Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected:w32.blaster.worm


  • Please log in to reply
8 replies to this topic

#1 Llew02

Llew02

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 02 February 2011 - 04:54 PM

Greetings, I hope some one can help me, I have tried to comply with the instructions prior to posting but nothing will open.

I just get a message "your file is infected with w32blaster.worm please activate spyware protection to activate your computer"

It then links me to a site http://spyprotect2011.com/ which wants me to insert my credit card details.

I am presently unable to run any applications.

Yours in hope

Llew

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:39 PM

Posted 06 February 2011 - 04:45 PM

hi Llew02,

Your post is a few days old. If you still need help simply post back.

How Can I Reduce My Risk to Malware?


#3 Llew02

Llew02
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 08 February 2011 - 02:02 PM

Thank you for the reply
I eventually managed to get my anti virus programme Iolo system mechanic to run which gave me some functionality back. However I am still having problems accesing a number of internet sites and am not sure if this is a related problem. Prior to last week my machine was running well. I have now been able to follow the pre-post instructions and include the detail required.

Any help would be appreciated.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Llewelyn at 20:22:32.55 on 07/02/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.699 [GMT 0:00]

AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
FW: iolo Personal Firewall *Disabled* {F909866E-F507-2F4D-FFA2-4B7710021863}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Garmin\gStart.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Llewelyn\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070216
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070216
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WebCGMHlprObj Class: {56b38f40-4e70-11d4-a076-0080ad86ba2f} - c:\windows\system32\cgmopenbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [gStart] c:\garmin\gStart.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_S3959.tmp" /EF "HKCU"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NWEReboot]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iolo Personal Firewall] "c:\program files\iolo\system mechanic professional\personal firewall\ioloFW.exe" rstrq
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\myprin~1.lnk - c:\program files\hewlett-packard\hp deskjet 450 printer\toolbox\mpm.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\common\firewall\iFW_Xfilter.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D05F33E0-3F75-11D3-A176-006008944486} - hxxp://download.audible.com/AM36/awrdscdc.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2011-2-1 39424]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-2-1 20392]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67656]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2011-2-1 127016]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2011-2-1 1118248]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-2-1 724664]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-2-1 724664]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-21 21504]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-2 25600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a79fdc57a190;Google Update Service (gupdate1c9a79fdc57a190);c:\program files\google\update\GoogleUpdate.exe [2009-3-18 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-15 30192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-26 137600]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2010-9-18 138112]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-02-04 08:09:46 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5afae3b2-a709-4e3a-8359-ea76ca040861}\mpengine.dll
2011-02-03 18:55:43 -------- d-----w- c:\program files\Microsoft LifeCam
2011-02-02 22:01:43 -------- d-----w- c:\program files\ESET
2011-02-01 22:44:08 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
2011-02-01 22:25:54 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-02-01 22:21:55 127016 ----a-r- c:\windows\system32\drivers\amp.sys
2011-02-01 22:21:55 1118248 ----a-r- c:\windows\system32\drivers\ampse.sys
2011-02-01 22:21:54 -------- d-----w- c:\program files\common files\Authentium
2011-02-01 22:21:33 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2011-02-01 20:40:59 118784 ----a-w- c:\windows\system32\iavlsp.dll
2011-02-01 20:40:24 2234040 ----a-w- c:\windows\system32\Incinerator.dll
2011-02-01 20:40:12 39424 ----a-w- c:\windows\system32\xpacket.sys
2011-02-01 20:40:10 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2011-02-01 20:40:00 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-02-01 20:40:00 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-02-01 20:39:53 -------- d-----w- c:\program files\iolo
2011-02-01 20:35:05 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-02-01 20:10:34 -------- d-----w- c:\users\llewelyn\appdata\roaming\iolo
2011-02-01 20:10:34 -------- d-----w- c:\progra~2\iolo
2011-01-28 16:12:29 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-01-28 16:12:28 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-01-28 15:47:05 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-23 21:12:47 -------- d-----w- c:\users\llewelyn\{eb6e539d-1d0a-44cb-992c-b7598e5e4f60}
2011-01-23 20:13:28 -------- d-----w- c:\users\llewelyn\appdata\local\NokiaAccount
2011-01-23 20:02:34 -------- d-----w- c:\users\llewelyn\appdata\local\Nokia
2011-01-23 19:57:25 -------- d-----w- c:\users\llewelyn\{76f1f303-e3a1-4724-b9e9-f69cb0b18ded}
2011-01-23 19:57:19 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-23 19:50:22 -------- d-----w- c:\progra~2\NokiaInstallerCache
2011-01-13 12:49:54 -------- d-----w- c:\program files\iPod
2011-01-13 12:49:53 -------- d-----w- c:\program files\iTunes
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-01-13 09:31:42 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-13 09:31:42 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-13 09:31:41 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-13 09:31:41 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-13 09:31:41 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-13 09:31:41 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-13 09:31:35 1169408 ----a-w- c:\windows\system32\sdclt.exe

==================== Find3M ====================

2010-12-02 22:30:44 73728 ----a-w- c:\windows\system32\nx6000res.dll
2010-12-02 22:30:44 631808 ----a-w- c:\windows\system32\LCCoin36.dll
2010-12-02 22:30:44 509440 ----a-w- c:\windows\system32\LcProxy2.ax
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 20:28:00.40 ===============

Attached Files



#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:39 PM

Posted 08 February 2011 - 04:54 PM

We will get a download to use as another check for malware and go from there.

please activate spyware protection to activate your computer"

FYI; you had scareware <--- follow link to my site

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*


When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

How Can I Reduce My Risk to Malware?


#5 Llew02

Llew02
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 10 February 2011 - 03:21 AM

Shelflife

Thanks for the assistance, I downloaded the programme and ran it, it fixed 8 (I think) but then needed a restart for the final item. This is where the problems started as it froze on the restart it eventually restarted via start up repair and restore. Hopefully this wont have reinstalled my problems. The log is as follows
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5721

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

09/02/2011 22:56:59
mbam-log-2011-02-09 (22-56-59).txt

Scan type: Full scan (C:\|D:\|G:\|)
Objects scanned: 411388
Time elapsed: 4 hour(s), 15 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\cgmopenbho.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56B38F40-4E70-11d4-A076-0080AD86BA2F} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{56B38F40-4E70-11d4-A076-0080AD86BA2F} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{56B38F41-4E70-11D4-A076-0080AD86BA2F} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{56B38F42-4E70-11D4-A076-0080AD86BA2F} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WebCGMHlprObj.WebCGMHlprObj.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WebCGMHlprObj.WebCGMHlprObj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{56B38F40-4E70-11D4-A076-0080AD86BA2F} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{56B38F40-4E70-11D4-A076-0080AD86BA2F} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\CGMOPENBHO.DLL (Trojan.BHO) -> Value: CGMOPENBHO.DLL -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosaabout.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosaau.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosaeula.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosa_kyf_update.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\Windows\System32\cgmopenbho.dll (Trojan.BHO) -> Delete on reboot.

#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:39 PM

Posted 10 February 2011 - 06:58 PM

hi,

ok good. Can you rescan and post a new DDS log.

ZangoSA

This is well known adware that came along with a install of software.

How Can I Reduce My Risk to Malware?


#7 Llew02

Llew02
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 11 February 2011 - 07:26 AM

Shelf life

Scan OK logs attached


DDS (Ver_10-12-12.02) - NTFSx86
Run by Llewelyn at 7:55:45.19 on 11/02/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.618 [GMT 0:00]

AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
FW: iolo Personal Firewall *Disabled* {F909866E-F507-2F4D-FFA2-4B7710021863}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Garmin\gStart.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k wdisvc
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Llewelyn\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070216
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070216
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [gStart] c:\garmin\gStart.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_S3959.tmp" /EF "HKCU"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NWEReboot]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iolo Personal Firewall] "c:\program files\iolo\system mechanic professional\personal firewall\ioloFW.exe" rstrq
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\myprin~1.lnk - c:\program files\hewlett-packard\hp deskjet 450 printer\toolbox\mpm.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\common\firewall\iFW_Xfilter.dll
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
Trusted Zone: plus.net\portal
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D05F33E0-3F75-11D3-A176-006008944486} - hxxp://download.audible.com/AM36/awrdscdc.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2011-2-1 39424]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-2-1 20392]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67656]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2011-2-1 127016]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2011-2-1 1118248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-21 21504]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-2 25600]
S2 gupdate1c9a79fdc57a190;Google Update Service (gupdate1c9a79fdc57a190);c:\program files\google\update\GoogleUpdate.exe [2009-3-18 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-15 30192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-26 137600]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2010-9-18 138112]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-02-10 20:23:33 -------- d-----w- c:\users\llewelyn\appdata\local\ElevatedDiagnostics
2011-02-10 20:18:15 -------- d-----w- c:\program files\Microsoft ATS
2011-02-10 17:57:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 17:57:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-10 17:10:27 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8814fcd0-122d-4414-8bc1-8efc1493a0c9}\mpengine.dll
2011-02-09 18:39:27 -------- d-----w- c:\users\llewelyn\appdata\roaming\Malwarebytes
2011-02-09 18:39:13 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-09 18:39:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 18:55:43 -------- d-----w- c:\program files\Microsoft LifeCam
2011-02-02 22:01:43 -------- d-----w- c:\program files\ESET
2011-02-01 22:44:08 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
2011-02-01 22:25:54 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-02-01 22:21:55 127016 ----a-r- c:\windows\system32\drivers\amp.sys
2011-02-01 22:21:55 1118248 ----a-r- c:\windows\system32\drivers\ampse.sys
2011-02-01 22:21:54 -------- d-----w- c:\program files\common files\Authentium
2011-02-01 22:21:33 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2011-02-01 20:40:59 118784 ----a-w- c:\windows\system32\iavlsp.dll
2011-02-01 20:40:24 2234040 ----a-w- c:\windows\system32\Incinerator.dll
2011-02-01 20:40:12 39424 ----a-w- c:\windows\system32\xpacket.sys
2011-02-01 20:40:10 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2011-02-01 20:40:00 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-02-01 20:40:00 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-02-01 20:39:53 -------- d-----w- c:\program files\iolo
2011-02-01 20:35:05 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-02-01 20:10:34 -------- d-----w- c:\users\llewelyn\appdata\roaming\iolo
2011-02-01 20:10:34 -------- d-----w- c:\progra~2\iolo
2011-01-28 16:12:29 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-01-28 16:12:28 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-01-28 15:47:05 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-23 21:12:47 -------- d-----w- c:\users\llewelyn\{eb6e539d-1d0a-44cb-992c-b7598e5e4f60}
2011-01-23 20:13:28 -------- d-----w- c:\users\llewelyn\appdata\local\NokiaAccount
2011-01-23 20:02:34 -------- d-----w- c:\users\llewelyn\appdata\local\Nokia
2011-01-23 19:57:25 -------- d-----w- c:\users\llewelyn\{76f1f303-e3a1-4724-b9e9-f69cb0b18ded}
2011-01-23 19:57:19 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-23 19:50:22 -------- d-----w- c:\progra~2\NokiaInstallerCache
2011-01-13 12:49:54 -------- d-----w- c:\program files\iPod
2011-01-13 12:49:53 -------- d-----w- c:\program files\iTunes
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-01-13 12:41:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-01-13 09:31:42 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-13 09:31:42 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-13 09:31:41 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-13 09:31:41 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-13 09:31:41 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-13 09:31:41 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-13 09:31:35 1169408 ----a-w- c:\windows\system32\sdclt.exe

==================== Find3M ====================

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-02 22:30:44 73728 ----a-w- c:\windows\system32\nx6000res.dll
2010-12-02 22:30:44 631808 ----a-w- c:\windows\system32\LCCoin36.dll
2010-12-02 22:30:44 509440 ----a-w- c:\windows\system32\LcProxy2.ax
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 7:58:15.74 ===============

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5733

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

11/02/2011 12:12:57
mbam-log-2011-02-11 (12-12-57).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 416530
Time elapsed: 4 hour(s), 0 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks

Can you recomend a suitable anti virus program to install to stop re-currance.

Llew

#8 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:39 PM

Posted 12 February 2011 - 11:20 AM

So hows it looking on your end now? Logs look ok.

Can you recomend a suitable anti virus program to install to stop re-currance.


Iam really not familiar with Iolo products. But no antivirus is a 100% guarantee. You have one AV which is all you need. You have two antimalware, Superantispyware and Malwarebytes. Note that malwarebytes (the free version) must be updated manually and a scan started manually. Not sure if its the same with SAS.
I can recommend some free antivirus if you want, but its no guarantee either. Just check out a few other logs and you will see people use many different anti this and that but still have malware.
Use the links below to check out my website. I have some prevention tips there. Its not just about what AV you have.

How Can I Reduce My Risk to Malware?


#9 Llew02

Llew02
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 13 February 2011 - 05:28 AM

Shelf life thanks for your assistance.

All seems ok now except a problem accessing certain websites especially those that operate through some sort of encryption like my sign on page for Amazon or E bay. Not sure if this is related or not.

I am away for a week now but will try and sort out on my return. Thanks againn for help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users