0

Hi everyone.

Now I've got some annoying virus(es) in my PC.
At first I saw lots of temp files in my Public folder (Avast and Anti-Malware deleted them all, but it took almost 2 days). Then Avast detected other attack via network - virus like: C:\Users\Public\"Anyfolder"\"Anyfolder".exe.

Tried cleaning them with Malwarebytes Anti-Malware, Avast 5 Home, SuperAntiSpyware and Hijackthis (I used .networktechs. for log analyzing). (link removed by jholland1964)
Also SuperUtilites for cleaning some old files and temps.

It mostly helped.
I turned off "File and Printer Sharing", attacks stopped, but after that Avast detected other virus, but I lost my nerve and did not check it.

It feels like my PC is working slower recently and I want help in cleaning it up.
Please help.

Thanks,

P.S.
Here's Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:15 PM, on 8/4/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 2743 bytes

Edited by jholland1964: Removed link to a very old HJT parser.

2
Contributors
6
Replies
7
Views
7 Years
Discussion Span
Last Post by jholland1964
0

First of all, that analyzer at Network Techs is 5 years old, and should NEVER be used. It is for use on machines running XP at the very latest and is for HJT version 1.99.1 at the latest. That said, the use of a HJT analyzer to personally do fixes is never, ever recommended and items noted on those analyzers, no matter where they are posted, are never to be considered to be "gospel". Those are for reference purposes only. If you read the warnings given on all sites containing HJT analyzers you will see We cannot guarantee this to be 100% accurate and is to be used for reference purposes only.
Now;
we need you to follow all the steps given in our Read Me sticky,
http://www.daniweb.com/forums/thread134865.html

Including 1A.Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.
Once you have done that then complete all scans, following directions exactly. Once you have completed all of those please post back here with all requested logs.

0

jholland1964

Thanks for answer, and sorry not to reading pre-posting noties.
so here are logs:

GMER 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-05 16:49:24
Windows 6.1.7600
Running: fmceilfk.exe; Driver: C:\Users\bakra\AppData\Local\Temp\uxldqpob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8DCA4B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8DCA49C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8DCA4AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84C791F8

AttachedDevice \FileSystem\Ntfs \Ntfs AFPAnsi.sys (Windows NT File System Protector Network Edition/Alfa Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GMER 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-05 17:46:01
Windows 6.1.7600
Running: fmceilfk.exe; Driver: C:\Users\bakra\AppData\Local\Temp\uxldqpob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828042D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82803898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281C1A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8DCA4B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8DCA49C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8DCA4AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84C791F8

AttachedDevice \FileSystem\Ntfs \Ntfs AFPAnsi.sys (Windows NT File System Protector Network Edition/Alfa Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84C751F8
Device \Driver\PCI_PNP0410 \Device\00000051 spnf.sys
Device \Driver\usbuhci \Device\USBPDO-0 85D5F500
Device \Driver\usbuhci \Device\USBPDO-1 85D5F500
Device \Driver\usbuhci \Device\USBPDO-2 85D5F500
Device \Driver\usbehci \Device\USBPDO-3 85D0B500
Device \Driver\usbuhci \Device\USBPDO-4 85D5F500

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 85D5F500
Device \Driver\usbuhci \Device\USBPDO-6 85D5F500
Device \Driver\volmgr \Device\HarddiskVolume1 84C751F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 85D0B500
Device \Driver\volmgr \Device\HarddiskVolume2 84C751F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85BD61F8
Device \Driver\USBSTOR \Device\00000072 85C051F8
Device \Driver\volmgr \Device\HarddiskVolume3 84C751F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 85BD61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84C771F8
Device \Driver\atapi \Device\Ide\IdePort0 84C771F8
Device \Driver\atapi \Device\Ide\IdePort1 84C771F8
Device \Driver\atapi \Device\Ide\IdePort2 84C771F8
Device \Driver\atapi \Device\Ide\IdePort3 84C771F8
Device \Driver\atapi \Device\Ide\IdePort4 84C771F8
Device \Driver\atapi \Device\Ide\IdePort5 84C771F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 84C771F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 84C771F8
Device \Driver\volmgr \Device\HarddiskVolume4 84C751F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000074 85C051F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85C971F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 85D5F500
Device \Driver\usbuhci \Device\USBFDO-1 85D5F500
Device \Driver\usbuhci \Device\USBFDO-2 85D5F500
Device \Driver\usbehci \Device\USBFDO-3 85D0B500
Device \Driver\usbuhci \Device\USBFDO-4 85D5F500
Device \Driver\usbuhci \Device\USBFDO-5 85D5F500
Device \Driver\sptd \Device\389758411 spnf.sys
Device \Driver\usbuhci \Device\USBFDO-6 85D5F500
Device \Driver\usbehci \Device\USBFDO-7 85D0B500
Device \Driver\apblsryy \Device\Scsi\apblsryy1Port6Path0Target0Lun0 85E72500
Device \Driver\apblsryy \Device\Scsi\apblsryy1 85E72500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0xCA 0x18 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x99 0x29 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x17 0xA0 0xEF 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0xCA 0x18 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x99 0x29 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x17 0xA0 0xEF 0x48 ...

---- EOF - GMER 1.0.15 ----

Anti-Malware
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4397

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/6/2010 2:48:17 PM
mbam-log-2010-08-06 (14-48-17).txt

Scan type: Full scan (C:\|D:\|E:\|Z:\|)
Objects scanned: 280114
Time elapsed: 1 hour(s), 33 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\bakra\Desktop\Soft\Microsoft Office 2007 Enterprise\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb (Worm.Brontok) -> Delete on reboot.

DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by bakra at 14:55:09.99 on Fri 08/06/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.7.1033.18.2047.1365 [GMT 4:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\bakra\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bakra\appdata\roaming\mozilla\firefox\profiles\lnc2rr41.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2010-7-29 43936]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-19 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2010-7-29 11264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-19 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-19 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-5 40384]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-23 136176]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-10-13 49152]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-5 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-5 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

=============== Created Last 30 ================

2010-08-05 12:44:33 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-05 09:52:37 0 d-----w- c:\users\bakra\appdata\roaming\Hardcore
2010-08-04 09:11:51 0 d-----w- c:\program files\Sony
2010-08-04 08:17:31 0 d-----w- c:\program files\OpenMu
2010-08-02 08:30:17 0 d-----w- c:\program files\ASIO4ALL v2
2010-08-02 08:30:08 225280 ----a-w- c:\windows\system32\rewire.dll
2010-08-02 08:29:56 1554944 ----a-w- c:\windows\system32\vorbis.acm
2010-08-02 08:29:45 0 d-----w- c:\program files\VstPlugins
2010-08-02 08:29:43 0 d-----w- c:\program files\Outsim
2010-08-02 08:27:46 0 d-----w- c:\program files\Image-Line
2010-07-29 14:21:35 82 ----a-w- c:\windows\SuperUtil.ini
2010-07-29 14:12:41 89088 ----a-w- c:\windows\system32\Shreder.dll
2010-07-29 14:12:41 73728 ----a-w- c:\windows\system32\smh.dat
2010-07-29 14:12:41 6144 ----a-w- c:\windows\system32\SuperRes.dll
2010-07-29 14:12:41 5964800 ----a-w- c:\windows\system32\vbsbak.dat
2010-07-29 14:12:41 56 ----a-w- c:\windows\system32\vb6sock.dll
2010-07-29 14:12:41 44000 ----a-w- c:\windows\system32\drivers\AFPUni.sys
2010-07-29 14:12:41 43936 ----a-w- c:\windows\system32\drivers\AFPAnsi.sys
2010-07-29 14:12:41 261120 ----a-w- c:\windows\system32\SuperMenuHook.dll
2010-07-29 14:12:41 261120 ----a-w- c:\windows\system32\baksm.dat
2010-07-29 14:12:41 11264 ----a-w- c:\windows\system32\drivers\supermounter.sys
2010-07-29 14:12:40 0 d-----w- c:\program files\SuperLogix
2010-07-29 13:12:52 0 d-----w- c:\program files\Trend Micro
2010-07-29 13:09:41 0 d-----w- c:\users\bakra\appdata\roaming\SUPERAntiSpyware.com
2010-07-29 13:09:41 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-29 13:09:38 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-28 09:43:18 0 d-----w- c:\users\bakra\appdata\roaming\Malwarebytes
2010-07-28 09:43:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 09:43:12 0 d-----w- c:\programdata\Malwarebytes
2010-07-28 09:43:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 09:43:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 06:18:12 0 d-----w- c:\program files\Mass Effect 2
2010-07-26 07:40:04 38 ----a-w- c:\windows\avisplitter.INI
2010-07-23 07:00:42 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-23 07:00:42 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-23 07:00:42 0 d-----w- c:\program files\OpenAL
2010-07-23 07:00:41 0 d-----w- c:\windows\A5B5A16D277A476B8F621029A2F23072.TMP
2010-07-22 12:00:32 0 d-----w- c:\program files\ppr
2010-07-22 11:36:00 0 d-----w- c:\windows\Downloaded Installations
2010-07-22 10:55:35 0 d-----w- c:\program files\R.G. Mechanics
2010-07-19 14:02:25 0 d-----w- c:\users\bakra\appdata\roaming\Kerio
2010-07-19 14:02:09 0 d-----w- c:\program files\Kerio
2010-07-19 14:01:39 0 d-----w- c:\program files\My Company Name
2010-07-19 07:55:51 87608 ----a-w- c:\users\bakra\appdata\roaming\inst.exe
2010-07-13 07:21:23 292864 ----a-w- c:\windows\system32\apphelp.dll

==================== Find3M ====================

2010-08-05 10:17:42 681818 ----a-w- c:\windows\system32\perfh019.dat
2010-08-05 10:17:42 132012 ----a-w- c:\windows\system32\perfc019.dat
2010-07-19 07:55:57 47360 ----a-w- c:\users\bakra\appdata\roaming\pcouffin.sys
2010-07-19 07:55:56 94208 ----a-w- c:\users\bakra\appdata\roaming\ezplay.sys
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:32:56 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-22 00:36:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-21 13:35:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-27 07:28:28 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-05-27 07:28:28 13824 ----a-w- c:\windows\system32\slwga.dll
2010-05-27 07:28:27 811520 ----a-w- c:\windows\system32\user32.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 08:53:32 87608 ----a-w- c:\users\bakra\appdata\roaming\ezpinst.exe
2010-05-21 10:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll
2009-08-28 11:35:54 39446 ----a-w- c:\windows\inf\perflib\0419\perfd.dat
2009-08-28 11:35:54 39446 ----a-w- c:\windows\inf\perflib\0419\perfc.dat
2009-08-28 11:35:54 336704 ----a-w- c:\windows\inf\perflib\0419\perfi.dat
2009-08-28 11:35:54 336704 ----a-w- c:\windows\inf\perflib\0419\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:56:15.33 ===============

DDS Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2010 6:46:00 PM
System Uptime: 8/6/2010 2:49:52 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KC
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | LGA775 | 2664/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 15.543 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 97.34 GiB free.
E: is Removable
G: is CDROM ()
H: is CDROM ()
Z: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&18BA0AA4&0&00E5
Manufacturer: Atheros
Name: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
PNP Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&18BA0AA4&0&00E5
Service: AtcL001

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.3.3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
ASIO4ALL
avast! Free Antivirus
FL Studio 9
GOM Player
Google Планета Земля
Google Update Helper
Hardcore
HijackThis 2.0.2
IL Download Manager
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Codec Pack 4.0.0 (Full)
Malwarebytes' Anti-Malware
Mass Effect 2
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MixPad Audio Mixer
Mozilla Firefox (3.5.3)
MSVCRT
Nero 7 Premium
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OpenAL
OpenMu Season3 Episode 1
Opera 10.51
PDF Settings
PoiZone
PVSonyDll
Replay Video Capture
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Sawer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Skype™ 4.2
Super Utilities Pro 9.8.9
SUPERAntiSpyware
Switch Sound File Converter
TeamViewer 5
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
VoobysDownloadS
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Movie Maker 2.6
WinRAR archiver

==== Event Viewer Messages From Past Week ========

8/6/2010 2:50:11 PM, Error: Microsoft-Windows-TaskScheduler [701] - Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147942487.
8/6/2010 2:50:07 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
8/6/2010 2:50:05 PM, Error: Service Control Manager [7000] - The UAC File Virtualization service failed to start due to the following error: The parameter is incorrect.
8/6/2010 11:29:06 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
8/3/2010 6:16:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0x8578d008, 0x90102a50, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080310-22448-01.
8/3/2010 3:19:19 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/3/2010 3:19:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
8/2/2010 12:06:13 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/2/2010 10:55:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0x863bc140, 0x8f304a50, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080210-23556-01.

==== End Of File ===========================

0

The hesitancy in offering a reply is the result of the findings in your MBA-M scan which say \Microsoft Office 2007 Enterprise\keygen.exe
This shows that this is a pirated version of Microsoft Office.
This again is a violation of our stated Member Rules.
"Keep It Legal
Keep it clean and do not post pornographic material or link to it. In addition, do not post anything warez related or related to other illegal acts. This includes tech support troubleshooting pirated software or P2P programs (i.e. Gnutella, Kazaa) used to obtain pirated software. Exceptions are helping to remove spyware or browser hijacks (that may or may not be related to illegal material) from a computer."
The infected files WERE from Pirated Software. Uninstall ALL programs which you have pirated.

Edited by jholland1964: n/a

0

The infected files WERE from Pirated Software
That's so not true. I may do have some pirated soft, but they never where problem to me.
This file was infected later, anyway DaniWeb has changed.
In the past when I had a problem, there were people who helped without "Keep It Legal".
So if you think that viruses are from pirated soft, you know less then you seem to.

Thanks for support.

0

I am not going to get into an argument over legal issues. These are our policies here and we will stick with them.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.