Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Couple of problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Couple of problems

Unread postby GreyEagle99 » July 27th, 2010, 11:12 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/26/2010 9:47:55 PM
mbam-log-2010-07-26 (21-47-55).txt

Scan type: Quick scan
Objects scanned: 141690
Time elapsed: 9 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=290e48b71cad1144930f492e3fa9403d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-27 10:01:32
# local_time=2010-07-27 05:01:32 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 35809386 35809386 0 0
# compatibility_mode=768 16777215 100 0 10617021 10617021 0 0
# compatibility_mode=1024 16777215 100 0 455546 455546 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=156983
# found=6
# cleaned=0
# scan_time=23175
C:\Documents and Settings\Michael\My Documents\Downloads\RummyRoyalSetup(2).exe a variant of Win32/GHInstaller.A application 00000000000000000000000000000000 I
C:\Documents and Settings\Michael\My Documents\Downloads\RummyRoyalSetup.exe a variant of Win32/GHInstaller.A application 00000000000000000000000000000000 I
C:\Qoobox\32788R22FWJFW\mouclass.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP517\A0078350.exe Win32/Adware.SpywareProtect2009 application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP517\A0078360.exe Win32/Adware.SpywareProtect2009 application 00000000000000000000000000000000 I
J:\My Stuff\Norton Antivirus 2007 Corporate CRACKED - ALL CURRENT UPDATES 10 Yr License.iso a variant of Win32/Injector.DD trojan 00000000000000000000000000000000 I
GreyEagle99
Regular Member
 
Posts: 37
Joined: July 6th, 2008, 8:41 pm
Advertisement
Register to Remove

Re: Couple of problems

Unread postby melboy » July 27th, 2010, 2:35 pm

Hi
J:\My Stuff\Norton Antivirus 2007 Corporate CRACKED - ALL CURRENT UPDATES 10 Yr License.iso a variant of Win32/Injector.DD trojan 00000000000000000000000000000000 I


Cracks, Keygens, Warez etc.

As the log(s) you've posted indicate, you've used one or more of the above.

>> Forum Policy <<

The software will have to be removed before we can continue.

Along with P2P filesharing, this is a surefire way to get your computer is infected. Downloading cracks via P2P or visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

Additionally, cracked programs are illegal. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.

The distribution and use of cracked copies is illegal in almost every developed country.


The combofix script below will remove the detected cracked item. If you do not wish to remove the detected cracked item, do not run the script. This topic will then be closed.



COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:: 
    J:\My Stuff\Norton Antivirus 2007 Corporate CRACKED - ALL CURRENT UPDATES 10 Yr License.iso
    C:\Documents and Settings\Michael\My Documents\Downloads\RummyRoyalSetup(2).exe
    C:\Documents and Settings\Michael\My Documents\Downloads\RummyRoyalSetup.exe
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Couple of problems

Unread postby GreyEagle99 » July 27th, 2010, 5:10 pm

ComboFix 10-07-26.04 - Michael 07/27/2010 14:37:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2935.1698 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Michael\My Documents\Downloads\RummyRoyalSetup(2).exe"
"c:\documents and settings\Michael\My Documents\Downloads\RummyRoyalSetup.exe"
"j:\my stuff\Norton Antivirus 2007 Corporate CRACKED - ALL CURRENT UPDATES 10 Yr License.iso"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michael\My Documents\Downloads\RummyRoyalSetup(2).exe
c:\documents and settings\Michael\My Documents\Downloads\RummyRoyalSetup.exe
j:\my stuff\Norton Antivirus 2007 Corporate CRACKED - ALL CURRENT UPDATES 10 Yr License.iso

.
((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))
.

2010-07-27 03:31 . 2010-07-27 03:31 -------- d-----w- c:\program files\ESET
2010-07-25 04:22 . 2010-07-25 04:22 54016 ----a-w- c:\windows\system32\drivers\flttho.sys
2010-07-25 03:19 . 2010-07-25 03:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-24 01:22 . 2010-07-24 01:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-07-20 21:02 . 2010-07-20 21:02 -------- d-----w- c:\program files\AVG
2010-07-20 19:55 . 2007-01-13 14:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-07-20 19:50 . 2007-01-13 15:46 204800 ----a-w- c:\windows\system32\igfxCoIn_v4764.dll
2010-07-20 19:50 . 2007-01-13 15:33 2482688 ----a-w- c:\windows\system32\igxpdx32.dll
2010-07-20 19:50 . 2007-01-13 15:33 5672032 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-07-20 19:50 . 2007-01-13 15:33 57344 ----a-w- c:\windows\system32\igxprd32.dll
2010-07-20 19:50 . 2007-01-13 15:32 149504 ----a-w- c:\windows\system32\igxpgd32.dll
2010-07-20 19:50 . 2007-01-13 15:32 1563776 ----a-w- c:\windows\system32\igxpdv32.dll
2010-07-20 19:50 . 2007-01-13 15:09 450560 ----a-w- c:\windows\system32\igldev32.dll
2010-07-20 19:50 . 2007-01-13 15:07 2334720 ----a-w- c:\windows\system32\iglicd32.dll
2010-07-20 19:50 . 2007-01-13 14:46 135168 ----a-w- c:\windows\system32\igfxpers.exe
2010-07-20 19:50 . 2007-01-13 14:46 241664 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-07-20 19:50 . 2007-01-19 15:14 389120 ----a-w- c:\windows\system32\igxpun.exe
2010-07-20 19:50 . 2006-11-10 13:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-07-20 19:49 . 2010-07-20 19:49 -------- d-----w- C:\Intel
2010-07-20 19:48 . 2010-07-20 19:48 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-20 19:48 . 2010-07-20 19:48 84480 ----a-w- c:\documents and settings\Michael\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-07-20 19:48 . 2010-07-20 19:48 -------- d-----w- c:\documents and settings\Michael\Application Data\SystemRequirementsLab
2010-07-20 13:42 . 2010-07-20 13:42 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-19 19:17 . 2010-07-19 19:17 -------- d-----w- c:\documents and settings\Michael\Application Data\InstallShield
2010-07-19 18:42 . 2010-07-21 00:50 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-13 19:27 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 13:17 . 2010-07-09 13:17 -------- d-----w- c:\program files\Sierra On-Line
2010-07-09 13:17 . 2010-07-09 13:17 -------- d-----w- C:\SIERRA
2010-07-09 13:17 . 2010-07-09 13:17 -------- d-----w- c:\program files\WON
2010-07-09 04:15 . 2010-07-09 04:15 -------- d-----w- c:\windows\Installing Adobe Acrobat Reader
2010-07-09 04:15 . 2010-07-09 04:15 -------- d-----w- c:\program files\Microsoft Games
2010-06-29 11:33 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-27 20:57 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-27 20:55 . 2010-06-27 20:55 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 19:28 . 2010-06-10 07:02 99 ----a-w- c:\documents and settings\Michael\jagex_runescape_preferences2.dat
2010-07-27 19:28 . 2010-06-10 06:54 46 ----a-w- c:\documents and settings\Michael\jagex_runescape_preferences.dat
2010-07-25 15:52 . 2010-06-04 05:01 63488 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-25 15:51 . 2010-06-04 05:00 117760 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-25 05:48 . 2010-06-04 05:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-25 05:35 . 2009-08-05 05:26 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-20 16:35 . 2010-01-27 05:55 -------- d-----w- c:\program files\mIRC
2010-07-20 12:17 . 2010-03-15 07:51 1535 ----a-w- c:\documents and settings\Michael\Application Data\iolo\restore.bat
2010-07-20 10:54 . 2010-03-15 01:03 -------- d-----w- c:\documents and settings\Michael\Application Data\iolo
2010-07-19 19:57 . 2009-05-15 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 18:28 . 2009-05-13 20:51 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-19 17:20 . 2009-07-19 23:32 -------- d-----w- c:\program files\CCleaner
2010-07-14 00:03 . 2009-06-16 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-08 12:51 . 2010-03-15 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-07-06 20:16 . 2010-03-15 04:07 94384 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-07-06 20:16 . 2009-12-11 05:08 2319536 ----a-w- c:\windows\system32\Incinerator.dll
2010-07-03 21:29 . 2010-01-27 05:55 -------- d-----w- c:\documents and settings\Michael\Application Data\mIRC
2010-06-28 20:57 . 2010-06-15 00:46 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-06-15 00:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-06-15 00:46 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-06-15 00:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-06-15 00:46 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-06-15 00:46 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-06-15 00:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-06-15 00:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-26 21:51 . 2009-08-01 03:47 -------- d-----w- c:\program files\Windows Live
2010-06-15 00:52 . 2005-01-10 01:26 81720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-15 00:17 . 2009-05-21 21:31 -------- d-----w- c:\program files\MSBuild
2010-06-15 00:16 . 2010-06-15 00:16 -------- d-----w- c:\program files\Reference Assemblies
2010-06-14 14:31 . 2009-05-14 03:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 04:40 . 2009-05-20 20:53 -------- d-----w- c:\documents and settings\Michael\Application Data\Apple Computer
2010-06-13 04:05 . 2010-06-13 04:03 -------- d-----w- c:\program files\iTunes
2010-06-13 04:05 . 2010-06-13 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-13 04:03 . 2010-06-13 04:03 -------- d-----w- c:\program files\iPod
2010-06-13 04:03 . 2009-05-20 20:51 -------- d-----w- c:\program files\Common Files\Apple
2010-06-13 03:48 . 2009-05-20 20:53 -------- d-----w- c:\program files\Bonjour
2010-06-13 03:43 . 2010-06-13 03:43 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-13 03:42 . 2010-06-13 03:41 -------- d-----w- c:\program files\Safari
2010-06-13 03:32 . 2010-06-13 03:32 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-10 07:02 . 2010-06-10 07:02 0 ----a-w- c:\documents and settings\Michael\jagex__preferences3.dat
2010-06-10 05:35 . 2009-10-06 12:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 21:31 . 2009-05-27 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-06-06 15:47 . 2009-05-18 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-06 15:36 . 2009-05-14 03:08 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-06-04 23:36 . 2010-06-04 23:35 -------- d-----w- c:\program files\Google
2010-06-04 05:00 . 2010-06-04 05:00 52224 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-04 05:00 . 2010-06-04 05:00 -------- d-----w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2010-06-04 05:00 . 2010-06-04 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-03 13:33 . 2010-06-03 05:57 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-03 12:32 . 2010-06-03 12:32 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2010-06-03 12:28 . 2010-03-29 14:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-03 06:37 . 2010-06-03 06:37 -------- d-----w- c:\program files\Panda Security
2010-05-06 10:41 . 2009-05-14 03:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2009-05-14 03:09 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2009-05-27 22:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-05-27 03:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 15:32 . 2006-01-23 15:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 23:03 . 2007-07-24 23:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-05-22 160328]
"Google Update"="c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-27 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2008-06-18 106576]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe" [2008-04-03 77824]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\progra~1\iolo\SYSTEM~1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-27 05:40 135664 ----atw- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 14:47 163840 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 22:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 8:08 PM 15448]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/3/2010 7:18 AM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2010 7:46 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2010 7:46 PM 17744]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/14/2010 11:07 PM 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/14/2010 11:07 PM 711352]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 11:21 AM 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [9/18/2007 7:24 AM 11552]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [6/13/2008 3:51 PM 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [6/13/2008 3:51 PM 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [12/18/2007 7:14 PM 11360]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2010 6:35 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [12/20/2007 9:37 AM 20056]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [10/8/2007 2:10 PM 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [10/8/2007 2:10 PM 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [10/8/2007 2:10 PM 22360]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [12/26/2007 11:53 AM 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2/22/2008 11:25 AM 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [12/18/2007 7:20 PM 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2/29/2008 3:02 PM 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2/22/2008 11:25 AM 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2/22/2008 11:25 AM 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [12/26/2007 11:18 AM 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [1/11/2008 5:08 PM 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [6/25/2007 12:08 AM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [6/25/2007 12:08 AM 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [12/18/2007 6:14 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [12/27/2007 9:45 AM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [6/13/2008 9:27 AM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [6/13/2008 9:27 AM 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [11/26/2007 5:22 PM 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [1/8/2008 12:38 AM 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [1/8/2008 12:21 AM 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [12/20/2007 3:54 PM 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [1/8/2008 12:38 AM 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2/22/2008 11:25 AM 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [1/8/2008 12:35 AM 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2/14/2008 8:58 PM 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [1/2/2008 1:14 PM 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2/19/2008 11:56 PM 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2/22/2008 11:25 AM 11368]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2/22/2008 11:25 AM 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2/22/2008 11:25 AM 11336]
S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [5/27/2009 6:10 PM 395224]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-04 23:35]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-04 23:35]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1542371463-2904305432-1622746480-1005Core.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 05:40]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1542371463-2904305432-1622746480-1005UA.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 05:40]

2010-07-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dogpile.com/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\3pmxtf4b.default\
FF - prefs.js: browser.startup.homepage - www.dogpile.com
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Michael\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Michael\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcosmop211.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 14:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-07-27 14:47:29
ComboFix-quarantined-files.txt 2010-07-27 19:47
ComboFix2.txt 2010-07-26 21:16
ComboFix3.txt 2010-07-26 00:02

Pre-Run: 105,864,228,864 bytes free
Post-Run: 105,419,579,392 bytes free

- - End Of File - - E4245855F4710C8BAC1431925B296EB2
GreyEagle99
Regular Member
 
Posts: 37
Joined: July 6th, 2008, 8:41 pm

Re: Couple of problems

Unread postby melboy » July 27th, 2010, 5:20 pm

After looking through your past topics you have been warned before about P2P filesharing use (BitComet this topic & Limewire previously), and the use of cracked software.

viewtopic.php?p=442570#p442570

In line with Forum policy I am withdrawing my offer of help.

viewtopic.php?p=491395#p491395
If you remove the cracked software in order to be helped, and at some future time return seeking help and are found to have more cracked software on your computer, you will be denied help, and details of your computer may be forwarded to the appropriate authorities.

viewtopic.php?p=491394#p491394
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we will refuse our help.



====================================


Uninstall Combofix
We Need to Remove ComboFix
  1. Please go to Start -> Run
  2. Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.
    Image
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.


OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Couple of problems

Unread postby GreyEagle99 » July 27th, 2010, 5:48 pm

Just to set a few things straight, that bitcomet folder was on my computer from a long time ago and I had completely forgotten about it. The same goes for that norton cracked folder. I haven't used any P2P or cracked programs for a long time and I don't plan on it in the future. The problem I had this time is from going to a website that automatically downloaded a virus on to my computer. Anyways thank you for the help that you have provided.
GreyEagle99
Regular Member
 
Posts: 37
Joined: July 6th, 2008, 8:41 pm

Re: Couple of problems

Unread postby NonSuch » July 27th, 2010, 6:12 pm

It is the policy of this site that we do not assist those who persist in using P2P filesharing software after being cautioned not to do so, nor do we provide support to those who persist in the installation and use of cracks and/or pirated software. You are once again running cracked software as well as P2P software. This site does not support the use of cracked/pirated software of any kind. We regard the use of such software as being the same as theft. Note that the use of such software is likely the source of your system's repeated malware infections.

As this is the third time you have come here with an infected system, with both P2P software and illegal software installed, you will receive no further help from this site, and your account will be deactivated. Do not attempt to use a different account in order to receive assistance, as that will be detected.

Due to violation of MWR policies, this topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware