Second PC [Archive] - Safer-Networking Forums

View Full Version : Second PC

Logistics

2009-04-26, 04:20

So I now have Virtumonde on my home computer as well, unfortunately. Here is the log from my home computer:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:30 PM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {a1f06cf6-64be-47d0-9d52-15be211210fa} - C:\WINDOWS\system32\pivukire.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: MS extension - {E7C7AD3E-E0B2-4994-B338-F89D02AA316D} - infow32.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: c:\windows\system32\rubafabu.dll,C:\WINDOWS\system32\tumekaku.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rubafabu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rubafabu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8883 bytes

[U]http://forums.spybot.info/showthread.php?t=48066

Blade81

2009-04-26, 19:54

Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

Logistics

2009-04-28, 04:06

Here is the attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/17/2007 5:21:32 PM
System Uptime: 4/26/2009 12:44:27 PM (33 hours ago)

Motherboard: Dell Inc. | | 0CT017
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 92.133 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP310: 1/28/2009 1:28:29 PM - System Checkpoint
RP311: 1/29/2009 1:37:30 PM - System Checkpoint
RP312: 1/30/2009 4:33:36 PM - System Checkpoint
RP313: 1/31/2009 5:09:24 PM - System Checkpoint
RP314: 2/1/2009 5:09:30 PM - System Checkpoint
RP315: 2/2/2009 6:09:30 PM - System Checkpoint
RP316: 2/3/2009 6:10:35 PM - System Checkpoint
RP317: 2/4/2009 6:31:43 PM - System Checkpoint
RP318: 2/5/2009 7:08:00 PM - System Checkpoint
RP319: 2/6/2009 8:01:01 PM - System Checkpoint
RP320: 2/7/2009 10:34:49 PM - System Checkpoint
RP321: 2/9/2009 12:06:56 PM - Installed Java(TM) 6 Update 7
RP322: 2/9/2009 12:07:32 PM - Installed OpenOffice.org 3.0
RP323: 2/10/2009 12:26:25 PM - System Checkpoint
RP324: 2/11/2009 12:07:42 PM - Software Distribution Service 3.0
RP325: 2/12/2009 12:20:27 PM - System Checkpoint
RP326: 2/13/2009 1:08:46 PM - System Checkpoint
RP327: 2/14/2009 2:18:47 PM - System Checkpoint
RP328: 2/15/2009 5:39:34 PM - System Checkpoint
RP329: 2/16/2009 6:29:33 PM - System Checkpoint
RP330: 2/18/2009 9:00:52 AM - System Checkpoint
RP331: 2/19/2009 9:30:48 AM - System Checkpoint
RP332: 2/20/2009 12:46:32 PM - System Checkpoint
RP333: 2/21/2009 12:59:49 PM - System Checkpoint
RP334: 2/22/2009 5:11:48 PM - System Checkpoint
RP335: 2/23/2009 5:33:31 PM - System Checkpoint
RP336: 2/24/2009 5:39:39 PM - System Checkpoint
RP337: 2/24/2009 7:50:00 PM - Installed Java(TM) 6 Update 11
RP338: 2/25/2009 10:01:49 AM - Software Distribution Service 3.0
RP339: 2/26/2009 10:06:57 AM - System Checkpoint
RP340: 2/27/2009 11:25:08 AM - System Checkpoint
RP341: 2/28/2009 11:59:53 AM - System Checkpoint
RP342: 3/1/2009 2:16:23 PM - System Checkpoint
RP343: 3/2/2009 2:50:48 PM - System Checkpoint
RP344: 3/3/2009 9:51:11 PM - System Checkpoint
RP345: 3/4/2009 10:56:09 PM - System Checkpoint
RP346: 3/5/2009 11:30:43 PM - System Checkpoint
RP347: 3/15/2009 7:07:44 PM - System Checkpoint
RP348: 3/15/2009 7:12:38 PM - Removed Java(TM) 6 Update 11
RP349: 3/15/2009 7:13:00 PM - Installed Java(TM) 6 Update 12
RP350: 3/15/2009 7:32:28 PM - Software Distribution Service 3.0
RP351: 3/16/2009 7:59:55 PM - System Checkpoint
RP352: 3/17/2009 8:22:26 PM - System Checkpoint
RP353: 3/18/2009 1:53:38 PM - Installed Windows Internet Explorer 8.
RP354: 3/18/2009 1:54:27 PM - Software Distribution Service 3.0
RP355: 3/18/2009 2:03:46 PM - Restore Operation
RP356: 3/18/2009 2:14:14 PM - Installed Windows NLSDownlevelMapping.
RP357: 3/18/2009 2:14:32 PM - Installed Windows IDNMitigationAPIs.
RP358: 3/18/2009 2:14:40 PM - Installed Windows Internet Explorer 7.
RP359: 3/18/2009 2:22:11 PM - Software Distribution Service 3.0
RP360: 3/18/2009 2:33:02 PM - Restore Operation
RP361: 3/18/2009 2:50:37 PM - Software Distribution Service 3.0
RP362: 3/18/2009 2:58:50 PM - Software Distribution Service 3.0
RP363: 3/19/2009 3:27:05 PM - Software Distribution Service 3.0
RP364: 3/20/2009 4:28:08 PM - System Checkpoint
RP365: 3/21/2009 5:19:02 PM - System Checkpoint
RP366: 3/22/2009 1:28:42 PM - Installed Battlefield 2(TM)
RP367: 3/22/2009 2:46:51 PM - Configured Battlefield 2(TM)
RP368: 3/22/2009 2:56:13 PM - Removed Battlefield 2(TM)
RP369: 3/23/2009 3:35:08 PM - System Checkpoint
RP370: 3/23/2009 10:48:37 PM - Installed Battlefield 2(TM) Demo
RP371: 3/25/2009 9:06:27 AM - System Checkpoint
RP372: 3/26/2009 5:36:36 PM - System Checkpoint
RP373: 3/27/2009 6:21:49 PM - System Checkpoint
RP374: 3/28/2009 6:22:01 PM - System Checkpoint
RP375: 3/30/2009 10:27:30 AM - System Checkpoint
RP376: 3/30/2009 1:41:15 PM - Removed Apple Mobile Device Support
RP377: 3/30/2009 1:41:54 PM - Removed Apple Software Update
RP378: 3/31/2009 1:49:30 PM - System Checkpoint
RP379: 4/1/2009 12:57:22 AM - Restore Operation
RP380: 4/1/2009 1:12:21 AM - Installed Java(TM) 6 Update 13
RP381: 4/1/2009 5:03:50 AM - Cleaned registry with Windows Live OneCare safety scanner
RP382: 4/1/2009 1:33:03 PM - Installed Microsoft Easy Assist v2
RP383: 4/1/2009 1:44:30 PM - Removed Microsoft Easy Assist v2
RP384: 4/1/2009 9:22:27 PM - Cleaned registry with Windows Live OneCare safety scanner
RP385: 4/2/2009 9:22:57 PM - System Checkpoint
RP386: 4/3/2009 10:25:18 PM - System Checkpoint
RP387: 4/5/2009 11:29:41 AM - System Checkpoint
RP388: 4/6/2009 11:33:52 AM - System Checkpoint
RP389: 4/6/2009 2:43:51 PM - Software Distribution Service 3.0
RP390: 4/7/2009 11:38:02 AM - Software Distribution Service 3.0
RP391: 4/7/2009 8:49:54 PM - Installed Battlefield 2(TM)
RP392: 4/8/2009 8:58:24 PM - System Checkpoint
RP393: 4/9/2009 4:55:25 PM - Installed Battlefield 2 Patch v1.41
RP394: 4/10/2009 5:49:01 PM - System Checkpoint
RP395: 4/11/2009 6:18:48 PM - System Checkpoint
RP396: 4/12/2009 6:40:23 PM - System Checkpoint
RP397: 4/13/2009 7:02:36 PM - System Checkpoint
RP398: 4/14/2009 7:11:40 PM - System Checkpoint
RP399: 4/15/2009 7:46:41 PM - System Checkpoint
RP400: 4/16/2009 7:48:45 AM - Software Distribution Service 3.0
RP401: 4/17/2009 9:09:36 AM - System Checkpoint
RP402: 4/18/2009 9:51:16 AM - System Checkpoint
RP403: 4/19/2009 11:17:13 AM - Uniblue RegistryBooster 2009
RP404: 4/19/2009 11:18:29 AM - Uniblue RegistryBooster 2009
RP405: 4/19/2009 11:27:02 AM - Installed AVG Free 8.5
RP406: 4/19/2009 12:10:32 PM - Removed Apple Mobile Device Support
RP407: 4/20/2009 12:24:08 PM - System Checkpoint
RP408: 4/21/2009 12:50:48 PM - System Checkpoint
RP409: 4/22/2009 1:27:46 PM - System Checkpoint
RP410: 4/23/2009 5:38:56 PM - System Checkpoint
RP411: 4/24/2009 6:28:50 PM - System Checkpoint
RP412: 4/25/2009 9:41:27 PM - System Checkpoint
RP413: 4/27/2009 12:27:46 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.1
AIM 6
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Battlefield 2(TM)
BitComet 1.03
Bonjour
Company of Heroes
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
Dell CinePlayer
Dell DataSafe Online
Dell Driver Reset Tool
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Support Center
Dell System Restore
DellSupport
DGOControls
Digital Line Detect
Documentation & Support Launcher
ERUNT 1.1j
getPlus(R) for Adobe
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
Internet Service Offers Launcher
ISO Recorder
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Left 4 Dead
LimeWire 4.14.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.2)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
NVIDIA PhysX v8.09.04
OpenOffice.org 3.0
PeerGuardian 2.0
PunkBuster Services
QuickTime
Rise and Fall
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
Starcraft
Steam
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III
Watson
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft

==== Event Viewer Messages From Past Week ========

4/26/2009 4:41:04 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/25/2009 9:20:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/25/2009 8:27:38 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/25/2009 10:37:50 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/21/2009 6:30:18 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/21/2009 6:24:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/20/2009 10:36:17 AM, error: DCOM [10000] - Unable to start a DCOM Server: {2692A9D5-61DF-46D5-A5A1-A6CCA921D578}. The error: "%3" Happened while starting this command: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe" -Embedding

==== End Of File ===========================

And the DDS is attached in an upload

Blade81

2009-04-28, 16:05

Hi again,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet
LimeWire

I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

After that:

Disable Ad-Watch (http://www.lavasoftsupport.com/index.php?showtopic=19804)

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Blade81

2009-05-06, 17:50

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.