 207360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2005-03-13 378368]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-8-8 1011320]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 06:52 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 10:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5 Professional\

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^DEMMY^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [07/05/2009 22:16 12552]
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [08/08/2008 13:17 96376]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [24/04/2007 10:11 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/05/2009 22:15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/05/2009 22:16 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [03/09/2008 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14:07 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [07/05/2009 22:15 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/05/2009 13:53 297752]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [08/08/2008 13:17 843384]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [02/11/2007 12:32 29744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14:07 7408]
S3 SGUARD;SGUARD; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-02 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: Add to AD Black List
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block All Images from the Same Server
IE: Highlight
IE: Open All Links in This Page...
IE: Search
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\DEMMY\Application Data\Mozilla\Firefox\Profiles\5y0lkmyi.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmeadax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 22:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1677128483-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3348)
c:\program files\Browser mouse\1.3\MOUDL32A.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-11 22:45
ComboFix-quarantined-files.txt 2009-09-11 21:45

Pre-Run: 41,141,141,504 bytes free
Post-Run: 41,119,752,192 bytes free

184 --- E O F --- 2009-05-01 14:10

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 AM

Posted 12 September 2009 - 11:07 AM

Hello.

That looks a lot better.

Let's run a scan with Malwarebytes followed by a new scan with DDS.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 KEEVO

KEEVO
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 12 September 2009 - 11:57 AM

extremeboy i have already got Malwarebytes' Anti-Malware 1.41 installed in my pc with all the update`s of it, so i ran the 1.41 one as the link was only 1.28, but i will delete the 1.41 if you want and install the 1.28 one and upgrade that one.
here is the logs from Malwarebytes' Anti-Malware 1.41 and both DDS logs.

Malwarebytes' Anti-Malware 1.41
Database version: 2784
Windows 5.1.2600 Service Pack 2

12/09/2009 17:42:56
mbam-log-2009-09-12 (17-42-56).txt

Scan type: Quick Scan
Objects scanned: 106567
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS (Ver_09-07-30.01) - NTFSx86
Run by DEMMY at 17:53:03.56 on 12/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.464 [GMT 1:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser mouse\1.3\mouse32a.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Multimedia keyboard utility\1.3\KbdAp32A.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DEMMY\Desktop\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [FLMMEDIONMOUSE] "c:\program files\browser mouse\1.3\mouse32a.exe"
mRun: [FLMK08KB] "c:\program files\multimedia keyboard utility\1.3\MMKEYBD.EXE"
mRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
IE: Add to AD Black List
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block All Images from the Same Server
IE: Highlight
IE: Open All Links in This Page...
IE: Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: Microsoft XML Parser for Java
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114878264420
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\demmy\applic~1\mozilla\firefox\profiles\5y0lkmyi.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmeadax.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-7 12552]
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [2008-8-8 96376]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-4-24 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-7 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-7 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-7 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-7 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-8 297752]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2008-8-8 843384]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-2 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 SGUARD;SGUARD; [x]

=============== Created Last 30 ================

2009-09-11 19:14 <DIR> --d----- c:\program files\Realtek AC97
2009-09-11 02:17 <DIR> a-dshr-- C:\cmdcons
2009-09-11 02:14 230,912 a------- c:\windows\PEV.exe
2009-09-11 02:14 161,792 a------- c:\windows\SWREG.exe
2009-09-11 02:14 98,816 a------- c:\windows\sed.exe
2009-09-10 12:27 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-09-10 12:27 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-09-10 12:27 65,602 a------- c:\windows\system32\cook3260.dll
2009-09-10 12:27 1,645,320 a------- c:\windows\gdiplus.dll
2009-08-29 00:53 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-26 22:58 2,187,360 a------- C:\JoinVideo_aud.mpg
2009-08-26 22:15 7,420,416 a------- C:\JoinVideo.avi
2009-08-19 19:09 <DIR> --d----- c:\program files\Sophos

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 ac------ c:\windows\system32\drivers\mbam.sys
2009-07-31 11:36 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 11:36 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2007-06-01 23:49 47,360 ac------ c:\docume~1\demmy\applic~1\pcouffin.sys
2008-10-14 09:57 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat
2008-12-03 22:01 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120320081204\index.dat
2008-12-06 04:00 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 17:53:36.82 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/05/2005 16:24:05
System Uptime: 09/12/2009 13:27:42 (-2108 hours ago)

Motherboard: | | P4VM890
Processor: Intel® Pentium® 4 CPU 2.40GHz | CPUSocket | 2419/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 61 GiB total, 38.321 GiB free.
D: is FIXED (NTFS) - 88 GiB total, 60.542 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1573: 11/09/2009 21:47:26 - Installed Realtek AC'97 Audio
RP1574: 12/09/2009 13:45:57 - System Checkpoint

==== Installed Programs ======================


#1 Video Converter 3.4.7
Absolute MP3 Splitter version 2.6.9
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AnyDVD
Avatar Sizer
AVG 8.5
AVI to MPEG Converter
BitTorrent
Browser mouse 1.3
CCleaner (remove only)
Choice Guard
ConvertXtoDVD 2.2.0.251
ConvertXtoDVD 3.0.0.13
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen MicroPhoto
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec 3.1alpha release
DNA
Driver Magician 3.4
DVD-lab PRO 1.00
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD2one 1.5.1
DVDFab Platinum 2.87
Easy DVD Shrink
eBoostr 2
EPSON PhotoQuicker3.5
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR200 Reference Guide
ESPR200 Software Guide
Fruit Machine Emulators
Google Desktop
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel® 537 Modem
IsoBuster 1.4
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 15
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
K-Lite Mega Codec Pack 1.30
LiveUpdate BVRP Software
LoveChess Age Of Egypt
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mirar
mobile PhoneTools
Mozilla Firefox (3.0.13)
Mp3 Audio Editor
MP3 Remix Player
Mp3Doctor 5.10.955
MSVCRT
Multimedia keyboard utility 1.3
Nero 7
Nero Mega Plugin Pack
NewsLeecher v3.9 Beta 1
NVIDIA Drivers
nzbval v 1.0
OpenOffice.org Installer 1.0
PartitionMagic
PC Connectivity Solution
PCRepair 2005
PIF DESIGNER2.1
Platform
PowerDVD
PowerQuest PartitionMagic 8.0
QuickPar 0.9
Realtek AC'97 Audio
RegDoctor 2.05
RegistryFix v3.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SiSoftware Sandra Professional 2005 (Win64/32/CE)
Sophos Anti-Rootkit 1.5.0
SoundMAX
Spybot - Search & Destroy 1.4
SSC Service Utility v3.80
Super Video Converter 1.4
Super Video Joiner 5.7.1
SUPERAntiSpyware Free Edition
Switch Sound File Converter
System Requirements Lab
Tag&Rename 3.4.6
Ulead DVD MovieFactory 3 Disc Creator Trial
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VSO CopyToDVD 4
WebFldrs XP
WinAVIVideoConverter
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2
Wondershare Scrapbook Studio (1.0.0) Trial Version
XoftSpy
xp-AntiSpy 3.97-3
XRECODE

==== Event Viewer Messages From Past Week ========

11/09/2009 22:01:22, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/09/2009 21:47:11, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'Combo-Fix-Pc.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/09/2009 02:21:49, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
11/09/2009 02:19:32, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
08/09/2009 20:23:43, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep FileDisk
07/09/2009 18:45:01, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep FileDisk PCIIde ViaIde
07/09/2009 17:56:42, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0019661239C7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
06/09/2009 21:23:27, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 AM

Posted 12 September 2009 - 01:16 PM

Hello.

Please uninstall the following older versions of Java via Add/Remove...

J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1


This doesn't look good and appears to be a crack... Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2

Please remove it.

Now run an online scan...

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 KEEVO

KEEVO
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 13 September 2009 - 03:04 AM

extremeboy sorry about the time in getting back to you, but it could`nt be helped as we had a power cut here m8, and to make things worse it happened during the ESETScan, i noticed there was 8 threats at 38% of scan, but don`t know if there was anymore due to the power cut, but once electricity was restored i ran ESETScan again, also removed the stuff you told me to and ran ESETScan plus DDS here are the logs.

ESETScan log.
D:\DEMMY`S STUFF\mp3doctor\mp3doctor.zip probably unknown NewHeur_PE virus deleted - quarantined
D:\DEMMY`S STUFF\WINRAR_ZIPS\WINRAR\anydvd2[1].0.04.zip probably a variant of Win32/Adware.Agent application deleted - quarantined
D:\DEMMY`S STUFF\WINRAR_ZIPS\WINRAR\CuteFTP 4.2.7.rar Win32/Adware.TimeSink application deleted - quarantined
D:\DEMMY`S STUFF\WINRAR_ZIPS\WINRAR\easyjoin521.rar probably a variant of Win32/Agent trojan deleted - quarantined
D:\DEMMY`S STUFF\WINRAR_ZIPS\WINRAR\KeyGen-PCMedik.rar probably a variant of Win32/Agent trojan deleted - quarantined
D:\DEMMY`S STUFF\zipz\NokiaFREE_v32003_Setup\NokiaFREE_v32003_Setup.zip probably a variant of Win32/Agent trojan deleted - quarantined
D:\DEMMY`S STUFF\zipz\PCMedik_v5[1].7.13.2003\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
D:\DEMMY`S STUFF\zipz\PCMedik_v5[1].7.13.2003\patch.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
D:\Replay_Converter_v2.80\Replay_Converter_v2.80.rar a variant of Win32/Adware.Virtumonde.NAE application deleted - quarantined

DDS (Ver_09-07-30.01) - NTFSx86
Run by DEMMY at 8:41:57.62 on 13/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.401 [GMT 1:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\eBoostr\EBstrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Browser mouse\1.3\mouse32a.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Multimedia keyboard utility\1.3\KbdAp32A.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DEMMY\Desktop\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [FLMMEDIONMOUSE] "c:\program files\browser mouse\1.3\mouse32a.exe"
mRun: [FLMK08KB] "c:\program files\multimedia keyboard utility\1.3\MMKEYBD.EXE"
mRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
IE: Add to AD Black List
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block All Images from the Same Server
IE: Highlight
IE: Open All Links in This Page...
IE: Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_15.dll
DPF: Microsoft XML Parser for Java
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114878264420
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\demmy\applic~1\mozilla\firefox\profiles\5y0lkmyi.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmeadax.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-7 12552]
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [2008-8-8 96376]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-4-24 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-7 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-7 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-7 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-7 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-8 297752]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2008-8-8 843384]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-2 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 SGUARD;SGUARD; [x]

=============== Created Last 30 ================

2009-09-11 19:14 <DIR> --d----- c:\program files\Realtek AC97
2009-09-11 02:17 <DIR> a-dshr-- C:\cmdcons
2009-09-11 02:14 230,912 a------- c:\windows\PEV.exe
2009-09-11 02:14 161,792 a------- c:\windows\SWREG.exe
2009-09-11 02:14 98,816 a------- c:\windows\sed.exe
2009-09-10 12:27 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-09-10 12:27 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-09-10 12:27 65,602 a------- c:\windows\system32\cook3260.dll
2009-09-10 12:27 1,645,320 a------- c:\windows\gdiplus.dll
2009-08-29 00:53 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-26 22:58 2,187,360 a------- C:\JoinVideo_aud.mpg
2009-08-26 22:15 7,420,416 a------- C:\JoinVideo.avi
2009-08-19 19:09 <DIR> --d----- c:\program files\Sophos

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 ac------ c:\windows\system32\drivers\mbam.sys
2009-07-31 11:36 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 11:36 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2007-06-01 23:49 47,360 ac------ c:\docume~1\demmy\applic~1\pcouffin.sys
2008-10-14 09:57 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat
2008-12-03 22:01 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120320081204\index.dat
2008-12-06 04:00 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 8:42:57.18 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/05/2005 16:24:05
System Uptime: 13/09/2009 06:17:27 (2 hours ago)

Motherboard: | | P4VM890
Processor: Intel® Pentium® 4 CPU 2.40GHz | CPUSocket | 2418/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 61 GiB total, 37.8 GiB free.
D: is FIXED (NTFS) - 88 GiB total, 60.571 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1573: 11/09/2009 21:47:26 - Installed Realtek AC'97 Audio
RP1574: 12/09/2009 13:45:57 - System Checkpoint
RP1575: 13/09/2009 03:07:21 - Removed J2SE Runtime Environment 5.0 Update 7
RP1576: 13/09/2009 03:08:04 - Removed Java™ 6 Update 3
RP1577: 13/09/2009 03:08:51 - Removed Java™ 6 Update 5
RP1578: 13/09/2009 03:09:34 - Removed Java™ 6 Update 7
RP1579: 13/09/2009 03:10:15 - Removed Java™ SE Runtime Environment 6 Update 1
RP1580: 13/09/2009 03:11:27 - Removed Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2

==== Installed Programs ======================


#1 Video Converter 3.4.7
Absolute MP3 Splitter version 2.6.9
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AnyDVD
Avatar Sizer
AVG 8.5
AVI to MPEG Converter
BitTorrent
Browser mouse 1.3
CCleaner (remove only)
Choice Guard
ConvertXtoDVD 2.2.0.251
ConvertXtoDVD 3.0.0.13
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen MicroPhoto
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec 3.1alpha release
DNA
Driver Magician 3.4
DVD-lab PRO 1.00
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD2one 1.5.1
DVDFab Platinum 2.87
Easy DVD Shrink
eBoostr 2
EPSON PhotoQuicker3.5
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESET Online Scanner v3
ESPR200 Reference Guide
ESPR200 Software Guide
Fruit Machine Emulators
Google Desktop
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel® 537 Modem
IsoBuster 1.4
Java™ 6 Update 15
K-Lite Mega Codec Pack 1.30
LiveUpdate BVRP Software
LoveChess Age Of Egypt
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mirar
mobile PhoneTools
Mozilla Firefox (3.0.14)
Mp3 Audio Editor
MP3 Remix Player
Mp3Doctor 5.10.955
MSVCRT
Multimedia keyboard utility 1.3
Nero 7
Nero Mega Plugin Pack
NewsLeecher v3.9 Beta 1
NVIDIA Drivers
nzbval v 1.0
OpenOffice.org Installer 1.0
PartitionMagic
PC Connectivity Solution
PCRepair 2005
PIF DESIGNER2.1
Platform
PowerDVD
PowerQuest PartitionMagic 8.0
QuickPar 0.9
Realtek AC'97 Audio
RegDoctor 2.05
RegistryFix v3.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SiSoftware Sandra Professional 2005 (Win64/32/CE)
Sophos Anti-Rootkit 1.5.0
SoundMAX
Spybot - Search & Destroy 1.4
SSC Service Utility v3.80
Super Video Converter 1.4
Super Video Joiner 5.7.1
SUPERAntiSpyware Free Edition
Switch Sound File Converter
System Requirements Lab
Tag&Rename 3.4.6
Ulead DVD MovieFactory 3 Disc Creator Trial
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VSO CopyToDVD 4
WebFldrs XP
WinAVIVideoConverter
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Wondershare Scrapbook Studio (1.0.0) Trial Version
XoftSpy
xp-AntiSpy 3.97-3
XRECODE

==== Event Viewer Messages From Past Week ========

11/09/2009 22:01:22, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/09/2009 21:47:11, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'Combo-Fix-Pc.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/09/2009 02:21:49, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
11/09/2009 02:19:32, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
09/09/2009 03:29:44, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep FileDisk PCIIde ViaIde
09/09/2009 02:56:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep FileDisk
09/09/2009 02:21:15, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
07/09/2009 17:56:42, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0019661239C7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users