1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Win XP Suspected Virus: "Privacy Intrusion"

Discussion in 'Malware and Virus Removal Archive' started by andrewsauce32, 2010/03/09.

  1. 2010/03/09
    andrewsauce32

    andrewsauce32 Inactive Thread Starter

    Joined:
    2009/06/23
    Messages:
    82
    Likes Received:
    0
    [Active] Win XP Suspected Virus: "Privacy Intrusion "

    So here's the deal:

    Lately it would seem that my mothers computer has been acting up, and various messages such as, "Stealth Intrusion Detected ", "Your identity has been stolen" and others have been appearing. To be quite honest, im not sure what exactly the virus is doing, but I think its kinda obvious that its nothing good. Did a quick scan with MBAM, and found 3 things, and deleted them. I have the log to post, if needed. Thanks!

    (Oh, and I forgot... Was I supposed to post a log of a scan on here? D:)
     
    andrewsauce32,
    #1
  2. 2010/03/09
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2010/03/09
    andrewsauce32

    andrewsauce32 Inactive Thread Starter

    Joined:
    2009/06/23
    Messages:
    82
    Likes Received:
    0
    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Andrew at 20:09:39.01 on Tue 03/09/2010
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.106 [GMT -5:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Andrew\Local Settings\Application Data\av.exe
    C:\DOCUME~1\Andrew\LOCALS~1\Temp\whsgsq.exe
    C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
    C:\Documents and Settings\Andrew\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    mSearch Page = ${URL_SEARCHPAGE}
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
    TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe "
    uRun: [Aim6]
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
    mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - hxxp://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\n4ifsw23.default\
    FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npbeatnk.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npswf32.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-26 11608]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-6-26 132640]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-6-26 24096]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-26 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-26 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-26 56816]
    R2 Ias;Network Security;c:\windows\system32\svchost.exe -k netsvcs [2001-8-18 14336]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-1 24652]
    S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-6-26 692496]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    S3 ndiswdk;ndiswdk;c:\windows\system32\ndiswdk.sys [2001-8-18 2304]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    =============== Created Last 30 ================

    2010-03-10 01:09:23 823296 ----a-w- c:\windows\system32\drivers\OLD3F.tmp
    2010-03-10 01:08:27 823296 ----a-w- c:\windows\system32\drivers\OLD3B.tmp
    2010-03-10 01:08:20 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
    2010-03-10 01:05:46 36 ----a-w- c:\program files\kris.bat
    2010-02-17 16:41:55 0 d-----w- c:\program files\Dream soft

    ==================== Find3M ====================

    2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-01-02 00:50:04 69 ----a-w- c:\documents and settings\andrew\jagex_runescape_preferences2.dat
    2010-01-02 00:50:03 39 -c--a-w- c:\documents and settings\andrew\jagex_runescape_preferences.dat
    2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-09-07 14:29:36 56 --sh--r- c:\windows\system32\8AE075FFB9.sys
    2009-10-07 20:41:21 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2009-09-05 02:10:26 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009090420090905\index.dat

    ============= FINISH: 20:10:56.29 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/12/2003 9:31:53 PM
    System Uptime: 3/9/2010 7:18:19 PM (1 hours ago)

    Motherboard: Dell Computer Corporation | | Dimension 8200
    Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1993/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 74 GiB total, 35.507 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_0EE09004&REV_02\4&19FD8D60&0&3AF0
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_0EE09004&REV_02\4&19FD8D60&0&3AF0
    Service:

    ==== System Restore Points ===================

    RP228: 12/9/2009 3:23:53 PM - System Checkpoint
    RP229: 12/10/2009 11:03:16 AM - Software Distribution Service 3.0
    RP230: 12/11/2009 3:56:51 PM - System Checkpoint
    RP231: 12/12/2009 4:03:12 PM - System Checkpoint
    RP232: 12/13/2009 5:50:25 PM - System Checkpoint
    RP233: 12/14/2009 6:45:37 PM - System Checkpoint
    RP234: 12/15/2009 11:12:11 PM - System Checkpoint
    RP235: 12/16/2009 11:21:06 PM - System Checkpoint
    RP236: 12/18/2009 8:18:37 AM - System Checkpoint
    RP237: 12/19/2009 8:56:30 AM - System Checkpoint
    RP238: 12/20/2009 9:39:07 AM - System Checkpoint
    RP239: 12/21/2009 10:24:10 AM - System Checkpoint
    RP240: 12/23/2009 12:18:12 AM - System Checkpoint
    RP241: 12/24/2009 12:30:57 AM - System Checkpoint
    RP242: 12/25/2009 12:58:51 AM - System Checkpoint
    RP243: 12/26/2009 3:18:36 PM - System Checkpoint
    RP244: 12/28/2009 12:56:08 AM - System Checkpoint
    RP245: 12/29/2009 7:25:19 AM - System Checkpoint
    RP246: 12/30/2009 1:52:25 PM - System Checkpoint
    RP247: 12/31/2009 4:21:37 PM - System Checkpoint
    RP248: 1/1/2010 4:27:05 PM - System Checkpoint
    RP249: 1/2/2010 4:36:50 PM - System Checkpoint
    RP250: 1/3/2010 4:56:53 PM - System Checkpoint
    RP251: 1/5/2010 6:21:57 AM - System Checkpoint
    RP252: 1/6/2010 7:23:50 AM - System Checkpoint
    RP253: 1/7/2010 8:13:03 AM - System Checkpoint
    RP254: 1/8/2010 9:22:54 AM - System Checkpoint
    RP255: 1/9/2010 9:30:39 AM - System Checkpoint
    RP256: 1/10/2010 11:37:48 AM - System Checkpoint
    RP257: 1/11/2010 12:51:58 PM - System Checkpoint
    RP258: 1/12/2010 1:59:18 PM - System Checkpoint
    RP259: 1/13/2010 6:58:23 AM - Software Distribution Service 3.0
    RP260: 1/14/2010 7:53:53 AM - System Checkpoint
    RP261: 1/15/2010 8:45:59 AM - System Checkpoint
    RP262: 1/16/2010 9:15:13 AM - System Checkpoint
    RP263: 1/17/2010 11:50:07 AM - System Checkpoint
    RP264: 1/18/2010 1:39:20 PM - System Checkpoint
    RP265: 1/19/2010 2:40:28 PM - System Checkpoint
    RP266: 1/20/2010 2:42:19 PM - System Checkpoint
    RP267: 1/21/2010 2:44:50 PM - System Checkpoint
    RP268: 1/22/2010 7:07:53 PM - System Checkpoint
    RP269: 1/23/2010 3:00:26 AM - Software Distribution Service 3.0
    RP270: 1/24/2010 3:58:13 AM - System Checkpoint
    RP271: 1/25/2010 7:32:13 AM - System Checkpoint
    RP272: 1/26/2010 8:00:19 AM - System Checkpoint
    RP273: 1/27/2010 8:12:30 AM - System Checkpoint
    RP274: 1/28/2010 8:41:50 AM - System Checkpoint
    RP275: 1/29/2010 10:06:48 AM - System Checkpoint
    RP276: 1/30/2010 10:28:17 AM - System Checkpoint
    RP277: 1/31/2010 1:55:36 PM - System Checkpoint
    RP278: 2/1/2010 3:24:47 PM - System Checkpoint
    RP279: 2/2/2010 3:45:35 PM - System Checkpoint
    RP280: 2/3/2010 4:29:26 PM - System Checkpoint
    RP281: 2/4/2010 5:37:37 PM - System Checkpoint
    RP282: 2/5/2010 5:53:07 PM - System Checkpoint
    RP283: 2/6/2010 8:51:32 PM - System Checkpoint
    RP284: 2/7/2010 11:19:30 PM - System Checkpoint
    RP285: 2/8/2010 11:31:07 PM - System Checkpoint
    RP286: 2/9/2010 11:53:00 PM - System Checkpoint
    RP287: 2/10/2010 3:00:22 AM - Software Distribution Service 3.0
    RP288: 2/11/2010 12:08:55 PM - System Checkpoint
    RP289: 2/12/2010 12:44:47 PM - System Checkpoint
    RP290: 2/13/2010 1:44:40 PM - System Checkpoint
    RP291: 2/14/2010 2:45:51 PM - System Checkpoint
    RP292: 2/15/2010 6:12:40 PM - System Checkpoint
    RP293: 2/16/2010 6:36:23 PM - System Checkpoint
    RP294: 2/17/2010 11:41:52 AM - Installed Pokemon Light
    RP295: 2/18/2010 12:36:28 PM - System Checkpoint
    RP296: 2/19/2010 1:41:24 PM - System Checkpoint
    RP297: 2/20/2010 2:25:54 PM - System Checkpoint
    RP298: 2/21/2010 3:30:31 PM - System Checkpoint
    RP299: 2/22/2010 3:47:50 PM - System Checkpoint
    RP300: 2/23/2010 4:12:46 PM - System Checkpoint
    RP301: 2/24/2010 4:20:38 PM - System Checkpoint
    RP302: 2/25/2010 3:00:24 AM - Software Distribution Service 3.0
    RP303: 2/26/2010 3:19:35 AM - System Checkpoint
    RP304: 2/28/2010 11:29:39 AM - System Checkpoint
    RP305: 3/1/2010 12:10:27 PM - System Checkpoint
    RP306: 3/2/2010 12:43:25 PM - System Checkpoint
    RP307: 3/3/2010 1:08:27 PM - System Checkpoint
    RP308: 3/4/2010 2:08:27 PM - System Checkpoint
    RP309: 3/5/2010 2:13:25 PM - System Checkpoint
    RP310: 3/6/2010 3:27:26 PM - System Checkpoint
    RP311: 3/8/2010 12:15:23 PM - System Checkpoint

    ==== Installed Programs ======================

    ABBYY FineReader 4.0 Sprint
    Acrobat.com
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe PhotoDeluxe Home Edition 4.0
    Adobe Reader 9
    Adobe Shockwave Player
    AIM 6
    ALTools Update
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    BitTorrent
    COMODO Internet Security
    DAEMON Tools Toolbar
    Dealio Toolbar v4.0
    Dell ResourceCD
    EPSON Printer Software
    Family Tree Maker
    Foxit Reader
    Foxit Toolbar
    Glary Utilities 2.15.0.738
    Google Gmail Notifier
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Ink Monitor
    Intel A/V Codecs V2.0
    Java(TM) 6 Update 14
    Kazoo Player
    Magic CD/DVD Burner .NET version 1.40
    MAGIX music maker 7
    Malwarebytes' Anti-Malware
    MapleStory
    McAfee Security Scan
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Small Business
    Microsoft Picture It! Photo Premium 7.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Web Publishing Wizard 1.52
    Microsoft XML Parser
    Modem User Guide
    Mozilla Firefox (3.5.8)
    MSXML 6 Service Pack 2 (KB954459)
    MUSICMATCH Jukebox
    Netscape Communicator 4.79
    NVIDIA Display Driver
    NVIDIA Windows 2000/XP Display Drivers
    Pando Media Booster
    PaperPort 8.0
    PhoneTools
    Pivot Stickfigure Animator
    Pokemon Light
    PowerDVD
    PowerISO
    Print Workshop 2004
    PrintMaster 12
    QuickTime
    Revo Uninstaller 1.83
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Shockwave
    SIW version 2009-07-28
    Skulltag
    SlimDX Redistributable (March 2009)
    Snap 'n Share
    SoundMAX
    Steam
    TBS WMP Plug-in
    The Print Shop 12
    ToggleEN Toolbar
    Uninstall Dual Mode Camera
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoCam Suite
    VideoCam Suite 1.0
    Viewpoint Media Player
    Warcraft III
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    3/9/2010 8:10:41 PM, error: Service Control Manager [7000] - The Microsoft Kernel DRM Audio Descrambler service failed to start due to the following error: The system cannot find the file specified.
    3/9/2010 8:10:36 PM, error: Service Control Manager [7000] - The Microsoft Kernel DLS Syntheiszer service failed to start due to the following error: The system cannot find the file specified.
    3/9/2010 8:09:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file dmusic.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    3/9/2010 8:08:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file changer.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    3/9/2010 8:08:18 PM, error: Service Control Manager [7000] - The Closed Caption Decoder service failed to start due to the following error: The system cannot find the file specified.
    3/9/2010 8:08:15 PM, error: Service Control Manager [7000] - The ATM ARP Client Protocol service failed to start due to the following error: The system cannot find the file specified.
    3/9/2010 8:08:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file asyncmac.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    3/9/2010 8:08:11 PM, error: Service Control Manager [7000] - The RAS Asynchronous Media Driver service failed to start due to the following error: The system cannot find the file specified.
    3/9/2010 8:08:03 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: The system cannot find the file specified.
    3/9/2010 8:08:02 PM, error: Service Control Manager [7000] - The Intel(r) 82801 Audio Driver Install Service (WDM) service failed to start due to the following error: The system cannot find the file specified.
    3/8/2010 6:29:47 PM, error: Dhcp [1002] - The IP address lease 24.247.102.56 for the Network Card with network address 0008A1038876 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    3/5/2010 6:36:44 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
    3/5/2010 10:53:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COMODO Internet Security Helper Service service to connect.
    3/5/2010 10:53:48 AM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: Access is denied.
    3/5/2010 10:53:48 AM, error: Service Control Manager [7000] - The COMODO Internet Security Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
    andrewsauce32,
    #3
  5. 2010/03/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...