Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spynet, elogan studios, rld-s3wk


  • This topic is locked This topic is locked
10 replies to this topic

#1 cltyler

cltyler

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 14 January 2010 - 10:56 PM

So, my boyfriend downloaded the sims 3 for me, because I was having cyclic redundancy errors when trying to install it from the disc. As a treat, he also downloaded the new ep World Adventures for me. That ended up not working, but no big, I can live without it. However. Whenever I'd start up my computer after that, it popped up with the keygen upon startup, and a few moments later it said something about how something or other, I think it was "spynet", was trying to access private files. I freaked out, and reinstalled windows that night. No problems, until, I tried to get some music from his external harddrive. As soon as I connected it to my computer, the same thing happened. The keygen popped up. I immediately unplugged it, and restarted my computer to see if it was the same issue, and lo and behold, it was. However, this time it didn't pop up saying something was accessing private files. And, the extention C:WINDOWS/SYSTEM 32/SPYNET No longer exists. But. Whenever I go into the msconfig, it's saying it's there. It's not a hidden file, it just isn't visible to me for some reason or another. In the process menu, I located where the keygen was coming from, deleted it, marked it not to start in msconfig, and deleted the files from the registry with a wish that my computer would be fine upon restart. No luck. It keeps coming back. I have not done any sort of scan on it, because in another couple of unsolved problems like mine that I found online said that scanners would not detect it. So, I come to you with hopes that I don't have to reinstall windows again. Not a big deal, but I don't want to do it.

**Also, I forgot to mention that upon startup it also pops up with a message telling me that firefox has encountered an error and needs to shut down.

DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Crystal at 19:32:06.26 on Thu 01/14/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.634 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Crystal\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [HKCU] c:\windows\system32\spynet\explorer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HKLM] c:\windows\system32\spynet\explorer.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
uExplorerRun: [Policies] c:\windows\system32\spynet\explorer.exe
mExplorerRun: [Policies] c:\windows\system32\spynet\explorer.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263199694625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: SeconidoHot.Seconido: {347e0b4e-1e11-40ef-8db0-96caadac0e30} - c:\windows\system32\seconido.dll
mASetup: {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} - c:\windows\system32\spynet\explorer.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\crystal\applic~1\mozilla\firefox\profiles\e4ct2aqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\documents and settings\crystal\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2009-6-23 18840]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 cpuz132;cpuz132;\??\c:\docume~1\crystal\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\crystal\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-11 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

=============== Created Last 30 ================

2010-01-15 02:47:33 0 d-----w- c:\windows\pss
2010-01-15 02:37:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-15 02:37:49 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-15 02:37:16 0 d-----w- c:\docume~1\crystal\applic~1\DAEMON Tools Lite
2010-01-15 02:37:13 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-01-15 02:20:27 0 d-----w- c:\docume~1\crystal\applic~1\BitTorrent
2010-01-15 02:20:21 0 d-----w- c:\program files\BitTorrent
2010-01-15 02:06:52 33591 ----a-w- c:\docume~1\crystal\applic~1\SQLite3.dll
2010-01-14 04:03:08 0 d-----w- c:\program files\Mad Scientist Productions
2010-01-13 07:08:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-13 07:08:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-12 23:50:33 0 d-----w- C:\ProgramData
2010-01-12 23:50:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
2010-01-12 23:49:57 0 d-----w- c:\program files\Microsoft WSE
2010-01-12 23:46:54 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-12 23:46:52 0 d-----w- c:\windows\Logs
2010-01-12 07:45:08 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-01-12 07:45:08 0 d-----w- c:\program files\dvd43
2010-01-12 07:43:02 0 d-----w- c:\program files\Essentials Codec Pack
2010-01-12 07:34:51 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-12 07:33:56 0 d-----w- c:\windows\system32\LogFiles
2010-01-12 06:51:26 30432 ----a-w- c:\windows\system32\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 30432 ----a-w- c:\windows\system32\BMXState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 28068 ----a-w- c:\windows\system32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 28068 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 11564 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:16 4931577 ----a-w- c:\windows\{00000000-00000000-0000000B-00001102-00000004-10081102}.BAK
2010-01-12 06:51:04 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2010-01-12 06:51:04 0 d-----w- c:\windows\system32\Defaults
2010-01-12 06:50:10 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-01-12 06:50:00 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-01-12 06:49:46 4931577 ----a-w- c:\windows\{00000000-00000000-0000000B-00001102-00000004-10081102}.CDF
2010-01-12 06:49:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-12 06:49:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-12 06:49:05 0 d-----w- c:\windows\system32\Data
2010-01-12 06:49:05 0 d-----w- c:\program files\Creative
2010-01-12 06:26:05 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2010-01-12 06:26:05 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-01-12 06:26:03 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-01-12 06:26:03 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-01-12 06:26:03 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-01-12 06:26:03 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-01-12 05:58:33 0 d-----w- C:\Diamond
2010-01-12 05:58:28 0 d-----w- c:\program files\Xtreme Sound Driver Setup
2010-01-11 19:18:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 10:11:24 0 d-----w- c:\program files\EA GAMES
2010-01-11 10:11:23 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-11 10:00:41 140158 ----a-w- c:\windows\system32\nvapps.xml
2010-01-11 10:00:14 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-11 10:00:14 17525 ----a-w- c:\windows\system32\nvdisp.nvu
2010-01-11 10:00:14 0 d-----w- c:\windows\nview
2010-01-11 09:59:26 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-11 09:54:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 09:54:32 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-11 09:54:31 0 d-----w- c:\program files\SystemRequirementsLab
2010-01-11 09:39:23 0 d-sh--w- c:\documents and settings\crystal\IECompatCache
2010-01-11 09:38:10 0 d-sh--w- c:\documents and settings\crystal\PrivacIE
2010-01-11 09:37:54 0 d-sh--w- c:\documents and settings\crystal\IETldCache
2010-01-11 09:33:25 0 dc-h--w- c:\windows\ie8
2010-01-11 09:29:30 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 09:27:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-11 09:26:25 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-11 09:26:14 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-01-11 09:24:59 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-11 09:24:59 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-11 09:24:58 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-11 09:24:49 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-11 09:24:48 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-11 09:24:48 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-01-11 09:24:26 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-11 09:24:11 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-11 09:23:59 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-01-11 09:23:55 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-11 09:23:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-01-11 09:23:32 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-11 09:23:13 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-11 09:23:10 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-11 09:12:38 0 d-----w- c:\windows\system32\scripting
2010-01-11 09:12:38 0 d-----w- c:\windows\system32\en
2010-01-11 09:12:38 0 d-----w- c:\windows\system32\bits
2010-01-11 09:12:38 0 d-----w- c:\windows\l2schemas
2010-01-11 09:11:37 0 d-----w- c:\windows\ServicePackFiles
2010-01-11 09:10:06 0 d-----w- c:\windows\network diagnostic
2010-01-11 09:09:10 0 d-----w- c:\windows\system32\ReinstallBackups
2010-01-11 09:07:48 0 d-----w- c:\windows\EHome
2010-01-11 08:36:23 0 d-sh--w- c:\documents and settings\all users\DRM
2010-01-11 08:35:07 0 d-----w- c:\program files\common files\MSSoap
2010-01-11 08:33:49 0 d-----w- c:\program files\Online Services
2010-01-11 08:33:44 0 d-----w- c:\program files\Messenger
2010-01-11 08:33:40 0 d-----w- c:\program files\MSN Gaming Zone
2010-01-11 08:32:58 0 d-----w- c:\program files\Windows NT
2010-01-11 00:13:12 0 d-----w- c:\program files\common files\SpeechEngines
2010-01-11 00:12:46 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-01-15 03:30:23 7573 ---ha-w- c:\docume~1\crystal\applic~1\logs.dat
2010-01-11 08:34:25 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-14 21:13:06 131072 --sha-r- c:\windows\system32\seconido.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2006-03-15 04:07:42 425984 --sh--r- c:\windows\system32\spynet\explorer.exe

============= FINISH: 19:32:24.15 ===============

Attached Files


Edited by cltyler, 14 January 2010 - 11:16 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:36 AM

Posted 15 January 2010 - 06:17 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 cltyler

cltyler
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 January 2010 - 02:05 PM

I did the scan, it detected the files I found and tried deleting along with the ones that made it come back. It did it's thing, I restarted and so far, nothing fishy! Thanks for your help, and let me know if you still see something weird.

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3570
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/15/2010 10:51:26 AM
mbam-log-2010-01-15 (10-51-26).txt

Scan type: Quick Scan
Objects scanned: 101427
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\spynet\explorer.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Crystal\Application Data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Crystal\Local Settings\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Crystal\Local Settings\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.


DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Crystal at 10:55:41.93 on Fri 01/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.670 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Crystal\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263199694625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: SeconidoHot.Seconido: {347e0b4e-1e11-40ef-8db0-96caadac0e30} - c:\windows\system32\seconido.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\crystal\applic~1\mozilla\firefox\profiles\e4ct2aqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\documents and settings\crystal\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2009-6-23 18840]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 cpuz132;cpuz132;\??\c:\docume~1\crystal\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\crystal\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-11 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

=============== Created Last 30 ================

2010-01-15 18:40:42 0 d-----w- c:\docume~1\crystal\applic~1\Malwarebytes
2010-01-15 18:40:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 18:40:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-15 18:40:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 18:40:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 03:33:29 0 ----a-w- c:\documents and settings\crystal\settings.dat
2010-01-15 02:47:33 0 d-----w- c:\windows\pss
2010-01-15 02:37:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-15 02:37:49 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-15 02:37:16 0 d-----w- c:\docume~1\crystal\applic~1\DAEMON Tools Lite
2010-01-15 02:37:13 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-01-15 02:20:27 0 d-----w- c:\docume~1\crystal\applic~1\BitTorrent
2010-01-15 02:20:21 0 d-----w- c:\program files\BitTorrent
2010-01-15 02:06:52 33591 ----a-w- c:\docume~1\crystal\applic~1\SQLite3.dll
2010-01-14 04:03:08 0 d-----w- c:\program files\Mad Scientist Productions
2010-01-13 07:08:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-13 07:08:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-12 23:50:33 0 d-----w- C:\ProgramData
2010-01-12 23:50:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
2010-01-12 23:49:57 0 d-----w- c:\program files\Microsoft WSE
2010-01-12 23:46:54 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-12 23:46:52 0 d-----w- c:\windows\Logs
2010-01-12 07:45:08 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-01-12 07:45:08 0 d-----w- c:\program files\dvd43
2010-01-12 07:43:02 0 d-----w- c:\program files\Essentials Codec Pack
2010-01-12 07:34:51 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-12 07:33:56 0 d-----w- c:\windows\system32\LogFiles
2010-01-12 06:51:26 30432 ----a-w- c:\windows\system32\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 30432 ----a-w- c:\windows\system32\BMXState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 28068 ----a-w- c:\windows\system32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 28068 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 11564 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:16 4931577 ----a-w- c:\windows\{00000000-00000000-0000000B-00001102-00000004-10081102}.BAK
2010-01-12 06:51:04 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2010-01-12 06:51:04 0 d-----w- c:\windows\system32\Defaults
2010-01-12 06:50:10 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-01-12 06:50:00 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-01-12 06:49:46 4931577 ----a-w- c:\windows\{00000000-00000000-0000000B-00001102-00000004-10081102}.CDF
2010-01-12 06:49:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-12 06:49:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-12 06:49:05 0 d-----w- c:\windows\system32\Data
2010-01-12 06:49:05 0 d-----w- c:\program files\Creative
2010-01-12 06:26:05 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2010-01-12 06:26:05 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-01-12 06:26:03 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-01-12 06:26:03 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-01-12 06:26:03 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-01-12 06:26:03 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-01-12 05:58:33 0 d-----w- C:\Diamond
2010-01-12 05:58:28 0 d-----w- c:\program files\Xtreme Sound Driver Setup
2010-01-11 19:18:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 10:11:24 0 d-----w- c:\program files\EA GAMES
2010-01-11 10:11:23 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-11 10:00:41 140158 ----a-w- c:\windows\system32\nvapps.xml
2010-01-11 10:00:14 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-11 10:00:14 17525 ----a-w- c:\windows\system32\nvdisp.nvu
2010-01-11 10:00:14 0 d-----w- c:\windows\nview
2010-01-11 09:59:26 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-11 09:54:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 09:54:32 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-11 09:54:31 0 d-----w- c:\program files\SystemRequirementsLab
2010-01-11 09:39:23 0 d-sh--w- c:\documents and settings\crystal\IECompatCache
2010-01-11 09:38:10 0 d-sh--w- c:\documents and settings\crystal\PrivacIE
2010-01-11 09:37:54 0 d-sh--w- c:\documents and settings\crystal\IETldCache
2010-01-11 09:33:25 0 dc-h--w- c:\windows\ie8
2010-01-11 09:29:30 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 09:27:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-11 09:26:25 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-11 09:26:14 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-01-11 09:24:59 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-11 09:24:59 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-11 09:24:58 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-11 09:24:49 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-11 09:24:48 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-11 09:24:48 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-01-11 09:24:26 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-11 09:24:11 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-11 09:23:59 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-01-11 09:23:55 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-11 09:23:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-01-11 09:23:32 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-11 09:23:13 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-11 09:23:10 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-11 09:12:38 0 d-----w- c:\windows\system32\scripting
2010-01-11 09:12:38 0 d-----w- c:\windows\system32\en
2010-01-11 09:12:38 0 d-----w- c:\windows\system32\bits
2010-01-11 09:12:38 0 d-----w- c:\windows\l2schemas
2010-01-11 09:11:37 0 d-----w- c:\windows\ServicePackFiles
2010-01-11 09:10:06 0 d-----w- c:\windows\network diagnostic
2010-01-11 09:09:10 0 d-----w- c:\windows\system32\ReinstallBackups
2010-01-11 09:07:48 0 d-----w- c:\windows\EHome
2010-01-11 08:36:23 0 d-sh--w- c:\documents and settings\all users\DRM
2010-01-11 08:35:07 0 d-----w- c:\program files\common files\MSSoap
2010-01-11 08:33:49 0 d-----w- c:\program files\Online Services
2010-01-11 08:33:44 0 d-----w- c:\program files\Messenger
2010-01-11 08:33:40 0 d-----w- c:\program files\MSN Gaming Zone
2010-01-11 08:32:58 0 d-----w- c:\program files\Windows NT
2010-01-11 00:13:12 0 d-----w- c:\program files\common files\SpeechEngines
2010-01-11 00:12:46 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-01-11 08:34:25 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-14 21:13:06 131072 --sha-r- c:\windows\system32\seconido.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

============= FINISH: 10:56:01.01 ===============

Attached Files



#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:36 AM

Posted 15 January 2010 - 02:46 PM

Hi,

This looks OK again. However, I need one file here...

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


then, Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:

c:\windows\system32\seconido.dll

Select it and click ok:
Then click the Send File button below.

Let me know in your next reply once you submitted the file.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 cltyler

cltyler
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 16 January 2010 - 12:21 AM

File is sent. smile.gif

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:36 AM

Posted 16 January 2010 - 03:47 AM

Thank you!

It's indeed malicious and a trojan downloader.

Since you already have malwarebytes installed, Open malwarebytes, select the tab: "More tools"
Click the "Run Tool" button under Fileassassin.
A new window will open. In the filename path, copy and paste:

c:\windows\system32\seconido.dll

Click open next to it.
You should get a message that the file will be deleted and if you want to continue.
Click OK.
If the file is in use, malwarebytes will delete it on reboot, so allow malwarebytes to reboot if it asks to.

Then, after reboot,

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

QUOTE
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{347e0b4e-1e11-40ef-8db0-96caadac0e30}"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.


Post a new DDS log in your next reply.

Extra note, you will also need to change all your passwords, because they may be known since you were dealing with a backdoor that gathers information from your computer, so passwords may be included.


AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 cltyler

cltyler
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 16 January 2010 - 04:07 AM

Wow, I would have never known about that. Thank you so much for your help!

DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Crystal at 1:05:52.98 on Sat 01/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.699 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Crystal\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263199694625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\crystal\applic~1\mozilla\firefox\profiles\e4ct2aqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\documents and settings\crystal\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2009-6-23 18840]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 cpuz132;cpuz132;\??\c:\docume~1\crystal\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\crystal\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-11 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-1-15 25832]

=============== Created Last 30 ================

2010-01-16 05:47:25 0 d-----w- C:\14affccabf34b799e1d5464da9
2010-01-15 19:41:58 0 d-----w- c:\docume~1\alluse~1\applic~1\BioWare
2010-01-15 19:29:07 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-15 19:28:59 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-01-15 19:07:28 0 d-----w- c:\program files\Dragon Age
2010-01-15 19:05:26 0 d-----w- c:\program files\common files\BioWare
2010-01-15 18:40:42 0 d-----w- c:\docume~1\crystal\applic~1\Malwarebytes
2010-01-15 18:40:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 18:40:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-15 18:40:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 18:40:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 03:33:29 0 ----a-w- c:\documents and settings\crystal\settings.dat
2010-01-15 02:47:33 0 d-----w- c:\windows\pss
2010-01-15 02:37:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-15 02:37:49 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-15 02:37:16 0 d-----w- c:\docume~1\crystal\applic~1\DAEMON Tools Lite
2010-01-15 02:37:13 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-01-15 02:20:27 0 d-----w- c:\docume~1\crystal\applic~1\BitTorrent
2010-01-15 02:20:21 0 d-----w- c:\program files\BitTorrent
2010-01-15 02:06:52 33591 ----a-w- c:\docume~1\crystal\applic~1\SQLite3.dll
2010-01-14 04:03:08 0 d-----w- c:\program files\Mad Scientist Productions
2010-01-13 07:08:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-13 07:08:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-12 23:50:33 0 d-----w- C:\ProgramData
2010-01-12 23:50:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
2010-01-12 23:49:57 0 d-----w- c:\program files\Microsoft WSE
2010-01-12 23:46:54 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-12 23:46:52 0 d-----w- c:\windows\Logs
2010-01-12 07:45:08 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-01-12 07:45:08 0 d-----w- c:\program files\dvd43
2010-01-12 07:43:02 0 d-----w- c:\program files\Essentials Codec Pack
2010-01-12 07:34:51 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-12 07:33:56 0 d-----w- c:\windows\system32\LogFiles
2010-01-12 06:51:26 30432 ----a-w- c:\windows\system32\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 30432 ----a-w- c:\windows\system32\BMXState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 28068 ----a-w- c:\windows\system32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 28068 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:26 11564 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000B-00001102-00000004-10081102}.rfx
2010-01-12 06:51:16 4931577 ----a-w- c:\windows\{00000000-00000000-0000000B-00001102-00000004-10081102}.BAK
2010-01-12 06:51:04 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2010-01-12 06:51:04 0 d-----w- c:\windows\system32\Defaults
2010-01-12 06:50:10 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-01-12 06:50:00 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-01-12 06:49:46 4931577 ----a-w- c:\windows\{00000000-00000000-0000000B-00001102-00000004-10081102}.CDF
2010-01-12 06:49:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-12 06:49:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-12 06:49:05 0 d-----w- c:\windows\system32\Data
2010-01-12 06:49:05 0 d-----w- c:\program files\Creative
2010-01-12 06:26:05 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2010-01-12 06:26:05 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-01-12 06:26:03 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-01-12 06:26:03 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-01-12 06:26:03 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-01-12 06:26:03 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-01-12 05:58:33 0 d-----w- C:\Diamond
2010-01-12 05:58:28 0 d-----w- c:\program files\Xtreme Sound Driver Setup
2010-01-11 19:18:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 10:11:24 0 d-----w- c:\program files\EA GAMES
2010-01-11 10:11:23 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-11 10:00:41 140158 ----a-w- c:\windows\system32\nvapps.xml
2010-01-11 10:00:14 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-11 10:00:14 17525 ----a-w- c:\windows\system32\nvdisp.nvu
2010-01-11 10:00:14 0 d-----w- c:\windows\nview
2010-01-11 09:59:26 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-11 09:54:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 09:54:32 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-11 09:54:31 0 d-----w- c:\program files\SystemRequirementsLab
2010-01-11 09:39:23 0 d-sh--w- c:\documents and settings\crystal\IECompatCache
2010-01-11 09:38:10 0 d-sh--w- c:\documents and settings\crystal\PrivacIE
2010-01-11 09:37:54 0 d-sh--w- c:\documents and settings\crystal\IETldCache
2010-01-11 09:33:25 0 dc-h--w- c:\windows\ie8
2010-01-11 09:29:30 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 09:27:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-11 09:26:25 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-11 09:26:14 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-01-11 09:24:59 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-11 09:24:59 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-11 09:24:58 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-11 09:24:49 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-11 09:24:48 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-11 09:24:48 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-01-11 09:24:26 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-11 09:24:11 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-11 09:23:59 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-01-11 09:23:55 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-11 09:23:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-01-11 09:23:32 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-11 09:23:13 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-11 09:23:10 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-11 09:12:38 0 d-----w- c:\windows\system32\scripting
2010-01-11 09:12:38 0 d-----w- c:\windows\system32\en
2010-01-11 09:12:38 0 d-----w- c:\windows\system32\bits
2010-01-11 09:12:38 0 d-----w- c:\windows\l2schemas
2010-01-11 09:11:37 0 d-----w- c:\windows\ServicePackFiles
2010-01-11 09:10:06 0 d-----w- c:\windows\network diagnostic
2010-01-11 09:09:10 0 d-----w- c:\windows\system32\ReinstallBackups
2010-01-11 09:07:48 0 d-----w- c:\windows\EHome
2010-01-11 08:36:23 0 d-sh--w- c:\documents and settings\all users\DRM
2010-01-11 08:35:07 0 d-----w- c:\program files\common files\MSSoap
2010-01-11 08:33:49 0 d-----w- c:\program files\Online Services
2010-01-11 08:33:44 0 d-----w- c:\program files\Messenger
2010-01-11 08:33:40 0 d-----w- c:\program files\MSN Gaming Zone
2010-01-11 08:32:58 0 d-----w- c:\program files\Windows NT
2010-01-11 00:13:12 0 d-----w- c:\program files\common files\SpeechEngines
2010-01-11 00:12:46 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-01-11 08:34:25 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

============= FINISH: 1:06:10.25 ===============

Attached Files



#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:36 AM

Posted 16 January 2010 - 04:49 AM

Hi,

This looks OK again.
How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 cltyler

cltyler
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 16 January 2010 - 07:33 PM

No error notices and my computer is running great. So far since what you've instructed me to do there's been nothing fishy going on. How did you know that seconido.dll was a trojan thing?

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:36 AM

Posted 17 January 2010 - 03:43 AM

The secondido.dll has suspicious strings in it and other scanners detect it as well:
http://www.virustotal.com/analisis/ed4ad61...f26e-1263629669

Good to hear everything runs OK again.

Glad I could help. smile.gif

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:36 AM

Posted 22 January 2010 - 08:53 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users