lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Win32:Alureon-BH [RTK] Rootkit gingersonny

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 4 of 4 123 4
 
Thread Tools
  #31  
Old 27th Jun 2009, 10:52
New Member Group
  
OK, I did as asked, here's the new log:

ComboFix 09-06-26.02 - Sonny 27/06/2009 18:33.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1460 [GMT 1:00]
Running from: c:\users\Sonny\Desktop\ComboFix.exe
Command switches used :: c:\users\Sonny\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 01:31 . 2009-06-27 01:31 -------- d-----w- c:\program files\CDBurnerXP
2009-06-26 19:51 . 2009-06-26 19:51 -------- d-----w- c:\program files\Trend Micro
2009-06-26 17:18 . 2009-06-26 19:49 117760 ----a-w- c:\users\Sonny\AppData\Roaming\SUPERAntiSpyware.co m\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-26 17:18 . 2009-06-26 17:18 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2009-06-26 17:18 . 2009-06-26 17:18 -------- d-----w- c:\users\Sonny\AppData\Roaming\SUPERAntiSpyware.co m
2009-06-26 17:18 . 2009-06-26 17:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-26 17:11 . 2009-06-26 17:11 -------- d-----w- c:\program files\CCleaner
2009-06-25 13:46 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-25 13:46 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-25 13:46 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-25 13:46 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-25 13:46 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-25 13:45 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-25 13:45 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-25 13:45 . 2009-06-25 13:45 -------- d-----w- c:\program files\Alwil Software
2009-06-24 15:11 . 2009-06-25 13:35 -------- d-sh--w- c:\users\Sonny\AppData\Roaming\lowsec
2009-06-14 02:21 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 02:21 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 15:12 . 2009-06-12 15:12 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-06-11 23:13 . 2009-06-11 23:13 -------- d-----w- C:\wing2
2009-06-11 18:04 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 12:36 . 2009-06-10 12:36 -------- d-----w- c:\windows\Start Menu
2009-06-10 12:36 . 2009-06-10 12:36 -------- d-----w- c:\program files\Origin Systems
2009-06-08 18:01 . 2009-06-08 18:01 26624 ----a-r- c:\users\Sonny\AppData\Roaming\Microsoft\Installer \{6910C412-A523-493C-BC22-0213CD7F4F3A}\Icon6910C412.exe
2009-06-08 17:55 . 2009-06-08 18:01 -------- d-----w- c:\program files\Industry Giant 2
2009-06-03 18:08 . 2009-06-03 18:08 390664 ----a-w- c:\users\Sonny\AppData\Roaming\Real\RealPlayer\Upd ate\RealPlayer11.exe
2009-06-03 18:08 . 2009-06-03 18:08 390664 ----a-w- c:\users\Sonny\AppData\Roaming\Real\Update\temp\~U pg6\RealPlayer11.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-27 17:42 . 2008-02-21 18:00 -------- d-----w- c:\progra~2\Kontiki
2009-06-27 17:42 . 2007-11-30 13:00 -------- d-----w- c:\program files\Steam
2009-06-27 02:40 . 2007-11-30 13:10 -------- d-----w- c:\program files\Common Files\Steam
2009-06-27 02:28 . 2007-11-28 07:21 -------- d-----w- c:\users\Sonny\AppData\Roaming\Skype
2009-06-27 02:27 . 2008-06-12 17:55 -------- d-----w- c:\users\Sonny\AppData\Roaming\skypePM
2009-06-27 00:23 . 2008-11-11 12:06 -------- d-----w- c:\program files\Conquer 2.0
2009-06-26 23:57 . 2009-05-02 16:03 -------- d-----w- c:\program files\17funtv
2009-06-26 21:39 . 2008-11-11 22:09 1356 ----a-w- c:\users\Sonny\AppData\Local\d3d9caps.dat
2009-06-26 17:17 . 2008-03-15 22:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-26 16:33 . 2009-03-22 15:23 -------- d-----w- c:\users\Sonny\AppData\Roaming\Spotify
2009-06-26 15:29 . 2009-01-13 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 13:35 . 2007-08-27 18:18 -------- d-----w- c:\program files\ATI
2009-06-25 13:34 . 2007-08-27 18:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-25 13:32 . 2007-11-25 13:14 -------- d-----w- c:\program files\Symantec
2009-06-25 13:31 . 2009-01-13 16:05 -------- d-----w- c:\progra~2\NortonInstaller
2009-06-25 12:39 . 2007-12-03 23:04 -------- d-----w- c:\users\Sonny\AppData\Roaming\Free Download Manager
2009-06-22 13:16 . 2009-05-08 22:39 -------- d-----w- c:\users\Sonny\AppData\Roaming\dvdcss
2009-06-21 11:02 . 2007-11-25 14:40 -------- d-----w- c:\users\Sonny\AppData\Roaming\uTorrent
2009-06-17 10:27 . 2009-01-13 16:54 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-01-13 16:54 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 12:47 . 2008-05-24 00:19 1878984 ----a-w- c:\users\Sonny\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-12 12:36 . 2008-11-11 00:36 -------- d-----w- c:\users\Sonny\AppData\Roaming\Xfire
2009-06-12 02:07 . 2007-11-25 22:34 -------- d-----w- c:\progra~2\Microsoft Help
2009-05-22 10:06 . 2009-05-22 10:06 -------- d-----w- c:\program files\GameTap Web Player
2009-05-22 10:05 . 2009-05-22 10:05 -------- d-----w- c:\progra~2\GameTap Web Player
2009-05-15 23:19 . 2009-05-15 23:18 227 ----a-w- c:\windows\PowerReg.dat
2009-05-15 23:18 . 2009-05-15 23:18 -------- d-----w- c:\program files\Hasbro Interactive
2009-05-14 19:21 . 2009-05-14 19:21 390664 ----a-w- c:\users\Sonny\AppData\Roaming\Real\Update\temp\~U pg5\RealPlayer11.exe
2009-05-14 02:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 19:06 . 2009-05-12 19:06 -------- d-----w- c:\users\Sonny\AppData\Roaming\BBCiPlayerDesktop.6 1DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-05-12 19:06 . 2009-05-12 19:06 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-05-12 19:06 . 2009-05-12 19:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-12 19:04 . 2009-05-12 19:06 38208 ----a-w- c:\users\Sonny\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-05-07 19:12 . 2009-05-07 19:12 -------- d-----w- c:\users\Sonny\AppData\Roaming\StreamTorrent
2009-05-07 19:12 . 2009-05-07 19:12 -------- d-----w- c:\program files\StreamTorrent 1.0
2009-05-05 18:05 . 2009-05-22 10:05 462848 ----a-w- c:\users\Sonny\AppData\Roaming\Mozilla\Firefox\Pro files\364tu6n5.default\extensions\GameTap@gametap. com\plugins\npGameTapWebUpdater.dll
2009-05-05 10:29 . 2009-05-05 10:29 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-05 10:29 . 2008-01-27 12:22 -------- d-----w- c:\program files\iTunes
2009-05-05 10:29 . 2009-05-05 10:29 -------- d-----w- c:\program files\iPod
2009-05-05 10:29 . 2008-01-27 12:19 -------- d-----w- c:\program files\Common Files\Apple
2009-05-02 16:06 . 2009-01-06 20:38 -------- d-----w- c:\progra~2\Yahoo! Companion
2009-05-02 16:05 . 2009-05-02 16:05 -------- d-----w- c:\program files\afreeca
2009-05-02 16:03 . 2009-05-02 16:03 964608 ----a-w- c:\windows\system32\mfc70u.dll
2009-05-02 16:03 . 2009-05-02 16:03 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-05-02 12:00 . 2009-05-02 12:00 -------- d-----w- c:\program files\FilmOn HDi Player
2009-05-01 23:30 . 2009-05-01 23:06 -------- d-----w- c:\users\Sonny\AppData\Roaming\vlc
2009-05-01 19:21 . 2009-05-01 19:21 390664 ----a-w- c:\users\Sonny\AppData\Roaming\Real\Update\temp\~U pg4\RealPlayer11.exe
2009-05-01 18:52 . 2009-05-01 18:52 200704 ----a-w- c:\users\Sonny\AppData\Roaming\Microsoft\Windows\. autobahn\libwin32sparsefileutil.dll
2009-05-01 18:42 . 2009-05-01 18:42 65536 ----a-w- c:\users\Sonny\AppData\Roaming\Microsoft\Windows\. autobahn\libwin32proxyconfig.dll
2009-05-01 18:35 . 2009-05-01 18:35 -------- d-----w- c:\program files\VideoLAN
2009-04-24 16:05 . 2009-06-11 18:03 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 18:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 18:03 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-11 18:03 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 18:03 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 23:20 . 2009-04-21 23:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 23:20 . 2009-04-21 23:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-14 18:45 . 2009-04-14 18:45 390664 ----a-w- c:\users\Sonny\AppData\Roaming\Real\Update\temp\~U pg3\RealPlayer11.exe
2009-04-05 18:14 . 2009-04-05 18:14 390664 ----a-w- c:\users\Sonny\AppData\Roaming\Real\Update\temp\~U pg2\RealPlayer11.exe
2007-08-27 19:04 . 2007-08-27 18:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))
.
---- Directory of c:\users\Sonny\AppData\Roaming\lowsec ----

2009-06-24 15:11 . 2009-06-25 11:26 0 ----a-w- c:\users\Sonny\AppData\Roaming\lowsec\user.ds
2009-06-24 15:11 . 2009-06-25 13:35 44258 ----a-w- c:\users\Sonny\AppData\Roaming\lowsec\local.ds


((((((((((((((((((((((((((((( SnapShot@2009-06-27_02.26.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-06-27 02:27 98532 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2007-11-25 12:53 . 2009-06-27 02:27 15412 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2058655337-1634534433-331944777-1001_UserData.bin
- 2007-11-25 12:44 . 2009-06-27 02:26 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-25 12:44 . 2009-06-27 17:41 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-25 12:44 . 2009-06-27 02:26 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-25 12:44 . 2009-06-27 17:41 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-25 12:44 . 2009-06-27 02:26 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2007-11-25 12:44 . 2009-06-27 17:41 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2006-11-02 10:33 . 2009-06-27 02:32 608270 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-27 01:19 608270 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-27 02:32 109138 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-27 01:19 109138 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"Steam"="c:\program files\steam\steam.exe" [2009-06-12 1217784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-01 185896]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-25 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Sonny^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\users\Sonny\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{4C4014C1-27B1-467C-98D3-799AC31D5B51}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{79F368E5-FE8C-4215-9C4C-754C21268CAC}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{46F6F60D-41AD-4363-A915-0BEADE87E1CB}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F4DBEF40-7A53-4A13-8347-AA0C75E0C7BD}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{ABD225DD-EEF2-45CF-8EFB-B522F3CBF299}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{B47A9E37-5E9D-4313-A196-426A8E38AE29}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{3F1E1399-E49A-4B7F-93AE-8D1D3930E7D9}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{DEAD0B7C-CF4B-438C-BBE2-F79A1ECCDD78}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{F06D5818-10C7-4DF0-829B-648B414B2E5B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F8FAE90-A884-4555-B4D8-8CF8CA5BBD0C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5467AFE3-F953-4F29-8B8F-DA4B3E528DAD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A8E48632-E180-41E3-894A-66349381ED0B}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{9F73BA3B-CE06-4A99-BAA3-4900491B93BD}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{962389EB-D55D-4031-AA11-1174E49A90CD}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{7C8F2072-A43E-464C-90D6-97A366632A41}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{D27B8BAF-087E-4CED-B130-9FF9F236141A}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7BEEF3D7-1F71-4193-BDF3-EA77ED2DDFEC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4F12753C-3831-4DA1-B792-A98E1EFE239C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8FD0E812-B954-4BA8-85A5-2688388D24B9}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1470DDFA-234A-49A2-90DE-FB55AD9B85C6}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6288AF73-6AAB-47C4-B4E5-464EBB33EF9A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{70959E7C-137B-44C1-BCF7-FE390787902B}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{16D01517-C1EE-4A5C-A30B-4554297C2D8C}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{75747680-91B9-4690-A017-6C4FC18B8862}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{6FDBCD87-251A-4950-9F27-091A2CDCEA36}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{B28D0F67-3FB9-41DA-9C6D-D71781FA88B9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{1C0E9353-2038-4683-9E3E-F666A0463BFF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{1A5C61E3-42CE-4511-BE4A-B27E50033C0B}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{AA5B617F-2680-49EB-8F84-D9E7D5D20A82}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{5C6F218D-BEA9-42A5-A123-4D8FD1E1E898}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{4B4D057B-190D-4051-AF1F-CAE88EF2E6E6}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{A97C4594-FF66-4887-8795-65F4BBB518B2}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B93FE2DB-4405-4DE3-B693-D4D97C2D3FE4}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{7F87C278-69BD-4878-A4CE-021740A142B7}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{D7834371-1358-4356-8C41-0E4322BFB1E8}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{051E377A-6EFC-49A2-B4E8-DA4C7BF71FEB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{847B2104-943C-4FD9-BE3B-F24D6ED7919A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B74D2573-3686-40AB-8034-81B49B37F5F3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7C779745-AAC6-48B1-BE3A-828E9454F601}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0566220F-3E06-4500-B058-38F9F17BD6F5}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0CF43C6A-CCED-4F76-81F6-7E4200D97F29}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{0CD94EF6-BF57-4691-A7A1-A645CBA54239}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{6AA66BCB-49AB-4E45-A54D-9C50855BACBB}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{7C0E4493-A9BD-41C3-843E-904E3BDF967C}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{9509E4BE-9FE0-4DA0-8C6E-27645CE96B9C}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{5C198D81-918D-44CA-BBEB-7E9BAA4D974C}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{E51343DB-6E70-4356-841C-FC375DA00BED}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{F113A65D-35A7-4040-BC66-5E6C0F2B92C7}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{8AA0C86B-DD03-4CCB-85D5-5B2E51D7CE73}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{62621C6E-1212-4F2B-AC89-26400B3EDCA0}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{22770C07-EB47-40AC-B26A-E1B0FC1E3F6B}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{82CBA932-0A86-456F-BE72-A46BD86529B4}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{70293647-6472-4B77-8CBA-38662F84C7A1}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{C78587A5-9BF9-41DF-B927-F58A1FB7A8BB}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{91A14F95-ACC9-4D17-87E0-8C29F318A2C3}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{4247A571-3C9A-42B8-B784-EDA18BA5AB24}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{7E7B9039-EFF6-4687-A5C3-5E75166DF8DD}c:\\program files\\steam\\steamapps\\ginger_sonny\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\ginger_sonny\counter-strike source\hl2.exe:hl2
"UDP Query User{216C0474-9657-4FA4-BFEC-509A789D857F}c:\\program files\\steam\\steamapps\\ginger_sonny\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\ginger_sonny\counter-strike source\hl2.exe:hl2
"TCP Query User{5E2DA332-2AAF-4F97-9FDA-4FFBFC84A2ED}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D86C3FBF-E689-4407-870F-765297B1EC2E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{21E61A90-23A6-4105-9948-D2DC916D8443}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{21FC4E83-2820-44A7-8E05-B351A8E36244}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{490B92CF-4F04-4A28-8760-24CC196EAFB1}"= UDP:c:\program files\Norton Internet Security\Engine\16.0.0.125\uiStub.exe:Norton Internet Security
"{5530C24F-D37F-4C83-84B1-726E5C374263}"= TCP:c:\program files\Norton Internet Security\Engine\16.0.0.125\uiStub.exe:Norton Internet Security
"{357B78B5-6EF5-4D52-9996-050703729A71}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{35BAF180-C0CB-4B4A-B323-C6946F6C63D9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4AB99F05-A454-46DB-B0C8-D33437058329}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{753B1B01-F98F-4A9B-B0DE-EF394487E0F8}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{1B1BAE39-DB17-4B80-8876-2D1382FF1342}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{B04B8E02-55EC-4D7D-855A-2C8C749C624C}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{0E7A49AC-1033-4CE9-98EC-10355FB7A870}"= UDP:c:\program files\Steam\steamapps\common\trine demo\trine_launcher.exe:Trine Demo
"{DEBE9890-6180-44F8-A131-76648CCE8DC7}"= TCP:c:\program files\Steam\steamapps\common\trine demo\trine_launcher.exe:Trine Demo
"TCP Query User{0EA785DD-EEF8-4877-9D16-CBBEB22F320C}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9D6D4E94-1831-4AF0-B0AD-CCCD876F2767}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/06/2009 14:46 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [25/06/2009 14:46 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [25/06/2009 14:45 51792]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe [03/09/2006 18:32 208896]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fb_inet_server.exe [19/02/2008 21:42 2707456]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 17:13 29696]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [15/08/2007 23:49 552448]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\System32\drivers\netr73.sys [12/11/2007 11:03 468480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.vistaforums.com/Forum/Topic13079-9-3.aspx
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=Presario &pf=desktop
uInternet Settings,ProxyServer = 83.218.164.193:8080
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
DPF: {15AB0590-D322-4440-B129-BFC893FB3CC2} - hxxp://live.17funtv.com:8057/AFCStarter_17funtv.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {7E3C8EE9-0EA1-4ACA-A8A2-87B76A3A6BC4} - hxxp://afocx.17funtv.com:9091/AFC_TW/OpenTV_17FunTV.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\users\Sonny\AppData\Roaming\Mozilla\Firefox\Pro files\364tu6n5.default\
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\GameTap Web Player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\users\Sonny\AppData\Local\Google\Update\1.2.145 .5\npGoogleOneClick8.dll
FF - plugin: c:\users\Sonny\AppData\Roaming\Mozilla\Firefox\Pro files\364tu6n5.default\extensions\firefox@tvunetwo rks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Sonny\AppData\Roaming\Mozilla\Firefox\Pro files\364tu6n5.default\extensions\GameTap@gametap. com\plugins\npGameTapWebUpdater.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 18:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2058655337-1634534433-331944777-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:76,01,39,d2,ba,40,63,79,53,a1,75,83,b2,16 ,32,ad,73,ee,9c,b7,73,ef,a8,
3f,cc,b6,26,0c,39,00,df,e9,e7,ad,62,23,4d,96,13,10 ,27,5b,8a,37,74,cb,92,69,\
"??"=hex:75,f9,11,0d,bb,7b,d0,45,f7,62,8f,eb,9f,d7 ,26,84

[HKEY_USERS\S-1-5-21-2058655337-1634534433-331944777-1001\Software\SecuROM\License information*]
"datasecu"=hex:a9,70,81,99,0a,07,33,ee,6a,73,81,c7 ,98,95,c4,f0,8c,01,19,21,84,
e4,3e,32,9a,82,d2,fd,98,c4,9b,6a,a2,68,83,0a,59,d2 ,6a,32,7f,97,5a,30,16,27,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6 ,71,e2,54,98

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1832)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Completion time: 2009-06-27 18:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-27 17:48
ComboFix2.txt 2009-06-27 02:33

Pre-Run: 68,668,329,984 bytes free
Post-Run: 68,746,588,160 bytes free

360 --- E O F --- 2009-06-18 23:34
  #32  
Old 27th Jun 2009, 11:04
Moderator Group
  
Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code:
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.


  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Please scan your computer with Panda ActiveScan

* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

* Post the contents of the ActiveScan report in your next reply.
__________________
  #33  
Old 27th Jun 2009, 12:40
New Member Group
  
OK, Part 1: Reg successfully edited (confirmation window appeared)

Part 2: ComboFix uninstalled successfully

Part 3: TFC ran, cleaned up the files, then rebooted successfully

About to run Panda now...
  #34  
Old 27th Jun 2009, 16:24
New Member Group
  
OK I ran Panda and about 3 hours later it finally finished the scan, here are the results...

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-06-28 00:18:39
PROTECTIONS: 2
MALWARE: 8
SUSPECTS: 9
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Windows Defender 1.1.1505.0 No Yes
SUPERAntiSpyware 4, 26, 0, 1006 No Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00000002 Virus 101 Virus/Trojan No 1 Yes No C:\Users\Sonny\Documents\Downloads\DOSCollection S to Z (Memories Project) Part 4 of 4\Strategy Games 2 (1986)(Keypunch).zip[alien.exe]
00132442 Joke/Water Jokes No 0 Yes No C:\Users\Sonny\Documents\Downloads\DOSCollection S to Z (Memories Project) Part 4 of 4\Starship Invasion (1984)(Thinking Machine Associates).zip[starship.com]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\C ookies\sonny@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\C ookies\sonny@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\C ookies\sonny@atdmt[3].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\C ookies\sonny@tradedoubler[3].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\C ookies\sonny@tradedoubler[1].txt
01270990 Generic Trojan Virus/Trojan No 0 No No C:\Users\Sonny\Desktop\FF7\[The_SaiNt]_High_Res_FF7PC_Patcher.rar.XXX[[The_SaiNt]_High_Res_FF7PC_Patcher.exe]
04889026 Bck/Agent.DPD Virus/Trojan No 1 Yes No C:\Program Files\mackoy\BVE4\Train\LT1973\OS_Ats1.dll
04889026 Bck/Agent.DPD Virus/Trojan No 1 Yes No C:\Program Files\mackoy\BVE4\Train\LT1995\OS_Ats1.dll
04981524 Bck/Agent.DPD Virus/Trojan No 1 Yes No C:\Program Files\mackoy\BVE4\Train\LT_C69_77_v2\OS_Ats1.dll
04981524 Bck/Agent.DPD Virus/Trojan No 1 Yes No C:\Program Files\mackoy\BVE4\Train\LT_C69_77\OS_Ats1.dll
04981524 Bck/Agent.DPD Virus/Trojan No 1 No No C:\Users\Sonny\Desktop\FF7\c69_77_v2-5.exe[C:\Users\Sonny\Desktop\FF7\c69_77_v2-5.exe][Train\LT_C69_77_v2\OS_Ats1.dll]
04981524 Bck/Agent.DPD Virus/Trojan No 1 Yes No C:\Program Files\mackoy\BVE4\Train\LT1972 MkII\OS_Ats1.dll
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location (��ƨ���9
;================================================= ================================================== ================================================== ==============================
No C:\Program Files\Industry Giant 2\ig2.exe (��ƨ���9
No C:\Program Files\Xplosiv\International Cricket Captain 3\rising-icc3p2t.exe.XXX (��ƨ���9
No C:\Users\Sonny\Desktop\FF7\veetle-0.9.6.exe (��ƨ���9
No C:\Users\Sonny\Desktop\FF7\veetle-0.9.7.exe (��ƨ���9
No C:\Users\Sonny\Desktop\FF7\veetle-0.9.9.exe (��ƨ���9
No C:\Users\Sonny\Documents\Downloads\DOSCollection S to Z (Memories Project) Part 4 of 4\Wing Commander Academy Speech Pack (1993)(Origin Systems Inc).zip[wcaspech.exe]
No C:\Users\Sonny\Documents\Downloads\DOSCollection S to Z (Memories Project) Part 4 of 4\Zool (1992)(Gremlin Interactive Ltd).zip.XXX[fader.exe]
No C:\Users\Sonny\Downloads\Baseball Mogul 2008 [English][PC][WwW.GamesTorrents.CoM]\unl-bm08\unleashed.exe
No C:\Users\Sonny\Downloads\Baseball Mogul 2008 [English][PC][WwW.GamesTorrents.CoM] (��ƨ���9
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description (��ƨ���9
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
  #35  
Old 27th Jun 2009, 17:31
Moderator Group
  
Those are either false positives or they are from cracked software. If they are from cracks I suggest you remove them Cracks usually have some form of malware included with them.

How is the computer running now?
__________________
  #36  
Old 27th Jun 2009, 17:42
New Member Group
  
Yeah I guessed false positives, I have very little cracked software on here...for example, it has come up with a few .dll's for a rail simulation program called BVE that I'm pretty certain aren't infected...so yeah, other than that the computer seems to be running fine.

Thank you so much for all your help

What free antivirus program do you personally recommend I should use? I know certain people tend to argue for a certain one over others, what one do you think is best?
  #37  
Old 27th Jun 2009, 17:50
Moderator Group
  
I use Avast Free Home myself. Remember that an antivirus is just a safety net and they are all far from bulletproof.

Final suggestions. Let me know if you have any questions.

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.


----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
Reply
Page 4 of 4 123 4

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.