Author Topic: WMA/TrojanDownloader.GetCodec.C.trojan (Read 9575 times)

NRDNick · « **on:** July 11, 2009, 02:46:59 PM »

Hello and thank you in advance for taking the time to help me with this issue.

Recently whenever I try to download a torrent file via Utorrent NOD32 displays a warning screen indicating that the new file is infected with this WMA/TrojanDownloader.GetCodec.C.trojan. However I know that the file in question is not infected, as I am using a private site that keeps a very close eye on the cleanliness of files shared through their site. Also I have tried multiple other torrent files, all of which give the same result as before.

Here are the logs for the 3 programs you require for your analysis.

[attachment deleted by admin]

BatchFileBasics · « **Reply #1 on:** July 11, 2009, 03:17:41 PM »

Well the reports are looking fine. but well need Malwarebytes's log.

and did the virus actually do damage or did nod32 stop it in its tracks

NRDNick · « **Reply #2 on:** July 11, 2009, 03:29:55 PM »

Malwarebytes' Anti-Malware 1.38
Database version: 2410
Windows 5.1.2600 Service Pack 3

7/11/2009 3:40:47 PM
mbam-log-2009-07-11 (15-40-47).txt

Scan type: Quick Scan
Objects scanned: 88999
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As far as I can tell no damage has been done yet, however I've noticed some odd behavior. In the HJT log and the HJT process tool says that I do not have a firewall running, however I do have the XP firewall running. I attempted to download Comodo firewall via Opera10 and as soon as I click on the save button for to begin the download XP bluescreens and reboots. This happened twice in a row, so I tried using IE8 to DL the file and it worked without incident . . . I don't really know what to make of that. NOD32 just moves the newly created file that I am trying to download via Utorrent to quarantine and gives no option to clean or remove. I did delete the files that were in quarantine, but the problem still remains.

Thank you very much for your prompt reply,

Awesome site you have here

BatchFileBasics · « **Reply #3 on:** July 11, 2009, 03:50:18 PM »

Well if your getting blue screens after you preform that downloading action, it could of activated already and messed up a sys file.

or not, could just be a malfunction.

but next time you recieve another blue screen, write, take a pic, or just jot down the bottom line, usually saying the problem.

*** file.sys - address ...

or what ever error comes up as that example.

NRDNick · « **Reply #4 on:** July 11, 2009, 04:00:43 PM »

The blue screen happens so fast it's not possible to see the message it gives, I tried checking event viewer but didn't find anything. Is there anything else I can try other then a reformat? $:-\$

Karnac · « **Reply #5 on:** July 11, 2009, 04:02:52 PM »

Quote from: NRDNick on July 11, 2009, 04:00:43 PM

Is there anything else I can try other then a reformat? $:-\$

You can wait for a specialist to review your logs or....

You can attempt to use the process tool ......

http://www.computerhope.com/forum/index.php/topic,81761.0.html

Paste your HJT log into the window and press search.....at the end of the report you will find a list of items you can fix in HijackThis.

Follow the directions......

NRDNick · « **Reply #6 on:** July 11, 2009, 05:42:31 PM »

I tried the tool you mentioned and removed what it told me to, but the problem still remains. If it helps at all the files I am attempting to download are all video files. I've been doing some research and it seems like something is trying to modify or change the file as soon as it starts to download. On the Utorrent forum I read of someone having a similar problem. I tried to append my incomplete files with the !ut format as recommended on the Utorrent site, but alas problem is still there. The post there also states that it could be an indexing process that is causing the issue, the only new program I have installed that I could think would cause this is the new VLC 1.0. However looking through its advanced options, I see nothing for turning on or off indexing.

Karnac · « **Reply #7 on:** July 11, 2009, 06:14:14 PM »

Wait for evilfantasy to review your logs, only the most severe infections require a reformat...hang on.

NRDNick · « **Reply #8 on:** July 11, 2009, 06:39:07 PM »

Yep will do, it's not affecting anything except for my ability to download a video file through Utorrent,. I'll try some other formats that aren't media. and see if I get the same problem. Thanks for the help.

Edit: I tried to dl a text file and it worked fine. So it seems like this is exclusive to media content.

evilfantasy · « **Reply #9 on:** July 11, 2009, 06:57:12 PM »

Your computer is infected with a rootkit. You need to trust in your antivirus. If you ignore warnings you might as well just uninstall it.

A) I can't help make your computer work with torrent issues. See the forum rules

B) Since we know that this originated from a torrent you need to remove your p2p software before I can continue.

- µTorrent

The run a new DDS scan and post the logs.

NRDNick · « **Reply #10 on:** July 11, 2009, 07:22:15 PM »

Okay, I have unistalled Utorrent and I ran DDS again here are the logs.

I received a message after dds competed that reads as follows:

The process cannot access the file because it is being used by another process.

The requested operation cannot be performed on a file with a user-mapped section
open.

DDS (Ver_09-06-26.01) - NTFSx86
Run by NRD at 21:17:20.45 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2547 [GMT -4:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\AI Nap\AiNap.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Minimizor\Minimizor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\Program Files\Eset\nod32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\NRD\Desktop\spyware stuff\dds.pif

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [Ai Nap] "c:\program files\asus\ai nap\AiNap.exe"
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Minimizor] c:\program files\minimizor\Minimizor.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRunOnce: [WMC_0] c:\windows\system32\cmd.exe /c """""c:\windows\inf\unregmp2.exe"" /ShowWMP"""
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239669240656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242110979156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-4 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-7-11 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-7-11 25160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-4-13 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-7-11 707152]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-4-13 552064]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-4-13 12032]
S2 gupdate1c9f75468694414;Google Update Service (gupdate1c9f75468694414);c:\program files\google\update\GoogleUpdate.exe [2009-6-27 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 332928]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

=============== Created Last 30 ================

2009-07-11 17:35   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Comodo
2009-07-11 17:35   179,792   a-------   c:\windows\system32\guard32.dll
2009-07-11 17:35   132,040   a-------   c:\windows\system32\drivers\cmdguard.sys
2009-07-11 17:35   25,160   a-------   c:\windows\system32\drivers\cmdhlp.sys
2009-07-11 17:34   <DIR>   --d-----   c:\program files\COMODO
2009-07-11 16:28   <DIR>   --d-----   c:\program files\Trend Micro
2009-07-11 16:05   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-11 16:05   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-07-11 16:05   <DIR>   --d-----   c:\docume~1\nrd\applic~1\SUPERAntiSpyware.com
2009-07-11 15:37   <DIR>   --d-----   c:\docume~1\nrd\applic~1\Malwarebytes
2009-07-11 15:37   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 15:37   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-11 15:37   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-07-11 15:37   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-07-07 13:46   <DIR>   --d-----   c:\program files\VideoLAN
2009-07-01 22:26   189,744   a-------   c:\windows\system32\PnkBstrB.xtr
2009-06-30 14:24   3,246   a-------   c:\windows\system32\wbem\Outlook_01c9f9aff4653759.mof
2009-06-25 12:54   18,944   ac------   c:\windows\system32\dllcache\simptcp.dll
2009-06-25 12:54   18,944   a-------   c:\windows\system32\simptcp.dll
2009-06-18 05:12   218,624   ac------   c:\windows\system32\dllcache\uxtheme.dll
2009-06-16 03:51   <DIR>   --d-----   c:\program files\Minimizor
2009-06-16 03:14   <DIR>   --d-----   c:\program files\Opera 10 Beta
2009-06-14 18:19   <DIR>   --d-----   c:\program files\Panda Security

==================== Find3M ====================

2009-07-11 20:02   139,904   a-------   c:\windows\system32\drivers\PnkBstrK.sys
2009-07-11 20:02   189,744   a-------   c:\windows\system32\PnkBstrB.exe
2009-07-01 18:43   75,064   a-------   c:\windows\system32\PnkBstrA.exe
2009-05-31 23:43   15,688   a-------   c:\windows\system32\lsdelete.exe
2009-05-21 11:33   410,984   a-------   c:\windows\system32\deploytk.dll
2009-05-13 01:15   915,456   a-------   c:\windows\system32\wininet.dll
2009-05-07 11:32   345,600   a-------   c:\windows\system32\localspl.dll
2009-04-17 08:26   1,847,168   a-------   c:\windows\system32\win32k.sys
2009-04-15 12:20   86,327   a-------   c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-15 10:51   585,216   a-------   c:\windows\system32\rpcrt4.dll
2009-04-14 01:38   22,328   a-------   c:\docume~1\nrd\applic~1\PnkBstrK.sys
2009-04-14 01:37   2,250,024   a-------   c:\windows\system32\pbsvc.exe
2009-04-14 01:20   86,016   a-------   c:\windows\system32\OpenAL32.dll
2009-04-13 21:55   298,104   a-------   c:\windows\system32\imon.dll
2009-04-13 20:01   86   a-------   c:\documents and settings\nrd\DelACD.bat
2009-04-13 19:55   21,640   a-------   c:\windows\system32\emptyregdb.dat

============= FINISH: 21:17:51.15 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2009 8:02:50 PM
System Uptime: 7/11/2009 6:31:02 PM (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N32-SLI DELUXE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 3000/250mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 280.137 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 214.957 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 466 GiB total, 109.337 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF651393
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF651393
Service: RTLWUSB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&1E7C07&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&1E7C07&0&00
Service: NVENETFD

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3DMark06
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AI Nap
AsusUpdate
Combined Community Codec Pack 2007-02-22
COMODO Internet Security
Critical Update for Windows Media Player 11 (KB959772)
Dual-Core Optimizer
EVEREST Ultimate Edition v5.00
Far Cry 2
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java(TM) 6 Update 14
Kels' CPL Bonus Pack!
M8 Free Multi Clipboard
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v1.2.1070.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Minimizor 1.8
NOD32 antivirus system
NOD32 FiX
NVIDIA Drivers
NVIDIA nTune
NVIDIA PhysX
Opera 10.00
Opera 9.64
OperaFly 2.6
PunkBuster Services
Razer Lachesis
RivaTuner v2.24
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SMPlayer 0.6.6
SoundMAX
SpeedFan (remove only)
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TeamSpeak 2 RC2
TeamSpeak Overlay BETA 2 (#63)
Update for 2007 Microsoft Office System (KB967642)
Update for Office 2007 (KB934391)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.0
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Wolfenstein - Enemy Territory

==== Event Viewer Messages From Past Week ========

7/6/2009 6:50:09 PM, error: Dhcp [1002] - The IP address lease 192.168.1e.101 for the Network Card with network address 001FC6510315 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

sorry I closed my web browser and made sure to let comodo allow everything that dds wanted to do, here is the log from that without the previous message that it gave.

DDS (Ver_09-06-26.01) - NTFSx86
Run by NRD at 21:25:44.71 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2800 [GMT -4:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\AI Nap\AiNap.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Minimizor\Minimizor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Eset\nod32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\NRD\Desktop\spyware stuff\dds.pif

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [Ai Nap] "c:\program files\asus\ai nap\AiNap.exe"
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Minimizor] c:\program files\minimizor\Minimizor.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRunOnce: [WMC_0] c:\windows\system32\cmd.exe /c """""c:\windows\inf\unregmp2.exe"" /ShowWMP"""
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239669240656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242110979156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-4 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-7-11 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-7-11 25160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-4-13 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-7-11 707152]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-4-13 552064]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-4-13 12032]
S2 gupdate1c9f75468694414;Google Update Service (gupdate1c9f75468694414);c:\program files\google\update\GoogleUpdate.exe [2009-6-27 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 332928]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

=============== Created Last 30 ================

2009-07-11 17:35   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Comodo
2009-07-11 17:35   179,792   a-------   c:\windows\system32\guard32.dll
2009-07-11 17:35   132,040   a-------   c:\windows\system32\drivers\cmdguard.sys
2009-07-11 17:35   25,160   a-------   c:\windows\system32\drivers\cmdhlp.sys
2009-07-11 17:34   <DIR>   --d-----   c:\program files\COMODO
2009-07-11 16:28   <DIR>   --d-----   c:\program files\Trend Micro
2009-07-11 16:05   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-11 16:05   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-07-11 16:05   <DIR>   --d-----   c:\docume~1\nrd\applic~1\SUPERAntiSpyware.com
2009-07-11 15:37   <DIR>   --d-----   c:\docume~1\nrd\applic~1\Malwarebytes
2009-07-11 15:37   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 15:37   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-11 15:37   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-07-11 15:37   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-07-07 13:46   <DIR>   --d-----   c:\program files\VideoLAN
2009-07-01 22:26   189,744   a-------   c:\windows\system32\PnkBstrB.xtr
2009-06-30 14:24   3,246   a-------   c:\windows\system32\wbem\Outlook_01c9f9aff4653759.mof
2009-06-25 12:54   18,944   ac------   c:\windows\system32\dllcache\simptcp.dll
2009-06-25 12:54   18,944   a-------   c:\windows\system32\simptcp.dll
2009-06-18 05:12   218,624   ac------   c:\windows\system32\dllcache\uxtheme.dll
2009-06-16 03:51   <DIR>   --d-----   c:\program files\Minimizor
2009-06-16 03:14   <DIR>   --d-----   c:\program files\Opera 10 Beta
2009-06-14 18:19   <DIR>   --d-----   c:\program files\Panda Security

==================== Find3M ====================

2009-07-11 20:02   139,904   a-------   c:\windows\system32\drivers\PnkBstrK.sys
2009-07-11 20:02   189,744   a-------   c:\windows\system32\PnkBstrB.exe
2009-07-01 18:43   75,064   a-------   c:\windows\system32\PnkBstrA.exe
2009-05-31 23:43   15,688   a-------   c:\windows\system32\lsdelete.exe
2009-05-21 11:33   410,984   a-------   c:\windows\system32\deploytk.dll
2009-05-13 01:15   915,456   a-------   c:\windows\system32\wininet.dll
2009-05-07 11:32   345,600   a-------   c:\windows\system32\localspl.dll
2009-04-17 08:26   1,847,168   a-------   c:\windows\system32\win32k.sys
2009-04-15 12:20   86,327   a-------   c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-15 10:51   585,216   a-------   c:\windows\system32\rpcrt4.dll
2009-04-14 01:38   22,328   a-------   c:\docume~1\nrd\applic~1\PnkBstrK.sys
2009-04-14 01:37   2,250,024   a-------   c:\windows\system32\pbsvc.exe
2009-04-14 01:20   86,016   a-------   c:\windows\system32\OpenAL32.dll
2009-04-13 21:55   298,104   a-------   c:\windows\system32\imon.dll
2009-04-13 20:01   86   a-------   c:\documents and settings\nrd\DelACD.bat
2009-04-13 19:55   21,640   a-------   c:\windows\system32\emptyregdb.dat

============= FINISH: 21:26:01.17 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2009 8:02:50 PM
System Uptime: 7/11/2009 6:31:02 PM (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N32-SLI DELUXE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 3000/250mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 280.36 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 214.957 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 466 GiB total, 109.337 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF651393
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF651393
Service: RTLWUSB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&1E7C07&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&1E7C07&0&00
Service: NVENETFD

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3DMark06
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AI Nap
AsusUpdate
Combined Community Codec Pack 2007-02-22
COMODO Internet Security
Critical Update for Windows Media Player 11 (KB959772)
Dual-Core Optimizer
EVEREST Ultimate Edition v5.00
Far Cry 2
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java(TM) 6 Update 14
Kels' CPL Bonus Pack!
M8 Free Multi Clipboard
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v1.2.1070.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Minimizor 1.8
NOD32 antivirus system
NOD32 FiX
NVIDIA Drivers
NVIDIA nTune
NVIDIA PhysX
Opera 10.00
Opera 9.64
OperaFly 2.6
PunkBuster Services
Razer Lachesis
RivaTuner v2.24
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SMPlayer 0.6.6
SoundMAX
SpeedFan (remove only)
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TeamSpeak 2 RC2
TeamSpeak Overlay BETA 2 (#63)
Update for 2007 Microsoft Office System (KB967642)
Update for Office 2007 (KB934391)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.0
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Wolfenstein - Enemy Territory

==== Event Viewer Messages From Past Week ========

7/6/2009 6:50:09 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001FC6510315 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Thanks for the help evilfantasy, love your quote btw

evilfantasy · « **Reply #11 on:** July 11, 2009, 07:30:47 PM »

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Rootkit::
SjyPkt.sys

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

NRDNick · « **Reply #12 on:** July 11, 2009, 07:53:13 PM »

Okay done and done, here is the log

ComboFix 09-07-09.08 - NRD 07/11/2009 21:44.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2794 [GMT -4:00]
Running from: c:\documents and settings\NRD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\NRD\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-11 21:35 . 2009-07-11 22:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Comodo
2009-07-11 21:35 . 2009-07-11 21:34   86976   ----a-w-   c:\windows\system32\drivers\inspect.sys
2009-07-11 21:35 . 2009-07-11 21:34   25160   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2009-07-11 21:35 . 2009-07-11 21:34   179792   ----a-w-   c:\windows\system32\guard32.dll
2009-07-11 21:35 . 2009-07-11 21:34   132040   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2009-07-11 21:34 . 2009-07-11 21:34   --------   d-----w-   c:\program files\COMODO
2009-07-11 20:28 . 2009-07-11 20:28   --------   d-----w-   c:\program files\Trend Micro
2009-07-11 20:06 . 2009-07-11 20:06   117760   ----a-w-   c:\documents and settings\NRD\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-11 20:05 . 2009-07-11 20:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-11 20:05 . 2009-07-11 20:05   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-07-11 20:05 . 2009-07-11 20:05   --------   d-----w-   c:\documents and settings\NRD\Application Data\SUPERAntiSpyware.com
2009-07-11 19:37 . 2009-07-11 19:37   --------   d-----w-   c:\documents and settings\NRD\Application Data\Malwarebytes
2009-07-11 19:37 . 2009-06-17 15:27   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 19:37 . 2009-07-11 19:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 19:37 . 2009-07-11 19:37   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-07-11 19:37 . 2009-06-17 15:27   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-07-07 21:12 . 2009-07-07 21:12   --------   d-----w-   c:\documents and settings\NRD\Application Data\dvdcss
2009-07-07 17:47 . 2009-07-11 23:39   --------   d-----w-   c:\documents and settings\NRD\Application Data\vlc
2009-07-07 17:46 . 2009-07-07 17:46   --------   d-----w-   c:\program files\VideoLAN
2009-07-07 10:15 . 2009-07-07 10:15   --------   d-----w-   c:\documents and settings\NRD\Local Settings\Application Data\Identities
2009-07-01 22:42 . 2009-07-01 22:42   --------   d-----w-   c:\documents and settings\NRD\Local Settings\Application Data\PunkBuster
2009-06-27 23:09 . 2009-06-27 23:09   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-27 18:23 . 2009-06-27 18:23   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-27 18:23 . 2009-06-30 07:50   --------   d-----w-   c:\documents and settings\NRD\Local Settings\Application Data\Google
2009-06-27 18:20 . 2009-07-12 01:49   --------   d-----w-   c:\program files\Google
2009-06-25 16:54 . 2004-08-07 00:17   18944   -c--a-w-   c:\windows\system32\dllcache\simptcp.dll
2009-06-25 16:54 . 2004-08-07 00:17   18944   ----a-w-   c:\windows\system32\simptcp.dll
2009-06-20 18:02 . 2009-06-29 21:53   314712   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-20 18:02 . 2009-07-11 09:09   25440   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-20 18:02 . 2009-07-06 21:44   169312   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-20 18:02 . 2009-06-29 21:52   348496   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-20 18:02 . 2009-06-29 21:52   298336   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-20 18:02 . 2009-07-11 09:09   1630560   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-20 18:02 . 2009-06-29 21:49   85352   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-20 18:02 . 2009-06-29 21:49   664424   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-20 18:01 . 2009-07-06 21:44   563064   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-20 18:01 . 2009-07-06 21:44   566632   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-20 18:01 . 2009-07-11 09:09   2353480   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-20 18:01 . 2009-06-29 21:46   629072   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-20 18:01 . 2009-06-29 21:46   520024   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-20 18:01 . 2009-06-29 21:45   1029456   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-18 09:12 . 2008-05-11 09:00   218624   -c--a-w-   c:\windows\system32\dllcache\uxtheme.dll
2009-06-16 07:51 . 2009-06-16 07:52   --------   d-----w-   c:\program files\Minimizor
2009-06-16 07:14 . 2009-07-01 09:58   --------   d-----w-   c:\program files\Opera 10 Beta
2009-06-14 22:19 . 2009-06-30 09:33   --------   d-----w-   c:\program files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 00:42 . 2009-04-14 02:23   --------   d-----w-   c:\documents and settings\NRD\Application Data\uTorrent
2009-07-12 00:02 . 2009-04-14 05:38   139904   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2009-07-12 00:02 . 2009-04-14 05:37   189744   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-07-11 23:46 . 2009-04-13 23:58   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-07-11 20:05 . 2009-04-14 00:20   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-07-01 22:43 . 2009-04-14 05:37   75064   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-06-30 01:45 . 2009-04-14 00:26   69232   ----a-w-   c:\documents and settings\NRD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 21:51 . 2009-06-01 03:43   84832   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 21:49 . 2009-06-01 03:43   246128   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 21:49 . 2009-06-01 03:43   40288   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-10 21:39 . 2009-04-27 06:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 07:13 . 2009-04-21 16:11   --------   d-----w-   c:\program files\Java
2009-06-10 07:13 . 2009-06-10 07:13   152576   ----a-w-   c:\documents and settings\NRD\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 07:01 . 2009-06-03 09:02   --------   d-----w-   c:\documents and settings\NRD\Application Data\TurboIRC 7
2009-06-09 19:10 . 2009-06-03 08:35   --------   d-----w-   c:\documents and settings\NRD\Application Data\teamspeak2
2009-06-03 09:19 . 2009-06-03 09:19   --------   d-----w-   c:\documents and settings\NRD\Application Data\M8 Software
2009-06-03 09:13 . 2009-06-03 09:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\TurboIRC 7
2009-06-03 08:59 . 2009-06-03 08:59   --------   d-----w-   c:\program files\FreeClip
2009-06-03 08:35 . 2009-05-31 01:27   --------   d-----w-   c:\program files\Teamspeak2_RC2
2009-06-01 03:43 . 2009-06-01 03:43   15688   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 03:43 . 2009-05-04 22:47   15688   ----a-w-   c:\windows\system32\lsdelete.exe
2009-05-31 01:29 . 2009-05-31 01:29   --------   d-----w-   c:\program files\TSO
2009-05-21 15:33 . 2009-04-21 16:11   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-05-21 07:50 . 2009-05-21 03:23   --------   d-----w-   c:\documents and settings\NRD\Application Data\mIRC
2009-05-13 08:53 . 2009-04-14 02:22   --------   d-----w-   c:\program files\Orthos
2009-05-13 08:30 . 2009-04-14 01:34   --------   d-----w-   c:\program files\ESET
2009-05-13 05:15 . 2008-05-11 08:59   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 04:41   345600   ----a-w-   c:\windows\system32\localspl.dll
2009-05-04 21:43 . 2009-05-04 21:43   64160   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2009-05-04 21:43 . 2009-05-04 21:43   64160   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-21 16:11 . 2009-04-21 16:11   152576   ----a-w-   c:\documents and settings\NRD\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 12:26 . 2008-04-14 00:00   1847168   ----a-w-   c:\windows\system32\win32k.sys
2009-04-15 16:20 . 2009-04-13 23:57   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-15 14:51 . 2008-04-14 04:42   585216   ----a-w-   c:\windows\system32\rpcrt4.dll
2009-04-14 05:38 . 2009-04-14 05:38   22328   ----a-w-   c:\documents and settings\NRD\Application Data\PnkBstrK.sys
2009-04-14 05:38 . 2009-04-14 05:38   22328   ----a-w-   c:\documents and settings\NRD\Application Data\PnkBstrK.sys
2009-04-14 05:37 . 2009-04-14 05:37   2250024   ----a-w-   c:\windows\system32\pbsvc.exe
2009-04-14 05:20 . 2009-04-13 23:54   86016   ----a-w-   c:\windows\system32\OpenAL32.dll
2009-04-14 01:55 . 2009-04-14 01:56   512096   ----a-w-   c:\windows\system32\drivers\amon.sys
2009-04-14 01:55 . 2009-04-14 01:56   298104   ----a-w-   c:\windows\system32\imon.dll
2009-04-14 01:55 . 2009-04-14 01:56   15424   ----a-w-   c:\windows\system32\drivers\nod32drv.sys
2009-04-14 00:01 . 2009-04-14 00:04   86   ----a-w-   c:\documents and settings\NRD\DelACD.bat
2009-04-14 00:01 . 2009-04-14 00:02   86   ----a-w-   c:\windows\system32\config\systemprofile\DelACD.bat
2009-04-14 00:01 . 2009-04-14 00:01   86   ----a-w-   c:\documents and settings\Default User\DelACD.bat
2009-04-14 00:00 . 2009-04-14 00:04   2506   ----a-w-   c:\documents and settings\NRD\MANAC8.tmp
2009-04-14 00:00 . 2009-04-14 00:04   1808   ----a-w-   c:\documents and settings\NRD\VWLAC9.tmp
2009-04-14 00:00 . 2009-04-14 00:04   124552   ----a-w-   c:\documents and settings\NRD\WLFACA.tmp
2009-04-14 00:00 . 2009-04-14 00:02   2506   ----a-w-   c:\windows\system32\config\systemprofile\MANAC8.tmp
2009-04-14 00:00 . 2009-04-14 00:02   1808   ----a-w-   c:\windows\system32\config\systemprofile\VWLAC9.tmp
2009-04-14 00:00 . 2009-04-14 00:02   124552   ----a-w-   c:\windows\system32\config\systemprofile\WLFACA.tmp
2009-04-14 00:00 . 2009-04-14 00:00   2506   ----a-w-   c:\documents and settings\Default User\MANAC8.tmp
2009-04-14 00:00 . 2009-04-14 00:00   1808   ----a-w-   c:\documents and settings\Default User\VWLAC9.tmp
2009-04-14 00:00 . 2009-04-14 00:00   124552   ----a-w-   c:\documents and settings\Default User\WLFACA.tmp
2009-04-13 23:55 . 2009-04-13 23:55   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-05-11 09:05   1614848   F2DF0FDBD41B34112EE05ED04258F052   c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-02 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-02 86016]
"Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-11-30 1419776]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-14 949376]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Minimizor"="c:\program files\Minimizor\Minimizor.exe" [2009-01-16 504320]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-11 1793808]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-02 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46956:TCP"= 46956:TCP:utorrent
"46956:UDP"= 46956:UDP:utorrent

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/4/2009 5:43 PM 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [7/11/2009 5:35 PM 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7/11/2009 5:35 PM 25160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4/13/2009 9:56 PM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [4/13/2009 9:17 PM 12032]
S2 gupdate1c9f75468694414;Google Update Service (gupdate1c9f75468694414);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2009 2:23 PM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/27/2008 1:39 AM 332928]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:44]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 18:23]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 18:23]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 21:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-562591055-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:e9,64,d1,35,e3,26,f7,66,e0,06,a6,32,bf,e1,e0,f2,6d,87,39,15,87,
f5,b6,78,48,ee,1b,6f,15,8d,1a,39,9b,f0,c9,08,fb,d4,e5,e0,7c,2d,59,da,a7,64,\
"rkeysecu"=hex:88,67,42,bf,d1,ee,c9,0f,6a,c4,a3,b3,2d,ae,8d,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Razer\Lachesis\OSD.exe
c:\program files\Razer\Lachesis\razertra.exe
c:\program files\Razer\Lachesis\razerofa.exe
.
**************************************************************************
.
Completion time: 2009-07-12 21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-12 01:51

Pre-Run: 300,916,076,544 bytes free
Post-Run: 302,685,122,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

261   --- E O F ---   2009-06-10 21:39

evilfantasy · « **Reply #13 on:** July 11, 2009, 07:59:29 PM »

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
SjyPkt

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46956:TCP"=-
"46956:UDP"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

NRDNick · « **Reply #14 on:** July 11, 2009, 08:10:57 PM »

As per requested,

ComboFix 09-07-09.08 - NRD 07/11/2009 22:03.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2893 [GMT -4:00]
Running from: c:\documents and settings\NRD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\NRD\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SJYPKT
-------\Service_SjyPkt

((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-11 21:35 . 2009-07-11 22:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Comodo
2009-07-11 21:35 . 2009-07-11 21:34   86976   ----a-w-   c:\windows\system32\drivers\inspect.sys
2009-07-11 21:35 . 2009-07-11 21:34   25160   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2009-07-11 21:35 . 2009-07-11 21:34   179792   ----a-w-   c:\windows\system32\guard32.dll
2009-07-11 21:35 . 2009-07-11 21:34   132040   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2009-07-11 21:34 . 2009-07-11 21:34   --------   d-----w-   c:\program files\COMODO
2009-07-11 20:28 . 2009-07-11 20:28   --------   d-----w-   c:\program files\Trend Micro
2009-07-11 20:06 . 2009-07-11 20:06   117760   ----a-w-   c:\documents and settings\NRD\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-11 20:05 . 2009-07-11 20:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-11 20:05 . 2009-07-11 20:05   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-07-11 20:05 . 2009-07-11 20:05   --------   d-----w-   c:\documents and settings\NRD\Application Data\SUPERAntiSpyware.com
2009-07-11 19:37 . 2009-07-11 19:37   --------   d-----w-   c:\documents and settings\NRD\Application Data\Malwarebytes
2009-07-11 19:37 . 2009-06-17 15:27   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 19:37 . 2009-07-11 19:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 19:37 . 2009-07-11 19:37   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-07-11 19:37 . 2009-06-17 15:27   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-07-07 21:12 . 2009-07-07 21:12   --------   d-----w-   c:\documents and settings\NRD\Application Data\dvdcss
2009-07-07 17:47 . 2009-07-11 23:39   --------   d-----w-   c:\documents and settings\NRD\Application Data\vlc
2009-07-07 17:46 . 2009-07-07 17:46   --------   d-----w-   c:\program files\VideoLAN
2009-07-07 10:15 . 2009-07-07 10:15   --------   d-----w-   c:\documents and settings\NRD\Local Settings\Application Data\Identities
2009-07-01 22:42 . 2009-07-01 22:42   --------   d-----w-   c:\documents and settings\NRD\Local Settings\Application Data\PunkBuster
2009-06-27 23:09 . 2009-06-27 23:09   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-27 18:23 . 2009-06-27 18:23   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-27 18:23 . 2009-06-30 07:50   --------   d-----w-   c:\documents and settings\NRD\Local Settings\Application Data\Google
2009-06-27 18:20 . 2009-07-12 01:49   --------   d-----w-   c:\program files\Google
2009-06-25 16:54 . 2004-08-07 00:17   18944   -c--a-w-   c:\windows\system32\dllcache\simptcp.dll
2009-06-25 16:54 . 2004-08-07 00:17   18944   ----a-w-   c:\windows\system32\simptcp.dll
2009-06-20 18:02 . 2009-06-29 21:53   314712   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-20 18:02 . 2009-07-11 09:09   25440   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-20 18:02 . 2009-07-06 21:44   169312   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-20 18:02 . 2009-06-29 21:52   348496   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-20 18:02 . 2009-06-29 21:52   298336   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-20 18:02 . 2009-07-11 09:09   1630560   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-20 18:02 . 2009-06-29 21:49   85352   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-20 18:02 . 2009-06-29 21:49   664424   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-20 18:01 . 2009-07-06 21:44   563064   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-20 18:01 . 2009-07-06 21:44   566632   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-20 18:01 . 2009-07-11 09:09   2353480   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-20 18:01 . 2009-06-29 21:46   629072   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-20 18:01 . 2009-06-29 21:46   520024   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-20 18:01 . 2009-06-29 21:45   1029456   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-18 09:12 . 2008-05-11 09:00   218624   -c--a-w-   c:\windows\system32\dllcache\uxtheme.dll
2009-06-16 07:51 . 2009-06-16 07:52   --------   d-----w-   c:\program files\Minimizor
2009-06-16 07:14 . 2009-07-01 09:58   --------   d-----w-   c:\program files\Opera 10 Beta
2009-06-14 22:19 . 2009-06-30 09:33   --------   d-----w-   c:\program files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 00:42 . 2009-04-14 02:23   --------   d-----w-   c:\documents and settings\NRD\Application Data\uTorrent
2009-07-12 00:02 . 2009-04-14 05:38   139904   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2009-07-12 00:02 . 2009-04-14 05:37   189744   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-07-11 23:46 . 2009-04-13 23:58   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-07-11 20:05 . 2009-04-14 00:20   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-07-01 22:43 . 2009-04-14 05:37   75064   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-06-30 01:45 . 2009-04-14 00:26   69232   ----a-w-   c:\documents and settings\NRD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 21:51 . 2009-06-01 03:43   84832   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 21:49 . 2009-06-01 03:43   246128   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 21:49 . 2009-06-01 03:43   40288   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-10 21:39 . 2009-04-27 06:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 07:13 . 2009-04-21 16:11   --------   d-----w-   c:\program files\Java
2009-06-10 07:13 . 2009-06-10 07:13   152576   ----a-w-   c:\documents and settings\NRD\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 07:01 . 2009-06-03 09:02   --------   d-----w-   c:\documents and settings\NRD\Application Data\TurboIRC 7
2009-06-09 19:10 . 2009-06-03 08:35   --------   d-----w-   c:\documents and settings\NRD\Application Data\teamspeak2
2009-06-03 09:19 . 2009-06-03 09:19   --------   d-----w-   c:\documents and settings\NRD\Application Data\M8 Software
2009-06-03 09:13 . 2009-06-03 09:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\TurboIRC 7
2009-06-03 08:59 . 2009-06-03 08:59   --------   d-----w-   c:\program files\FreeClip
2009-06-03 08:35 . 2009-05-31 01:27   --------   d-----w-   c:\program files\Teamspeak2_RC2
2009-06-01 03:43 . 2009-06-01 03:43   15688   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 03:43 . 2009-05-04 22:47   15688   ----a-w-   c:\windows\system32\lsdelete.exe
2009-05-31 01:29 . 2009-05-31 01:29   --------   d-----w-   c:\program files\TSO
2009-05-21 15:33 . 2009-04-21 16:11   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-05-21 07:50 . 2009-05-21 03:23   --------   d-----w-   c:\documents and settings\NRD\Application Data\mIRC
2009-05-13 08:53 . 2009-04-14 02:22   --------   d-----w-   c:\program files\Orthos
2009-05-13 08:30 . 2009-04-14 01:34   --------   d-----w-   c:\program files\ESET
2009-05-13 05:15 . 2008-05-11 08:59   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 04:41   345600   ----a-w-   c:\windows\system32\localspl.dll
2009-05-04 21:43 . 2009-05-04 21:43   64160   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2009-05-04 21:43 . 2009-05-04 21:43   64160   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-21 16:11 . 2009-04-21 16:11   152576   ----a-w-   c:\documents and settings\NRD\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 12:26 . 2008-04-14 00:00   1847168   ----a-w-   c:\windows\system32\win32k.sys
2009-04-15 16:20 . 2009-04-13 23:57   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-15 14:51 . 2008-04-14 04:42   585216   ----a-w-   c:\windows\system32\rpcrt4.dll
2009-04-14 05:38 . 2009-04-14 05:38   22328   ----a-w-   c:\documents and settings\NRD\Application Data\PnkBstrK.sys
2009-04-14 05:38 . 2009-04-14 05:38   22328   ----a-w-   c:\documents and settings\NRD\Application Data\PnkBstrK.sys
2009-04-14 05:37 . 2009-04-14 05:37   2250024   ----a-w-   c:\windows\system32\pbsvc.exe
2009-04-14 05:20 . 2009-04-13 23:54   86016   ----a-w-   c:\windows\system32\OpenAL32.dll
2009-04-14 01:55 . 2009-04-14 01:56   512096   ----a-w-   c:\windows\system32\drivers\amon.sys
2009-04-14 01:55 . 2009-04-14 01:56   298104   ----a-w-   c:\windows\system32\imon.dll
2009-04-14 01:55 . 2009-04-14 01:56   15424   ----a-w-   c:\windows\system32\drivers\nod32drv.sys
2009-04-14 00:01 . 2009-04-14 00:04   86   ----a-w-   c:\documents and settings\NRD\DelACD.bat
2009-04-14 00:01 . 2009-04-14 00:02   86   ----a-w-   c:\windows\system32\config\systemprofile\DelACD.bat
2009-04-14 00:01 . 2009-04-14 00:01   86   ----a-w-   c:\documents and settings\Default User\DelACD.bat
2009-04-14 00:00 . 2009-04-14 00:04   2506   ----a-w-   c:\documents and settings\NRD\MANAC8.tmp
2009-04-14 00:00 . 2009-04-14 00:04   1808   ----a-w-   c:\documents and settings\NRD\VWLAC9.tmp
2009-04-14 00:00 . 2009-04-14 00:04   124552   ----a-w-   c:\documents and settings\NRD\WLFACA.tmp
2009-04-14 00:00 . 2009-04-14 00:02   2506   ----a-w-   c:\windows\system32\config\systemprofile\MANAC8.tmp
2009-04-14 00:00 . 2009-04-14 00:02   1808   ----a-w-   c:\windows\system32\config\systemprofile\VWLAC9.tmp
2009-04-14 00:00 . 2009-04-14 00:02   124552   ----a-w-   c:\windows\system32\config\systemprofile\WLFACA.tmp
2009-04-14 00:00 . 2009-04-14 00:00   2506   ----a-w-   c:\documents and settings\Default User\MANAC8.tmp
2009-04-14 00:00 . 2009-04-14 00:00   1808   ----a-w-   c:\documents and settings\Default User\VWLAC9.tmp
2009-04-14 00:00 . 2009-04-14 00:00   124552   ----a-w-   c:\documents and settings\Default User\WLFACA.tmp
2009-04-13 23:55 . 2009-04-13 23:55   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-05-11 09:05   1614848   F2DF0FDBD41B34112EE05ED04258F052   c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-12_01.49.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 02:06 . 2009-07-12 02:06   16384 c:\windows\temp\Perflib_Perfdata_538.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-02 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-02 86016]
"Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-11-30 1419776]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-14 949376]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Minimizor"="c:\program files\Minimizor\Minimizor.exe" [2009-01-16 504320]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-11 1793808]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-02 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/4/2009 5:43 PM 64160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [7/11/2009 5:35 PM 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7/11/2009 5:35 PM 25160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4/13/2009 9:56 PM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [4/13/2009 9:17 PM 12032]
S2 gupdate1c9f75468694414;Google Update Service (gupdate1c9f75468694414);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2009 2:23 PM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/27/2008 1:39 AM 332928]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:44]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 18:23]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 18:23]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 22:06
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-562591055-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:e9,64,d1,35,e3,26,f7,66,e0,06,a6,32,bf,e1,e0,f2,6d,87,39,15,87,
f5,b6,78,48,ee,1b,6f,15,8d,1a,39,9b,f0,c9,08,fb,d4,e5,e0,7c,2d,59,da,a7,64,\
"rkeysecu"=hex:88,67,42,bf,d1,ee,c9,0f,6a,c4,a3,b3,2d,ae,8d,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Razer\Lachesis\OSD.exe
c:\program files\Razer\Lachesis\razertra.exe
c:\program files\Razer\Lachesis\razerofa.exe
.
**************************************************************************
.
Completion time: 2009-07-12 22:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-12 02:08
ComboFix2.txt 2009-07-12 01:51

Pre-Run: 302,694,658,048 bytes free
Post-Run: 302,586,368,000 bytes free

264   --- E O F ---   2009-06-10 21:39

Computer Hope Forum

News:

Author Topic: WMA/TrojanDownloader.GetCodec.C.trojan (Read 9575 times)

NRDNick

WMA/TrojanDownloader.GetCodec.C.trojan

BatchFileBasics

Re: WMA/TrojanDownloader.GetCodec.C.trojan

NRDNick

Re: WMA/TrojanDownloader.GetCodec.C.trojan

BatchFileBasics

Re: WMA/TrojanDownloader.GetCodec.C.trojan

NRDNick

Re: WMA/TrojanDownloader.GetCodec.C.trojan

Karnac

Re: WMA/TrojanDownloader.GetCodec.C.trojan

NRDNick

Re: WMA/TrojanDownloader.GetCodec.C.trojan

Karnac

Re: WMA/TrojanDownloader.GetCodec.C.trojan

NRDNick

Re: WMA/TrojanDownloader.GetCodec.C.trojan

evilfantasy

Re: WMA/TrojanDownloader.GetCodec.C.trojan

NRDNick

Re: WMA/TrojanDownloader.GetCodec.C.trojan

evilfantasy

Re: WMA/TrojanDownloader.GetCodec.C.trojan

NRDNick

Re: WMA/TrojanDownloader.GetCodec.C.trojan

evilfantasy

Re: WMA/TrojanDownloader.GetCodec.C.trojan

NRDNick

Re: WMA/TrojanDownloader.GetCodec.C.trojan