Please Help. Virtumonde.dll found: Will not go away

BullGuard Antivirus Forum > Virus > Virus Questions > Please Help. Virtumonde.dll found: Will not go away

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Arkane
New Member

Date Joined Aug 2008
Total Posts : 8

Posted 8-16-2008 12:37 (GMT +1)

Hi, this is my 1st time on here. I found this site referencing some potential viral programs on my pc.I was first notified of a Trojan with AVG Anti-Virus. Then w/ Spybot Search and Destroy it found Virtumonde.dll. They won't seem to leave and from reading past posts, you guys seem to be able to help w/ the HJT program. Can you help me?

Arkane
New Member

Date Joined Aug 2008
Total Posts : 8

Posted 8-16-2008 12:39 (GMT +1)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\kek.exe
C:\WINDOWS\system32\mpxa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Adam John Carol\Local Settings\Temp\wz4914\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: {31e0994c-44c8-e6a9-9fa4-a07a695efa67} - {76afe596-a70a-4af9-9a6e-8c44c4990e13} - C:\WINDOWS\system32\gutskpmf.dll (file missing)
O2 - BHO: (no name) - {C6E54DC2-7F72-4A91-A587-27319624B514} - C:\WINDOWS\system32\nnnMdDVo.dll (file missing)
O2 - BHO: (no name) - {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - C:\WINDOWS\system32\opnkhFYS.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7255] command /c del "C:\WINDOWS\system32\ruxwpgsa.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9379] cmd /c del "C:\WINDOWS\system32\ruxwpgsa.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8406] command /c del "C:\WINDOWS\system32\sfsaqoln.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9664] cmd /c del "C:\WINDOWS\system32\sfsaqoln.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - HKCU\..\Run: [kek] c:\WINDOWS\system32\kek.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6220] command /c del "C:\WINDOWS\system32\ruxwpgsa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2453] cmd /c del "C:\WINDOWS\system32\ruxwpgsa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7228] command /c del "C:\WINDOWS\system32\sfsaqoln.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9997] cmd /c del "C:\WINDOWS\system32\sfsaqoln.dll_old"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
O18 - Protocol: intu-qt2006 - {13834D94-C631-4CD1-963D-9B5F4593B127} - C:\QuickTax 2006\QT2006\ic2006pp.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: opnkhFYS - opnkhFYS.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 8-16-2008 2:54 (GMT +1)

Hello Arkane and welcome cool

Click here - >> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic

Please copy and paste your log. DO NOT add it as an attachment

Kindly do not annotate or format the log with color or font changes.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Arkane
New Member

Date Joined Aug 2008
Total Posts : 8

Posted 8-17-2008 5:46 (GMT +1)

Sorry about jumping the gun there. Here is the HJT Log w/ the Super Antiware log and Combofix:

Logfile of HijackThis v1.99.1
Scan saved at 8:17:50 PM, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\kek.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [kek] c:\WINDOWS\system32\kek.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
O18 - Protocol: intu-qt2006 - {13834D94-C631-4CD1-963D-9B5F4593B127} - C:\QuickTax 2006\QT2006\ic2006pp.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/16/2008 at 08:58 PM

Application Version : 4.15.1000

Core Rules Database Version : 3538
Trace Rules Database Version: 1527

Scan type : Complete Scan
Total Scan Time : 00:37:43

Memory items scanned : 361
Memory threats detected : 0
Registry items scanned : 6132
Registry threats detected : 0
File items scanned : 29475
File threats detected : 0

Adware.Tracking Cookie
.indextools.com [ C:\Documents and Settings\Adam John Carol\Application Data\Mozilla\Firefox\Profiles\fi7gs2ic.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Adam John Carol\Application Data\Mozilla\Firefox\Profiles\fi7gs2ic.default\cookies.txt ]

ComboFix 08-08-15.04 - Adam John Carol 2008-08-16 18:23:38.1 - NTFSx86
Running from: C:\Documents and Settings\Adam John Carol\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMb359257e.txt
C:\WINDOWS\BMb359257e.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cyksbcsn.ini
C:\WINDOWS\system32\ejcftaru.ini
C:\WINDOWS\system32\gcwrskfo.ini
C:\WINDOWS\system32\hhqnhcrw.ini
C:\WINDOWS\system32\jtjaqcsh.ini
C:\WINDOWS\system32\kmwiajdo.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\njqbdhyw.ini
C:\WINDOWS\system32\oVDdMnnn.ini
C:\WINDOWS\system32\oVDdMnnn.ini2
C:\WINDOWS\system32\PsttDJlm.ini
C:\WINDOWS\system32\PsttDJlm.ini2
C:\WINDOWS\system32\qqqxfdgp.ini
C:\WINDOWS\system32\sduvxpty.ini
C:\WINDOWS\system32\yhsmvlyq.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-15 22:17 . 2008-08-15 22:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-15 22:17 . 2008-08-15 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-15 22:17 . 2008-08-15 22:17 <DIR> d-------- C:\Documents and Settings\Adam John Carol\Application Data\SUPERAntiSpyware.com
2008-08-15 22:06 . 2008-08-15 22:06 <DIR> d-------- C:\Program Files\CCleaner
2008-08-15 21:48 . 2008-08-15 21:48 276 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-14 18:42 . 2008-05-01 09:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 18:43 . 2008-08-13 18:44 <DIR> d-------- C:\my dvd
2008-08-13 17:43 . 2008-08-13 18:41 67 --a------ C:\WINDOWS\Easy DVD Creator.INI
2008-08-12 17:23 . 2008-08-12 17:23 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-08-08 19:02 . 2008-08-08 19:02 <DIR> d-------- C:\Program Files\iPod
2008-08-06 18:44 . 2008-08-06 18:44 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-06 18:44 . 2008-08-07 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-06 18:15 . 2008-08-06 18:15 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-03 22:38 . 2008-08-06 23:17 <DIR> d-------- C:\Documents and Settings\Adam John Carol\Application Data\Ahead
2008-08-01 00:59 . 2008-08-01 00:59 41,764 --a------ C:\WINDOWS\system32\kek.exe
2008-07-25 03:36 . 2008-07-25 03:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-07-25 03:36 . 2008-07-25 03:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-07-23 11:50 . 2008-07-23 11:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 11:48 . 2008-07-23 11:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-07-23 11:48 . 2008-07-23 11:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-07-23 11:47 . 2008-07-23 11:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
2008-07-23 11:47 . 2008-07-23 11:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-07-23 11:47 . 2008-07-23 11:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 11:47 . 2008-07-23 11:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 11:46 . 2008-07-23 11:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 03:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 00:54 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-14 00:24 --------- d-----w C:\Program Files\DAP
2008-08-12 16:48 --------- d-----w C:\Documents and Settings\Adam John Carol\Application Data\Xfire
2008-08-12 16:46 --------- d-----w C:\Program Files\DivX
2008-08-09 00:02 --------- d-----w C:\Program Files\iTunes
2008-08-06 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-05 00:27 --------- d-----w C:\Documents and Settings\Adam John Carol\Application Data\DVD Flick
2008-08-03 18:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 15:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 01:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-14 19:44 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-14 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-13 14:40 22,328 ----a-w C:\Documents and Settings\Adam John Carol\Application Data\PnkBstrK.sys
2008-07-13 01:03 --------- d-----w C:\Program Files\Bonjour
2008-07-09 23:48 86,528 ----a-w C:\WINDOWS\bnetunin.exe
2008-07-09 23:48 61,440 ----a-w C:\WINDOWS\diabunin.exe
2008-07-09 22:20 --------- d-----w C:\Program Files\Starcraft
2008-07-09 22:02 --------- d-----w C:\Program Files\Guitar Pro 5
2008-07-07 03:37 --------- d-----w C:\Program Files\InterActual
2008-07-06 21:40 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-07-05 05:38 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-02 21:21 94 ----a-w C:\bbcscte.bat
2008-07-01 03:28 --------- d-----w C:\Program Files\QuickTime
2008-07-01 01:53 --------- d-----w C:\Program Files\MSN Messenger
2008-06-29 22:34 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-06-29 22:33 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 00:13 --------- d-----w C:\Program Files\Soulseek
2008-06-18 23:36 --------- d-----w C:\Program Files\Fraps
2008-06-17 01:11 --------- d-----w C:\Program Files\Xfire
2008-06-16 18:18 --------- d-----w C:\Program Files\BitPim
2005-02-16 16:06 218,112 ----a-w C:\Program Files\HijackThis.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"kek"="c:\WINDOWS\system32\kek.exe" [2008-08-01 00:59 41764]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 00:39 1232152]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
-ra------ 2006-03-28 15:48 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--a------ 2006-04-10 14:58 61440 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 13:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 18:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 16:35 716800 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2005-05-20 10:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 04:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-24 01:02 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 20:05 734264 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"usnjsvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"PnkBstrA"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIb\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIb\\RpcSandraSrv.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\COD4\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\mpxa.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 13:19]
R3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 15:05]
R3 XPAD910;XPADFilter Service 910;C:\WINDOWS\system32\DRIVERS\xpad910.sys []
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []
S0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-11-21 20:28]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-07-05 00:38]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 00:39]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-07-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{76afe596-a70a-4af9-9a6e-8c44c4990e13} - C:\WINDOWS\system32\gutskpmf.dll
BHO-{C6E54DC2-7F72-4A91-A587-27319624B514} - C:\WINDOWS\system32\nnnMdDVo.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
Notify-opnkhFYS - opnkhFYS.dll
MSConfigStartUp-b06a16e2 - C:\WINDOWS\system32\ytpxvuds.dll
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-BMb359257e - C:\WINDOWS\system32\kqkpgqum.dll
MSConfigStartUp-Launch PC Probe II - C:\Program Files\ASUS\PC Probe II\Probe2.exe
MSConfigStartUp-NBJ - C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe
MSConfigStartUp-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Adam John Carol\Application Data\Mozilla\Firefox\Profiles\fi7gs2ic.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 18:33:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-16 18:46:14 - machine was rebooted [Adam John Carol]
ComboFix-quarantined-files.txt 2008-08-16 23:46:05

Pre-Run: 24,646,701,056 bytes free
Post-Run: 24,575,520,768 bytes free

265 --- E O F --- 2008-08-16 02:48:52

Arkane
New Member

Date Joined Aug 2008
Total Posts : 8

Posted 8-19-2008 1:34 (GMT +1)

Do these scans help?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 8-19-2008 4:19 (GMT +1)

Yes

Please download Malwarebytes' Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with fresh combofix log.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Arkane
New Member

Date Joined Aug 2008
Total Posts : 8

Posted 8-20-2008 2:12 (GMT +1)

Malwarebytes' Anti-Malware 1.25
Database version: 1071
Windows 5.1.2600 Service Pack 2

7:43:55 PM 19/08/2008
mbam-log-08-19-2008 (19-43-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 130866
Time elapsed: 1 hour(s), 24 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\diablo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\battle.net (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\diabunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\bnetunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpxa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\C5AHQ7U3\CAQVGL6N (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\C5AHQ7U3\idkfa (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MD4X4B2P\CAT6TOPY (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MD4X4B2P\kriv (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MD4X4B2P\kriv (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SNIRAXSJ\idkfa (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YN6B09Q9\glas (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\bbcscte.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

ComboFix 08-08-18.05 - Adam John Carol 2008-08-19 19:46:41.2 - NTFSx86
Running from: C:\Documents and Settings\Adam John Carol\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Adam John Carol\UserData
C:\Documents and Settings\Adam John Carol\UserData\BEW3Z9O1\oWindowsUpdate.xml
C:\Documents and Settings\Adam John Carol\UserData\D7ZFXP4Y\Tdy58.xml
C:\Documents and Settings\Adam John Carol\UserData\index.dat
C:\Documents and Settings\Friends\UserData
C:\Documents and Settings\Friends\UserData\index.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.

2008-08-19 17:27 . 2008-08-19 17:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 17:27 . 2008-08-19 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 17:27 . 2008-08-19 17:27 <DIR> d-------- C:\Documents and Settings\Adam John Carol\Application Data\Malwarebytes
2008-08-19 17:27 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-19 17:27 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 20:18 . 2008-08-16 20:21 <DIR> d-------- C:\HJT
2008-08-15 22:17 . 2008-08-15 22:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-15 22:17 . 2008-08-15 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-15 22:17 . 2008-08-15 22:17 <DIR> d-------- C:\Documents and Settings\Adam John Carol\Application Data\SUPERAntiSpyware.com
2008-08-15 22:06 . 2008-08-15 22:06 <DIR> d-------- C:\Program Files\CCleaner
2008-08-15 21:48 . 2008-08-15 21:48 276 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-14 18:42 . 2008-05-01 09:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 18:43 . 2008-08-13 18:44 <DIR> d-------- C:\my dvd
2008-08-13 17:43 . 2008-08-13 18:41 67 --a------ C:\WINDOWS\Easy DVD Creator.INI
2008-08-12 17:23 . 2008-08-12 17:23 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-08-08 19:02 . 2008-08-08 19:02 <DIR> d-------- C:\Program Files\iPod
2008-08-06 18:44 . 2008-08-06 18:44 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-06 18:44 . 2008-08-07 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-06 18:15 . 2008-08-06 18:15 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-03 22:38 . 2008-08-06 23:17 <DIR> d-------- C:\Documents and Settings\Adam John Carol\Application Data\Ahead
2008-08-01 00:59 . 2008-08-01 00:59 41,764 --a------ C:\WINDOWS\system32\kek.exe
2008-07-25 03:36 . 2008-07-25 03:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-07-25 03:36 . 2008-07-25 03:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-07-23 11:50 . 2008-07-23 11:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 11:48 . 2008-07-23 11:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-07-23 11:48 . 2008-07-23 11:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-07-23 11:47 . 2008-07-23 11:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
2008-07-23 11:47 . 2008-07-23 11:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-07-23 11:47 . 2008-07-23 11:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 11:47 . 2008-07-23 11:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 11:46 . 2008-07-23 11:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 21:35 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-17 21:35 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-17 01:17 7,245 ----a-w C:\Program Files\hijackthis.log
2008-08-16 03:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-14 00:24 --------- d-----w C:\Program Files\DAP
2008-08-12 16:48 --------- d-----w C:\Documents and Settings\Adam John Carol\Application Data\Xfire
2008-08-12 16:46 --------- d-----w C:\Program Files\DivX
2008-08-09 00:02 --------- d-----w C:\Program Files\iTunes
2008-08-06 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-05 00:27 --------- d-----w C:\Documents and Settings\Adam John Carol\Application Data\DVD Flick
2008-08-03 18:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 15:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 01:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-14 19:44 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-14 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-13 21:28 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-13 14:40 22,328 ----a-w C:\Documents and Settings\Adam John Carol\Application Data\PnkBstrK.sys
2008-07-13 01:03 --------- d-----w C:\Program Files\Bonjour
2008-07-09 22:20 --------- d-----w C:\Program Files\Starcraft
2008-07-09 22:02 --------- d-----w C:\Program Files\Guitar Pro 5
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 03:37 --------- d-----w C:\Program Files\InterActual
2008-07-06 21:40 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-07-05 05:38 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-05 05:38 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-01 03:28 --------- d-----w C:\Program Files\QuickTime
2008-07-01 01:53 --------- d-----w C:\Program Files\MSN Messenger
2008-06-29 22:34 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-06-29 22:33 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-03 00:56 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2005-02-16 16:06 218,112 ----a-w C:\Program Files\HijackThis.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"kek"="c:\WINDOWS\system32\kek.exe" [2008-08-01 00:59 41764]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 00:39 1232152]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
-ra------ 2006-03-28 15:48 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--a------ 2006-04-10 14:58 61440 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 13:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 18:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 16:35 716800 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2005-05-20 10:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 04:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-24 01:02 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 20:05 734264 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"usnjsvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"PnkBstrA"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIb\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIb\\RpcSandraSrv.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\COD4\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 13:19]
R3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 15:05]
R3 XPAD910;XPADFilter Service 910;C:\WINDOWS\system32\DRIVERS\xpad910.sys []
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []
S0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-11-21 20:28]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-07-05 00:38]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 00:39]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-07-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Adam John Carol\Application Data\Mozilla\Firefox\Profiles\fi7gs2ic.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 19:50:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
Completion time: 2008-08-19 19:53:18
ComboFix-quarantined-files.txt 2008-08-20 00:52:16
ComboFix2.txt 2008-08-16 23:46:15

Pre-Run: 28,349,992,960 bytes free
Post-Run: 28,350,324,736 bytes free

234 --- E O F --- 2008-08-16 02:48:52

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 8-20-2008 11:13 (GMT +1)

Looks clean smile

How are things running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Arkane
New Member

Date Joined Aug 2008
Total Posts : 8

Posted 8-21-2008 12:10 (GMT +1)

Things seem to run alright. But i still have some weird exe. files running in my Task manager (ex: Kek.exe)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 8-22-2008 5:07 (GMT +1)

Ok. Have it checked

C:\WINDOWS\system32\kek.exe

Here:
http://virusscan.jotti.org/

Post back the results, in your next reply

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Arkane
New Member

Date Joined Aug 2008
Total Posts : 8

Posted 8-22-2008 10:54 (GMT +1)

Scan taken on 22 Aug 2008 21:52:17 (GMT)
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan-Downloader.Win32.Agent.aajt
Fortinet
Found nothing
Ikarus
Found Backdoor.Win32.Small.ejp
Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.Agent.aajt
NOD32
Found NSIS/TrojanDownloader.Agent.NAK
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Trojan-Downloader.Win32.Agent.aajt

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 8-23-2008 7:03 (GMT +1)

Seems to be a nasty one, I´ll therefore suggest you delete it, possibly from safe mode

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Post Edited (Touch) : 23-08-2008 06:10:27 GMT

Arkane
New Member

Date Joined Aug 2008
Total Posts : 8

Posted 8-23-2008 11:14 (GMT +1)

well I was planning on re-formating a few months down the line but since you suggest trying to delete it, I may just re-format now. Thank you very much for all your Time and Help! I really appreciated it!

Forum Information

Currently it is Saturday, November 22, 2008 12:49 PM (GMT +1)
There are a total of 64.045 posts in 15.836 threads.
In the last 3 days there were 26 new threads and 154 reply posts. View Active Threads