Results 1 to 4 of 4

Thread: I think my computer is infected

  1. 2010-06-06, 21:44 #1
    Atheos
    Atheos is offline
    Junior Member
    Join Date
    Jun 2010
    Posts
    8

    Default I think my computer is infected

    I cannot put my finger on it but my pc has ben acting "weird" of late


    Here is the DDS log:


    DDS (Ver_10-03-17.01) - NTFSX64
    Run by John at 20:34:40.49 on 06.06.2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4095.2136 [GMT 1:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Users\John\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Core_Temp\Core Temp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Giganews Accelerator\GiganewsAccelerator.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe
    C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
    C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\John\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.ask.com?o=15187&l=dis
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files (x86)\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~3\office14\GROOVEEX.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~3\office14\URLREDIR.DLL
    BHO: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    TB: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
    uRun: [googletalk] c:\users\john\appdata\roaming\google\google talk\googletalk.exe /autostart
    uRun: [IDMan] c:\program files (x86)\internet download manager\IDMan.exe /onboot
    uRun: [CTRegRun] c:\windows\CTRegRun.EXE
    uRun: [igndlm.exe] c:\program files (x86)\download manager\DLM.exe /windowsstart /startifwork
    uRun: [Core Temp] "c:\core_temp\Core Temp.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MaxMenuMgr] "c:\program files (x86)\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [CTXFIREG] CTxfiReg.exe
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\seagat~1.lnk - c:\users\john\appdata\roaming\leadertech\powerregister\Seagate 2GHJZK8F Product Registration.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\gigane~1.lnk - c:\program files (x86)\giganews accelerator\GiganewsAccelerator.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files (x86)\clarus\samsung auto backup\ISFGuage.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files (x86)\clarus\samsung auto backup\ISFRealTimeD.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files (x86)\clarus\samsung auto backup\ISFTimerD.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{83cccbdc-3a56-4f3b-89df-69386c3b7d62}\IcoUltraMon.ico
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - c:\program files (x86)\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files (x86)\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\program files (x86)\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
    AppInit_DLLs: c:\windows\syswow64\guard32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~3\office14\GROOVEEX.DLL
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun-x64: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
    mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
    mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
    AppInit_DLLs-X64: c:\windows\system32\guard64.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\nmeu353s.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ig?hl=en&source=iglk
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\users\john\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
    FF - plugin: c:\progra~2\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~2\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files (x86)\download manager\npfpdlm.dll
    FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.27\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\john\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-5 69152]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-6-1 19840]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-1 236112]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 33208]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]
    R2 OrbisClient.Services;LabSim Configuration and Security;c:\program files (x86)\testout\orbis\OrbisClient.Services.exe [2010-3-23 14336]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-2-2 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
    R2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\common files\realtime soft\ultramonmirrordrv\x64\UltraMonUtility.sys [2008-11-14 20512]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-3-5 202776]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-3-5 1417240]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-3-5 94744]
    R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\lavalys\everest ultimate edition\kerneld.amd64 [2010-6-4 26752]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
    R3 NVNET55;NVIDIA nForce 10/100/1000 Mbps Ethernet ;c:\windows\system32\drivers\nvmimx64.sys [2009-7-1 423968]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-1 133104]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2010-3-6 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-3-5 79360]
    S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\common files\creative labs shared\service\DDLLicensing.exe [2010-3-6 79360]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-3-5 202776]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-3-5 1417240]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-3-5 94744]
    S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2010-1-31 12744]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 51456888]
    S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-8 31800]
    S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
    S3 RTCore64;RTCore64;c:\program files (x86)\evga precision\RTCore64.sys [2010-1-21 14376]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-5 1255736]
    S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files (x86)\samsung\samsung pc share manager\WiselinkPro.exe [2010-2-17 3007488]

    =============== Created Last 30 ================

    2010-06-06 18:34:29 0 d-----w- c:\programdata\NVIDIA
    2010-06-06 18:31:34 0 d-----w- c:\program files\NVIDIA Corporation
    2010-06-05 20:17:58 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-06-05 16:02:49 0 d-----w- c:\windows\syswow64\Wat
    2010-06-05 16:02:49 0 d-----w- c:\windows\system32\Wat
    2010-06-05 15:07:15 0 d-----w- c:\users\john\NewsBin
    2010-06-05 15:07:15 0 d-----w- c:\program files (x86)\NewsBinGN
    2010-06-04 23:44:19 0 d-----w- c:\program files (x86)\NirSoft
    2010-06-04 23:38:30 469186421 ------w- c:\windows\MEMORY.DMP
    2010-06-04 21:55:27 0 d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
    2010-06-04 21:27:47 0 d-----w- c:\programdata\COMODO
    2010-06-04 21:27:28 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
    2010-06-04 21:26:04 0 d-----w- c:\program files\COMODO
    2010-06-04 18:59:21 0 d-sh--w- c:\windows\syswow64\%APPDATA%
    2010-06-04 15:39:03 0 d-----w- C:\VirtualDub
    2010-06-04 15:25:48 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2010-06-03 23:05:01 65536 ------w- c:\windows\system32\Ikeext.etl
    2010-06-03 21:44:51 0 d-----w- c:\program files (x86)\Path Analyzer Pro 2.7
    2010-06-03 18:18:46 0 d-----w- c:\program files (x86)\Giganews Accelerator
    2010-06-03 17:06:04 0 d-----w- c:\users\john\appdata\roaming\SEGA Corporation
    2010-06-03 17:06:03 0 d-----w- c:\programdata\SEGA Corporation
    2010-06-03 15:36:07 0 d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
    2010-06-03 13:55:52 112 ----a-w- c:\windows\syswow64\_WKERNEL.SYL
    2010-06-03 13:55:46 56496 ----a-w- c:\windows\syswow64\wbhelp2.dll
    2010-06-03 13:55:46 544768 ----a-w- c:\windows\syswow64\wbocx.ocx
    2010-06-03 13:55:46 4608 ----a-w- c:\windows\syswow64\W95INF32.DLL
    2010-06-03 13:55:46 439 ----a-w- c:\windows\syswow64\shfolder.inf
    2010-06-03 13:55:46 33968 ----a-w- c:\windows\syswow64\anim.dll
    2010-06-03 13:55:46 258352 ----a-w- c:\windows\syswow64\unicows.dll
    2010-06-03 13:55:46 2272 ----a-w- c:\windows\syswow64\W95INF16.DLL
    2010-06-03 13:55:46 1706800 ----a-w- c:\windows\syswow64\gdiplus.dll
    2010-06-03 13:55:46 0 d-----w- c:\program files (x86)\WinUtilities
    2010-06-02 21:44:12 0 d-----w- c:\users\john\appdata\roaming\NewsLeecher
    2010-06-02 21:43:54 0 d-----w- c:\program files (x86)\NewsLeecher
    2010-06-01 18:00:52 278288 ----a-w- c:\windows\syswow64\guard32.dll
    2010-06-01 18:00:46 354032 ----a-w- c:\windows\system32\guard64.dll
    2010-06-01 18:00:18 33208 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2010-06-01 18:00:18 236112 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2010-06-01 18:00:16 19840 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2010-05-31 22:26:11 0 d-----w- C:\VTC.CompTIA.Linux.PLUS.Certification.2009-iNKiSO
    2010-05-31 16:35:30 0 d-----w- c:\windows\pss
    2010-05-30 00:40:10 0 d-----w- C:\Solutions
    2010-05-30 00:39:56 0 d-----w- C:\PowerPoints
    2010-05-29 15:37:25 0 d-----w- c:\programdata\TestOut
    2010-05-29 14:52:31 0 d-----w- C:\ExamView
    2010-05-28 00:09:00 41872 ----a-w- c:\windows\syswow64\xfcodec.dll
    2010-05-28 00:09:00 27536 ----a-w- c:\windows\system32\xfcodec64.dll
    2010-05-26 14:13:53 2048 ----a-w- c:\windows\syswow64\tzres.dll
    2010-05-26 14:13:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-05-25 15:47:08 0 d-----w- c:\program files (x86)\Windows SideShow
    2010-05-18 17:19:20 0 d-----w- c:\program files (x86)\uCertify
    2010-05-18 16:10:55 0 d-----w- c:\users\john\appdata\roaming\Thinstall
    2010-05-16 17:03:03 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
    2010-05-16 03:08:38 0 d-----w- C:\SWGEmu
    2010-05-16 03:07:51 0 d-----w- c:\users\john\appdata\roaming\LPECommon
    2010-05-16 02:55:49 0 d-----w- c:\program files (x86)\Sony
    2010-05-15 20:16:34 0 d-----w- c:\program files (x86)\AVATAR Interactive Desktop
    2010-05-15 14:11:51 0 d-----w- C:\MKVExtract
    2010-05-15 14:08:43 0 d-----w- C:\eac3to
    2010-05-13 19:23:47 0 d-----w- c:\program files (x86)\Pando Networks
    2010-05-12 20:46:21 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2010-05-12 14:22:03 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2010-05-12 14:22:03 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
    2010-05-11 18:26:25 0 d-----w- C:\md5
    2010-05-09 16:27:32 0 d-----w- c:\users\john\appdata\roaming\Mumble
    2010-05-09 16:27:21 0 d-----w- c:\program files (x86)\Mumble
    2010-05-08 21:37:13 0 d--h--w- C:\VritualRoot
    2010-05-08 21:33:40 0 d-----w- c:\program files (x86)\COMODO
    2010-05-08 21:32:58 0 d-----w- c:\programdata\Comodo Downloader
    2010-05-08 20:18:33 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2010-05-08 20:18:32 0 d-----w- c:\program files\VS Revo Group
    2010-05-08 19:48:58 0 d-----w- c:\program files (x86)\MSECACHE

    ==================== Find3M ====================

    2010-06-06 19:30:40 1351681 ----a-w- c:\windows\system32\HWMBlackBoxX64.dll
    2010-05-15 22:40:24 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
    2010-05-09 09:01:02 108032 ----a-w- c:\windows\syswow64\ff_vfw.dll
    2010-05-08 16:43:04 669184 ----a-w- c:\windows\syswow64\pbsvc.exe
    2010-05-05 20:16:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-05 20:16:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-04-29 14:39:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-27 13:45:56 72856 ----a-w- c:\windows\syswow64\xliveinstallhost.exe
    2010-04-27 13:45:56 187544 ----a-w- c:\windows\syswow64\xliveinstall.dll
    2010-04-16 23:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
    2010-04-16 21:12:18 48464 ----a-w- c:\windows\syswow64\sirenacm.dll
    2010-04-12 16:29:27 153376 ----a-w- c:\windows\syswow64\javaws.exe
    2010-04-12 16:29:26 145184 ----a-w- c:\windows\syswow64\javaw.exe
    2010-04-12 16:29:25 145184 ----a-w- c:\windows\syswow64\java.exe
    2010-04-03 17:42:00 159336 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-04-03 17:42:00 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
    2010-04-03 17:42:00 14828648 ----a-w- c:\windows\system32\nvcpl.dll
    2010-04-03 17:42:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
    2010-04-03 17:42:00 1067624 ----a-w- c:\windows\system32\nvsvc64.dll
    2010-04-02 16:17:52 15426200 ----a-w- c:\windows\syswow64\xlive.dll
    2010-04-02 16:17:52 13642904 ----a-w- c:\windows\syswow64\xlivefnt.dll
    2010-03-25 18:52:36 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
    2010-03-20 16:27:47 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
    2010-03-20 16:27:47 2434856 ----a-w- c:\windows\syswow64\pbsvc_bc2.exe
    2010-03-17 15:57:08 11030 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.dat
    2010-03-17 15:57:06 3494576 ----a-w- c:\windows\syswow64\SpoonUninstall.exe
    2010-03-17 15:57:05 15613 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat
    2010-03-17 15:56:41 5894 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp CD Writer.dat
    2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2010-01-22 17:44:34 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 20:37:10.90 ===============
  2. 2010-06-10, 23:36 #2
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    I cannot put my finger on it
    Any of these happening?
    How Can I Reduce My Risk?
  3. 2010-06-11, 21:08 #3
    Atheos
    Atheos is offline
    Junior Member
    Join Date
    Jun 2010
    Posts
    8

    Default

    Hey Shelf Life,

    I should have given more info in my first post, it was late and i was lazy.

    I have Comodo Internet Security Premium installed and it found some issues after a scan.

    It found 4 .exe's in the sytem volume information of my E: drive

    A0015387.exe
    A0014751.exe
    A0014636.exe
    A0013729.exe

    I thought it had cleaned them so i ran MalwareBytes anti malware and it found two of them

    Database version: 4175

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    07.06.2010 17:23:56
    mbam-log-2010-06-07 (17-23-56).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
    Objects scanned: 565833
    Time elapsed: 1 hour(s), 39 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    E:\System Volume Information\_restore{C1DEA4B5-AF9E-485B-9401-032B1B7F4111}\RP57\A0014396.exe (Trojan.Agent.CK) -> No action taken.
    E:\System Volume Information\_restore{C1DEA4B5-AF9E-485B-9401-032B1B7F4111}\RP57\A0014399.exe (Trojan.Agent.CK) -> No action taken.


    I am not sure if i am still infected or not

    Spybot usually finds cookies etc and i clean them.

    If you need more info or scans etc let me know.

    Thank you for your valuable time.
    Last edited by tashi; 2010-06-17 at 19:40. Reason: Date of archive
  4. 2010-06-12, 01:25 #4
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Those files are in the system restore archive. You can clean them out. The how and the why:

    One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

    To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

    (winXP)

    1. Turn off System Restore. (deletes old possibly infected restore point)
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.(creates a new restore points on a clean system)
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK, then reboot
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules