Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wave volume turning itself down w/ ads playing in the background


  • This topic is locked This topic is locked
20 replies to this topic

#1 Inkpuddle

Inkpuddle

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 21 July 2010 - 09:53 PM

I was told to post a new topic here since I hadn't provided all the information needed. Here's a description of my problem from the old thread:

"My wave volume keeps turning itself down, and every so often ads start playing in the background without any visible source. I've tried scans from programs like AVG, Ad-Aware, etc. that buy me about five minutes of peace until the problems come back. I've also started getting pop-ups through Internet Explorer, which I don't even use."

Attached is the Attach.txt file. I can't provide the Ark.txt file because my computer restarts itself every time I run a scan with GMER. This is the DDS.txt file I was told to copy and paste:


DDS (Ver_10-03-17.01) - NTFSx86
Run by AAL at 22:19:46.09 on Wed 07/21/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.56 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe 4
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe 4
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\AAL\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Documents and Settings\AAL\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home?AF=10191
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
mURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge]
uRun: [SansaDispatch] c:\documents and settings\aal\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [Google Update] "c:\documents and settings\aal\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Lamp] c:\scanjet\precisionscanpro\HPLamp.exe
StartupFolder: c:\docume~1\aal\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1041397698609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aal\applic~1\mozilla\firefox\profiles\jvhfj59n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10191
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.pokecommunity.com/index.php
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10191&q=
FF - plugin: c:\documents and settings\aal\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{370c23ee-dbf9-3449-94bf-8cdade138d79}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-21 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-5 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-5 27784]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-5 297752]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-7-21 67584]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-4-5 5010288]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2010-5-30 13384]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-4-5 16168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-07-22 02:16:57 0 ----a-w- c:\documents and settings\aal\defogger_reenable
2010-07-22 01:55:31 0 d-----w- c:\program files\Cobian Backup 10
2010-07-21 11:55:09 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-21 10:42:25 0 d-----w- c:\program files\Conduit
2010-07-21 10:41:43 0 d-----w- c:\program files\myBabylon_English
2010-07-21 10:41:09 0 d-----w- c:\program files\Babylon
2010-07-21 05:47:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-21 05:47:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-21 05:23:41 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 05:22:22 0 d-----w- c:\program files\Lavasoft
2010-07-19 10:20:14 0 d-----w- C:\madsci
2010-07-19 10:20:00 216064 ----a-w- c:\windows\iun3405.exe
2010-07-19 10:19:47 0 d-----w- c:\program files\MadSci
2010-07-15 19:01:32 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-07-15 19:01:32 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-07-15 19:01:32 0 d-----w- c:\program files\SpywareBlaster
2010-07-15 03:02:34 230 ----a-w- c:\windows\system32\spupdsvc.inf
2010-07-06 09:21:15 0 d-----w- c:\docume~1\aal\applic~1\AniFX
2010-07-06 09:21:13 0 d-----w- c:\program files\AniFX 1.0
2010-07-06 09:17:27 0 d-----w- c:\program files\Microsoft GIF Animator
2010-06-25 04:38:47 0 d-----w- c:\docume~1\aal\applic~1\fltk.org
2010-06-25 04:17:36 0 d-----w- c:\program files\ePSXe

==================== Find3M ====================

2010-07-09 11:37:18 14337 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2010-06-04 05:00:57 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-15 03:38:30 88 --sh--r- c:\docume~1\alluse~1\applic~1\AA367A728D.sys
2010-05-12 18:34:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-12 18:34:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

============= FINISH: 22:21:49.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:42 PM

Posted 27 July 2010 - 09:52 PM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.


===============================


Please run another DDS scan and post the new report, also please attach the attach.txt. Thanks.


We're so sorry for the delay,
~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 Inkpuddle

Inkpuddle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 28 July 2010 - 06:29 PM

Don't worry about it, you guys look really busy so I appreciate any response at all.

Here's the new report:


DDS (Ver_10-03-17.01) - NTFSx86
Run by AAL at 19:17:03.05 on Wed 07/28/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.157 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe 4
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe 4
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\AAL\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\AAL\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Documents and Settings\AAL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home?AF=10191
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
mURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge]
uRun: [SansaDispatch] c:\documents and settings\aal\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [Google Update] "c:\documents and settings\aal\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Meebo Notifier] "c:\documents and settings\aal\local settings\application data\meebo\meebo notifier\MeeboNotifier.exe" /startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Lamp] c:\scanjet\precisionscanpro\HPLamp.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
StartupFolder: c:\docume~1\aal\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1041397698609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aal\applic~1\mozilla\firefox\profiles\jvhfj59n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10191
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pokecommunity.com/index.php
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10191&q=
FF - plugin: c:\documents and settings\aal\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{370c23ee-dbf9-3449-94bf-8cdade138d79}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-21 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-5 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-5 27784]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2010-5-30 13384]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-4-5 16168]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-07-28 16:45:26 0 d-----w- c:\docume~1\aal\applic~1\Meebo
2010-07-28 08:09:04 0 d-----w- c:\program files\TSoft
2010-07-28 07:58:10 0 d-----w- c:\windows\tessdata
2010-07-28 07:58:09 1883136 ------w- c:\windows\system32\QuickPDFAX0717.dll
2010-07-28 07:58:07 2680320 ------w- c:\windows\system32\ImageEnXLibrary.ocx
2010-07-28 07:58:06 0 d-----w- c:\program files\FreeOCR
2010-07-28 07:58:05 962560 ------w- c:\windows\tesseract.exe
2010-07-28 07:57:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2010-07-25 11:42:19 0 d-----w- c:\program files\uTorrent
2010-07-25 11:41:48 0 d-----w- c:\docume~1\aal\applic~1\uTorrent
2010-07-24 02:26:41 0 d-----w- C:\Nexon
2010-07-23 07:25:26 0 d-----w- c:\program files\Conduit
2010-07-22 08:48:54 0 d-----w- c:\program files\tamasoftware
2010-07-22 02:16:57 0 ----a-w- c:\documents and settings\aal\defogger_reenable
2010-07-22 01:55:31 0 d-----w- c:\program files\Cobian Backup 10
2010-07-21 11:55:09 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-21 10:41:43 0 d-----w- c:\program files\myBabylon_English
2010-07-21 10:41:09 0 d-----w- c:\program files\Babylon
2010-07-21 05:47:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-21 05:47:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-21 05:23:41 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 05:22:22 0 d-----w- c:\program files\Lavasoft
2010-07-19 10:19:47 0 d-----w- c:\program files\MadSci
2010-07-15 19:01:32 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-07-15 19:01:32 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-07-15 19:01:32 0 d-----w- c:\program files\SpywareBlaster
2010-07-15 03:02:34 230 ----a-w- c:\windows\system32\spupdsvc.inf
2010-07-06 09:21:15 0 d-----w- c:\docume~1\aal\applic~1\AniFX
2010-07-06 09:21:13 0 d-----w- c:\program files\AniFX 1.0
2010-07-06 09:17:27 0 d-----w- c:\program files\Microsoft GIF Animator

==================== Find3M ====================

2010-07-26 04:17:31 14357 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2010-06-04 05:00:57 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-15 03:38:30 88 --sh--r- c:\docume~1\alluse~1\applic~1\AA367A728D.sys
2010-05-12 18:34:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-12 18:34:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

============= FINISH: 19:21:39.96 ===============

Attached Files



#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:42 PM

Posted 28 July 2010 - 10:04 PM

Hi,

Please download MBRCheck to your desktop.
  1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
  2. It will open a black window, please do not fix anything (if it gives you an option).
  3. Exit that window and it will produce a log (MBRCheck_date_time).
  4. Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 Inkpuddle

Inkpuddle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 29 July 2010 - 03:38 AM

MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\Q: --> error 5



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:42 PM

Posted 29 July 2010 - 05:31 AM

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.
Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:
  1. Leave your computer alone while ComboFix is running.
  2. ComboFix will restart your computer if malware is found; allow it to do so.
  3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  4. Please do not mouseclick combofix's window while its running because it may call it to stall.
  5. ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 Inkpuddle

Inkpuddle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 29 July 2010 - 07:38 AM

ComboFix 10-07-28.01 - AAL 07/29/2010 7:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.473 [GMT -4:00]
Running from: c:\documents and settings\AAL\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player
c:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk
c:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\player.swf
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\Skin\DirectFLV\Button.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Logo.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\skin.xml
c:\program files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Window.bmp
c:\program files\FLV Direct Player\uninstall.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\basis.xml
c:\program files\Search Toolbar\bg.bmp
c:\program files\Search Toolbar\bing_logo.png
c:\program files\Search Toolbar\celebrity.png
c:\program files\Search Toolbar\drop_images.png
c:\program files\Search Toolbar\drop_maps.png
c:\program files\Search Toolbar\drop_news.png
c:\program files\Search Toolbar\drop_videos.png
c:\program files\Search Toolbar\drop_web.png
c:\program files\Search Toolbar\facebook.png
c:\program files\Search Toolbar\favicon.png
c:\program files\Search Toolbar\games.png
c:\program files\Search Toolbar\hotmail.png
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\images.png
c:\program files\Search Toolbar\include.xml
c:\program files\Search Toolbar\info.txt
c:\program files\Search Toolbar\lifestyle.png
c:\program files\Search Toolbar\maps.png
c:\program files\Search Toolbar\messenger.png
c:\program files\Search Toolbar\msn.png
c:\program files\Search Toolbar\news.png
c:\program files\Search Toolbar\Thumbs.db
c:\program files\Search Toolbar\twitter.png
c:\program files\Search Toolbar\version.txt
c:\program files\Search Toolbar\video.png
c:\program files\Search Toolbar\videos.png
c:\program files\Search Toolbar\weather.png
c:\program files\Search Toolbar\web.png
c:\windows\AUTOLNCH.REG

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OSPPSVC
-------\Service_osppsvc


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-29 12:08 . 2010-07-29 12:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-28 16:45 . 2010-07-28 16:45 -------- d-----w- c:\documents and settings\AAL\Application Data\Meebo
2010-07-28 16:45 . 2010-07-28 16:45 -------- d-----w- c:\documents and settings\AAL\Local Settings\Application Data\Meebo
2010-07-28 08:09 . 2010-07-28 08:09 -------- d-----w- c:\program files\TSoft
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-----w- c:\windows\tessdata
2010-07-28 07:58 . 2009-10-29 03:46 1883136 ------w- c:\windows\system32\QuickPDFAX0717.dll
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-----w- c:\program files\FreeOCR
2010-07-28 07:58 . 2008-04-27 20:28 962560 ------w- c:\windows\tesseract.exe
2010-07-28 07:57 . 2010-07-28 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2010-07-28 07:57 . 2010-01-05 22:38 54784 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
2010-07-28 07:57 . 2009-12-30 00:59 223232 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
2010-07-27 04:54 . 2007-10-23 13:27 110592 ----a-w- c:\documents and settings\AAL\Application Data\U3\temp\cleanup.exe
2010-07-25 11:42 . 2010-07-25 11:42 -------- d-----w- c:\program files\uTorrent
2010-07-25 11:41 . 2010-07-25 13:16 -------- d-----w- c:\documents and settings\AAL\Application Data\uTorrent
2010-07-24 02:26 . 2010-07-24 02:26 -------- d-----w- C:\Nexon
2010-07-23 11:43 . 2010-07-23 11:44 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-23 07:25 . 2010-07-23 07:25 -------- d-----w- c:\documents and settings\AAL\Local Settings\Application Data\Safe mirror
2010-07-21 05:47 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-21 05:47 . 2010-07-21 05:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-21 05:23 . 2010-07-23 07:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 05:23 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-21 05:22 . 2010-07-21 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-21 05:22 . 2010-07-21 05:22 -------- d-----w- c:\program files\Lavasoft
2010-07-19 10:19 . 2010-07-24 01:47 -------- d-----w- c:\program files\MadSci
2010-07-15 19:01 . 2010-07-23 07:24 -------- d-----w- c:\program files\SpywareBlaster
2010-07-15 19:01 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-07-06 09:21 . 2010-07-06 09:57 -------- d-----w- c:\documents and settings\AAL\Application Data\AniFX
2010-07-06 09:21 . 2010-07-06 09:21 -------- d-----w- c:\program files\AniFX 1.0
2010-07-06 09:17 . 2010-07-06 09:17 -------- d-----w- c:\program files\Microsoft GIF Animator
2010-07-03 10:11 . 2010-07-03 10:11 61440 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76c6f44c-n\decora-sse.dll
2010-07-03 10:11 . 2010-07-03 10:11 503808 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a78951a-n\msvcp71.dll
2010-07-03 10:11 . 2010-07-03 10:11 499712 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a78951a-n\jmc.dll
2010-07-03 10:11 . 2010-07-03 10:11 348160 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a78951a-n\msvcr71.dll
2010-07-03 10:11 . 2010-07-03 10:11 12800 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76c6f44c-n\decora-d3d.dll
2010-06-30 05:13 . 2010-06-30 05:13 -------- d-----w- c:\documents and settings\AAL\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 12:08 . 2010-04-05 18:30 -------- d-----w- c:\documents and settings\AAL\Application Data\WTablet
2010-07-29 12:08 . 2010-04-04 21:25 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-29 11:18 . 2010-04-03 05:54 -------- d-----w- c:\program files\Easy Paint Tool SAI
2010-07-27 04:54 . 2010-06-25 03:04 -------- d-----w- c:\documents and settings\AAL\Application Data\U3
2010-07-26 04:17 . 2010-04-07 00:10 14357 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2010-07-23 07:32 . 2010-04-18 11:47 -------- d-----w- c:\program files\Winamp Remote
2010-07-23 07:25 . 2010-07-23 07:25 -------- d-----w- c:\program files\Conduit
2010-07-23 07:25 . 2010-07-21 10:41 -------- d-----w- c:\program files\Babylon
2010-07-23 07:25 . 2010-07-23 07:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-23 07:24 . 2010-07-21 10:41 -------- d-----w- c:\program files\myBabylon_English
2010-07-23 07:24 . 2010-07-22 01:55 -------- d-----w- c:\program files\Cobian Backup 10
2010-07-22 08:48 . 2010-07-22 08:48 -------- d-----w- c:\program files\tamasoftware
2010-07-21 02:46 . 2010-06-03 04:09 1 ----a-w- c:\documents and settings\AAL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-21 02:46 . 2010-06-03 03:05 -------- d-----w- c:\documents and settings\AAL\Application Data\SoftGrid Client
2010-07-12 12:53 . 2009-01-05 20:24 62840 ----a-w- c:\documents and settings\AAL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 08:55 . 2010-07-21 11:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-25 07:11 . 2009-01-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-25 04:39 . 2010-06-25 04:17 -------- d-----w- c:\program files\ePSXe
2010-06-25 04:38 . 2010-06-25 04:38 -------- d-----w- c:\documents and settings\AAL\Application Data\fltk.org
2010-06-12 13:15 . 2010-05-01 16:13 -------- d-----w- c:\program files\Google
2010-06-11 03:25 . 2010-05-12 18:34 -------- d-----w- c:\program files\Common Files\Real
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\13859\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\13859\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\13859\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\13859\AcrobatUpdater.exe
2010-06-05 06:08 . 2010-06-05 06:04 -------- d-----r- c:\program files\Perfect Cherry Blossom
2010-06-04 05:00 . 2010-05-15 03:23 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-06-04 05:00 . 2010-05-15 03:23 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-06-03 04:09 . 2010-06-03 04:09 -------- d-----w- c:\documents and settings\AAL\Application Data\OpenOffice.org
2010-06-03 04:01 . 2010-06-03 04:01 -------- d-----w- c:\program files\JRE
2010-06-03 04:01 . 2010-06-03 04:01 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-03 03:46 . 2010-06-03 03:46 -------- d-----w- c:\documents and settings\AAL\Application Data\{20140062-0062-0409-0000-0000000FF1CE}
2010-06-03 03:46 . 2010-06-03 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Virtualized Applications
2010-06-03 03:05 . 2010-06-03 03:01 -------- d-----w- c:\documents and settings\AAL\Application Data\TP
2010-06-03 03:03 . 2010-06-03 03:02 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-03 01:03 . 2010-06-03 00:57 -------- d-----w- c:\program files\Sculptris
2010-05-31 07:53 . 2010-05-31 07:53 -------- d-----w- c:\program files\OGPlanet
2010-05-31 06:27 . 2010-05-31 06:27 -------- d-----w- c:\program files\Graboid
2010-05-31 01:08 . 2010-05-31 00:32 -------- d-----w- c:\program files\UltraVNC Addons
2010-05-31 00:33 . 2010-05-31 00:27 -------- d-----w- c:\program files\UltraVNC
2010-05-31 00:29 . 2010-05-31 00:29 -------- d-----w- c:\documents and settings\AAL\Application Data\UltraVNC
2010-05-15 03:38 . 2010-05-15 03:23 88 --sh--r- c:\documents and settings\All Users\Application Data\AA367A728D.sys
2010-05-15 03:38 . 2010-05-15 03:23 88 --sh--r- c:\documents and settings\All Users\Application Data\AA367A728D.sys
2010-05-12 18:34 . 2009-08-27 16:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-12 18:34 . 2009-02-19 20:49 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-07 03:31 . 2010-04-03 05:46 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-05-07 03:31 . 2010-04-03 05:46 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-05-07 03:31 . 2010-04-03 05:46 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-05-07 03:31 . 2010-04-03 05:46 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-05-07 03:31 . 2010-04-03 05:46 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-05-07 03:31 . 2010-04-03 05:46 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-05-07 02:27 . 2010-05-07 02:27 85504 ----a-w- c:\documents and settings\AAL\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 23:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-03 2938552]
"SansaDispatch"="c:\documents and settings\AAL\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-04-14 79872]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Google Update"="c:\documents and settings\AAL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-29 136176]
"Meebo Notifier"="c:\documents and settings\AAL\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2009-03-05 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Lamp"="c:\scanjet\PrecisionScanPro\HPLamp.exe" [1999-07-23 42496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

c:\documents and settings\AAL\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-02 07:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57114:TCP"= 57114:TCP:Pando Media Booster
"57114:UDP"= 57114:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/21/2010 1:47 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/5/2009 5:15 PM 335240]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 8:00 AM 14336]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/5/2009 5:15 PM 297752]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [7/21/2010 9:55 PM 67584]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [4/5/2010 2:30 PM 5010288]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [5/30/2010 8:33 PM 13384]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [4/5/2010 2:30 PM 16168]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1352832]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-329068152-839522115-1003Core.job
- c:\documents and settings\AAL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 08:15]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-329068152-839522115-1003UA.job
- c:\documents and settings\AAL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 08:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=10191
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\AAL\Application Data\Mozilla\Firefox\Profiles\jvhfj59n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10191
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pokecommunity.com/index.php
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10191&q=
FF - plugin: c:\documents and settings\AAL\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
HKCU-Run-AdobeBridge - (no file)
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-X1XgcM - c:\windows\system32\X1XgcM.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 08:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\AAL\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe???????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2100)
c:\windows\system32\SSSensor.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Sygate\SPF\smc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\SOUNDMAN.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-07-29 08:14:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-29 12:14

Pre-Run: 37,563,633,664 bytes free
Post-Run: 42,235,613,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F9498CB61F8220DDF9961D2BEA6F4ED5


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:42 PM

Posted 29 July 2010 - 10:01 AM

Hi,

Can you please give me some more information about your Q:\ drive? What type of drive it is? What type of partition (FAT/NTFS)?


=======================================


P2P Warning:
Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent).

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."




=======================================


We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

CODE
File::
c:\windows\system32\XDva285.sys
c:\documents and settings\All Users\Application Data\AA367A728D.sys

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Driver::
XDva285


4. Save this as CFScript.txt, in the same location as ComboFix.exe




5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 Inkpuddle

Inkpuddle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 29 July 2010 - 10:16 PM

I don't know... to be honest the computer was a hand-me-down from my brother, so I don't know much about it. I was always under the impression it only had one drive. And I don't know even know what a partition is. =/

I've also noticed that I haven't had any problems all day. No pop-ups, audio ads, or muted volume.

Here's the log:

ComboFix 10-07-28.01 - AAL 07/29/2010 22:54:57.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.626 [GMT -4:00]
Running from: c:\documents and settings\AAL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\AAL\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\documents and settings\All Users\Application Data\AA367A728D.sys"
"c:\windows\system32\XDva285.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AA367A728D.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA285
-------\Service_XDva285


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-29 12:08 . 2010-07-30 03:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-28 16:45 . 2010-07-28 16:45 -------- d-----w- c:\documents and settings\AAL\Application Data\Meebo
2010-07-28 16:45 . 2010-07-28 16:45 -------- d-----w- c:\documents and settings\AAL\Local Settings\Application Data\Meebo
2010-07-28 08:09 . 2010-07-28 08:09 -------- d-----w- c:\program files\TSoft
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-----w- c:\windows\tessdata
2010-07-28 07:58 . 2009-10-29 03:46 1883136 ------w- c:\windows\system32\QuickPDFAX0717.dll
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-----w- c:\program files\FreeOCR
2010-07-28 07:58 . 2008-04-27 20:28 962560 ------w- c:\windows\tesseract.exe
2010-07-28 07:57 . 2010-07-28 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2010-07-28 07:57 . 2010-01-05 22:38 54784 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
2010-07-28 07:57 . 2009-12-30 00:59 223232 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
2010-07-27 04:54 . 2007-10-23 13:27 110592 ----a-w- c:\documents and settings\AAL\Application Data\U3\temp\cleanup.exe
2010-07-25 11:42 . 2010-07-25 11:42 -------- d-----w- c:\program files\uTorrent
2010-07-25 11:41 . 2010-07-25 13:16 -------- d-----w- c:\documents and settings\AAL\Application Data\uTorrent
2010-07-24 02:26 . 2010-07-24 02:26 -------- d-----w- C:\Nexon
2010-07-23 11:43 . 2010-07-23 11:44 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-23 07:25 . 2010-07-23 07:25 -------- d-----w- c:\documents and settings\AAL\Local Settings\Application Data\Safe mirror
2010-07-21 05:47 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-21 05:47 . 2010-07-21 05:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-21 05:23 . 2010-07-23 07:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 05:23 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-21 05:22 . 2010-07-21 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-21 05:22 . 2010-07-21 05:22 -------- d-----w- c:\program files\Lavasoft
2010-07-19 10:19 . 2010-07-24 01:47 -------- d-----w- c:\program files\MadSci
2010-07-15 19:01 . 2010-07-23 07:24 -------- d-----w- c:\program files\SpywareBlaster
2010-07-15 19:01 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-07-06 09:21 . 2010-07-06 09:57 -------- d-----w- c:\documents and settings\AAL\Application Data\AniFX
2010-07-06 09:21 . 2010-07-06 09:21 -------- d-----w- c:\program files\AniFX 1.0
2010-07-06 09:17 . 2010-07-06 09:17 -------- d-----w- c:\program files\Microsoft GIF Animator
2010-07-03 10:11 . 2010-07-03 10:11 61440 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76c6f44c-n\decora-sse.dll
2010-07-03 10:11 . 2010-07-03 10:11 503808 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a78951a-n\msvcp71.dll
2010-07-03 10:11 . 2010-07-03 10:11 499712 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a78951a-n\jmc.dll
2010-07-03 10:11 . 2010-07-03 10:11 348160 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a78951a-n\msvcr71.dll
2010-07-03 10:11 . 2010-07-03 10:11 12800 ----a-w- c:\documents and settings\AAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76c6f44c-n\decora-d3d.dll
2010-06-30 05:13 . 2010-06-30 05:13 -------- d-----w- c:\documents and settings\AAL\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 03:02 . 2010-04-05 18:30 -------- d-----w- c:\documents and settings\AAL\Application Data\WTablet
2010-07-30 03:02 . 2010-04-04 21:25 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-30 02:52 . 2010-04-03 05:54 -------- d-----w- c:\program files\Easy Paint Tool SAI
2010-07-29 12:32 . 2010-04-07 00:10 14357 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2010-07-27 04:54 . 2010-06-25 03:04 -------- d-----w- c:\documents and settings\AAL\Application Data\U3
2010-07-23 07:32 . 2010-04-18 11:47 -------- d-----w- c:\program files\Winamp Remote
2010-07-23 07:25 . 2010-07-23 07:25 -------- d-----w- c:\program files\Conduit
2010-07-23 07:25 . 2010-07-21 10:41 -------- d-----w- c:\program files\Babylon
2010-07-23 07:25 . 2010-07-23 07:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-23 07:24 . 2010-07-21 10:41 -------- d-----w- c:\program files\myBabylon_English
2010-07-23 07:24 . 2010-07-22 01:55 -------- d-----w- c:\program files\Cobian Backup 10
2010-07-22 08:48 . 2010-07-22 08:48 -------- d-----w- c:\program files\tamasoftware
2010-07-21 02:46 . 2010-06-03 04:09 1 ----a-w- c:\documents and settings\AAL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-21 02:46 . 2010-06-03 03:05 -------- d-----w- c:\documents and settings\AAL\Application Data\SoftGrid Client
2010-07-12 12:53 . 2009-01-05 20:24 62840 ----a-w- c:\documents and settings\AAL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 08:55 . 2010-07-21 11:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-25 07:11 . 2009-01-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-25 04:39 . 2010-06-25 04:17 -------- d-----w- c:\program files\ePSXe
2010-06-25 04:38 . 2010-06-25 04:38 -------- d-----w- c:\documents and settings\AAL\Application Data\fltk.org
2010-06-12 13:15 . 2010-05-01 16:13 -------- d-----w- c:\program files\Google
2010-06-11 03:25 . 2010-05-12 18:34 -------- d-----w- c:\program files\Common Files\Real
2010-06-05 06:08 . 2010-06-05 06:04 -------- d-----r- c:\program files\Perfect Cherry Blossom
2010-06-04 05:00 . 2010-05-15 03:23 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-06-04 05:00 . 2010-05-15 03:23 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-06-03 04:09 . 2010-06-03 04:09 -------- d-----w- c:\documents and settings\AAL\Application Data\OpenOffice.org
2010-06-03 04:01 . 2010-06-03 04:01 -------- d-----w- c:\program files\JRE
2010-06-03 04:01 . 2010-06-03 04:01 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-03 03:46 . 2010-06-03 03:46 -------- d-----w- c:\documents and settings\AAL\Application Data\{20140062-0062-0409-0000-0000000FF1CE}
2010-06-03 03:46 . 2010-06-03 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Virtualized Applications
2010-06-03 03:05 . 2010-06-03 03:01 -------- d-----w- c:\documents and settings\AAL\Application Data\TP
2010-06-03 03:03 . 2010-06-03 03:02 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-03 01:03 . 2010-06-03 00:57 -------- d-----w- c:\program files\Sculptris
2010-05-31 07:53 . 2010-05-31 07:53 -------- d-----w- c:\program files\OGPlanet
2010-05-31 06:27 . 2010-05-31 06:27 -------- d-----w- c:\program files\Graboid
2010-05-12 18:34 . 2009-08-27 16:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-12 18:34 . 2009-02-19 20:49 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-07 03:31 . 2010-04-03 05:46 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-05-07 03:31 . 2010-04-03 05:46 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-05-07 03:31 . 2010-04-03 05:46 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-05-07 03:31 . 2010-04-03 05:46 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-05-07 03:31 . 2010-04-03 05:46 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-05-07 03:31 . 2010-04-03 05:46 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-05-07 02:27 . 2010-05-07 02:27 85504 ----a-w- c:\documents and settings\AAL\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 23:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-03 2938552]
"SansaDispatch"="c:\documents and settings\AAL\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-04-14 79872]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Google Update"="c:\documents and settings\AAL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-29 136176]
"Meebo Notifier"="c:\documents and settings\AAL\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2009-03-05 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Lamp"="c:\scanjet\PrecisionScanPro\HPLamp.exe" [1999-07-23 42496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

c:\documents and settings\AAL\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-02 07:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57114:TCP"= 57114:TCP:Pando Media Booster
"57114:UDP"= 57114:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/21/2010 1:47 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/5/2009 5:15 PM 335240]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 8:00 AM 14336]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/5/2009 5:15 PM 297752]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [7/21/2010 9:55 PM 67584]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [4/5/2010 2:30 PM 5010288]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [5/30/2010 8:33 PM 13384]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1352832]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [4/5/2010 2:30 PM 16168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-329068152-839522115-1003Core.job
- c:\documents and settings\AAL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 08:15]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-329068152-839522115-1003UA.job
- c:\documents and settings\AAL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 08:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=10191
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\AAL\Application Data\Mozilla\Firefox\Profiles\jvhfj59n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10191
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pokecommunity.com/index.php
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10191&q=
FF - plugin: c:\documents and settings\AAL\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 23:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\AAL\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe???????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\SOUNDMAN.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-07-29 23:07:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 03:07
ComboFix2.txt 2010-07-29 12:14

Pre-Run: 42,274,988,032 bytes free
Post-Run: 42,265,296,896 bytes free

- - End Of File - - 936F82D852DA337ACD21ADD24F2FF732




#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:42 PM

Posted 29 July 2010 - 11:22 PM

Hi,

Please go to My Computer > Right click on Q:\ > click properties. Then tell me the details you can see under the General Tab. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 Inkpuddle

Inkpuddle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 30 July 2010 - 10:25 AM

It says:

Type: Local Disk
File system: RAW
Used space: 0 bytes 0 bytes
Free space: 0 bytes 0 bytes
Capacity: 0 bytes 0 bytes

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:42 PM

Posted 30 July 2010 - 12:04 PM

How's the computer running? Can you please post a new DDS report. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 Inkpuddle

Inkpuddle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 30 July 2010 - 12:49 PM

It's been running fine and I haven't had any problems yet today.


DDS (Ver_10-03-17.01) - NTFSx86
Run by AAL at 13:44:16.73 on Fri 07/30/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.440 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Documents and Settings\AAL\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\AAL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home?AF=10191
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SansaDispatch] c:\documents and settings\aal\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [Google Update] "c:\documents and settings\aal\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Meebo Notifier] "c:\documents and settings\aal\local settings\application data\meebo\meebo notifier\MeeboNotifier.exe" /startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Lamp] c:\scanjet\precisionscanpro\HPLamp.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
StartupFolder: c:\docume~1\aal\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1041397698609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aal\applic~1\mozilla\firefox\profiles\jvhfj59n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10191
FF - prefs.js: browser.search.selectedEngine - 4Shared
FF - prefs.js: browser.startup.homepage - hxxp://www.pokecommunity.com/index.php
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10191&q=
FF - plugin: c:\documents and settings\aal\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{370c23ee-dbf9-3449-94bf-8cdade138d79}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-21 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-5 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-5 27784]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-5 297752]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-7-21 67584]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-4-5 5010288]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2010-5-30 13384]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-4-5 16168]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-07-29 11:33:31 0 d-sha-r- C:\cmdcons
2010-07-29 11:30:05 98816 ----a-w- c:\windows\sed.exe
2010-07-29 11:30:05 77312 ----a-w- c:\windows\MBR.exe
2010-07-29 11:30:05 256512 ----a-w- c:\windows\PEV.exe
2010-07-29 11:30:05 161792 ----a-w- c:\windows\SWREG.exe
2010-07-28 16:45:26 0 d-----w- c:\docume~1\aal\applic~1\Meebo
2010-07-28 08:09:04 0 d-----w- c:\program files\TSoft
2010-07-28 07:58:10 0 d-----w- c:\windows\tessdata
2010-07-28 07:58:09 1883136 ------w- c:\windows\system32\QuickPDFAX0717.dll
2010-07-28 07:58:07 2680320 ------w- c:\windows\system32\ImageEnXLibrary.ocx
2010-07-28 07:58:06 0 d-----w- c:\program files\FreeOCR
2010-07-28 07:58:05 962560 ------w- c:\windows\tesseract.exe
2010-07-28 07:57:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2010-07-25 11:42:19 0 d-----w- c:\program files\uTorrent
2010-07-25 11:41:48 0 d-----w- c:\docume~1\aal\applic~1\uTorrent
2010-07-24 02:26:41 0 d-----w- C:\Nexon
2010-07-23 07:25:26 0 d-----w- c:\program files\Conduit
2010-07-22 08:48:54 0 d-----w- c:\program files\tamasoftware
2010-07-22 02:16:57 0 ----a-w- c:\documents and settings\aal\defogger_reenable
2010-07-22 01:55:31 0 d-----w- c:\program files\Cobian Backup 10
2010-07-21 11:55:09 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-21 10:41:43 0 d-----w- c:\program files\myBabylon_English
2010-07-21 10:41:09 0 d-----w- c:\program files\Babylon
2010-07-21 05:47:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-21 05:47:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-21 05:23:41 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 05:22:22 0 d-----w- c:\program files\Lavasoft
2010-07-19 10:19:47 0 d-----w- c:\program files\MadSci
2010-07-15 19:01:32 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-07-15 19:01:32 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-07-15 19:01:32 0 d-----w- c:\program files\SpywareBlaster
2010-07-15 03:02:34 230 ----a-w- c:\windows\system32\spupdsvc.inf
2010-07-06 09:21:15 0 d-----w- c:\docume~1\aal\applic~1\AniFX
2010-07-06 09:21:13 0 d-----w- c:\program files\AniFX 1.0
2010-07-06 09:17:27 0 d-----w- c:\program files\Microsoft GIF Animator

==================== Find3M ====================

2010-07-29 12:32:05 14357 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2010-06-04 05:00:57 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-12 18:34:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-12 18:34:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

============= FINISH: 13:44:36.50 ===============

Attached Files



#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:42 PM

Posted 30 July 2010 - 11:35 PM

Please go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply .
Note: Kaspersky online scan may take time to complete, please be patient.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 Inkpuddle

Inkpuddle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 31 July 2010 - 02:38 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, July 31, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 31, 2010 12:14:23
Records in database: 4184415
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
Q:\

Scan statistics:
Objects scanned: 68960
Threats found: 4
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 02:54:11


File name / Threat / Threats count
C:\Documents and Settings\AAL\Application Data\Sun\Java\Deployment\cache\6.0\0\6804d000-32d50a52 Infected: Exploit.Java.Agent.bu 1
C:\Documents and Settings\AAL\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-1b6fcd4a Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\AAL\Application Data\Sun\Java\Deployment\cache\6.0\37\330b3de5-355275d3 Infected: Exploit.Java.Agent.s 3
C:\Documents and Settings\AAL\Application Data\Sun\Java\Deployment\cache\6.0\53\66f20c75-3c25354b Infected: Exploit.Java.Agent.bu 2
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.gc 1

Selected area has been scanned.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users