What to do if you found suspicious files?
January 28th, 2020
What the spyware removal still appear.
Im afraid it may infiltrate my accounts as now
im starting to upload wares
MBAM
http://www.malwarebytes.org/mbam.php
Combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Haven’t failed me yet.
i don’t really understand your problem.. let me see if i can understand your question… you ran scans with spybot and SAS and it finds infections… when you remove them, and run a scan again.. it finds the same things?
if that’s right, there should be an option in the scanner to find out the location of where the infections are… once you find the location, reboot and load up safe mode. once you’re in safe mode, go to the location(s) and delete the infected exe’s. reboot, boot back to normal, run the scan again and see if they’re gone.
also uploading things when you have infections on your pc isn’t the greatest idea as you can infect other people, and in the end get banned for it.
spyware can’t infected online accounts, but if it’s a keylogger/trojan that contains a keylogger in its code.. then yes, your info will be stolen.
Get Avira + Comodo Firewall + Malwarebytes + Combofix. Tell us what files you find or are infected. Dont upload when you are infected you’ll infect other users.
Yeah Malwarebytes is very good free anti-virus software.
…You could also download a cracked anti-virus software that people upload to sites. those are always laying around and are generally much better than free anti-virus stuffs
Yeah Malwarebytes is very good free anti-virus software.
...You could also download a cracked anti-virus software that people upload to sites. those are always laying around and are generally much better than free anti-virus stuffs
cracked anti-virus’ are never better than retail. it’s just the fact that you don’t have to pay for it.
Here it is.
ComboFix 10-01-23.02 – Administrator 01/24/2010 9:46.1.2 – x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.998.790 [GMT 8:00]
Running from: c:\documents and settings\butterbescotch\My Documents\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\msvcrt2.dll
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 01:37 . 2010-01-24 01:37164710—-a-w-c:\documents and settings\butterbescotch\Application Data\IDM\DwnlData\butterbescotch\mbam-setup_1214\mbam-setup.exe
2010-01-23 23:49 . 2010-01-24 00:19374720—-a-w-c:\windows\system32\drivers\sfi.dat
2010-01-23 23:47 . 2010-01-23 23:47——–d-sh–w-c:\documents and settings\Administrator\PrivacIE
2010-01-23 23:45 . 2010-01-23 23:45——–d—–w-c:\documents and settings\Administrator\Application Data\IObit
2010-01-23 22:12 . 2010-01-23 23:49——–d—–w-c:\documents and settings\All Users\Application Data\Comodo
2010-01-23 22:11 . 2010-01-23 22:1187104—-a-w-c:\windows\system32\drivers\inspect.sys
2010-01-23 22:11 . 2010-01-23 22:1125160—-a-w-c:\windows\system32\drivers\cmdhlp.sys
2010-01-23 22:11 . 2010-01-23 22:11171552—-a-w-c:\windows\system32\guard32.dll
2010-01-23 22:11 . 2010-01-23 22:11133064—-a-w-c:\windows\system32\drivers\cmdguard.sys
2010-01-23 22:11 . 2010-01-23 22:11——–d—–w-c:\program files\COMODO
2010-01-23 22:06 . 2010-01-23 22:06——–d—–w-c:\program files\MSXML 4.0
2010-01-23 11:59 . 2010-01-23 12:02——–d—–w-c:\documents and settings\All Users\Application Data\Spybot – Search & Destroy
2010-01-23 11:59 . 2010-01-23 12:32——–d—–w-c:\program files\Spybot – Search & Destroy
2010-01-23 11:26 . 2010-01-23 11:26——–d—–w-c:\documents and settings\All Users\Application Data\TechSmith
2010-01-23 11:26 . 2010-01-23 11:26——–d—–w-c:\program files\Common Files\TechSmith Shared
2010-01-23 11:26 . 2010-01-23 11:26——–d—–w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-23 11:26 . 2010-01-23 11:26——–d—–w-c:\program files\Common Files\Wise Installation Wizard
2010-01-23 11:19 . 2010-01-23 11:19——–d—–w-c:\windows\system32\wbem\Repository
2010-01-23 06:50 . 2010-01-23 06:50——–d—–w-c:\windows\system32\QuickTime
2010-01-23 06:50 . 2010-01-23 11:26——–d—–w-c:\program files\TechSmith
2010-01-22 11:54 . 2010-01-22 11:5452224—-a-w-c:\documents and settings\butterbescotch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-22 11:54 . 2010-01-22 11:54117760—-a-w-c:\documents and settings\butterbescotch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-22 11:54 . 2010-01-22 11:5465024—-a-r-c:\documents and settings\butterbescotch\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-01-22 11:54 . 2010-01-22 11:545120—-a-r-c:\documents and settings\butterbescotch\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-01-22 11:54 . 2010-01-22 11:5418944—-a-r-c:\documents and settings\butterbescotch\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-01-22 11:53 . 2010-01-23 11:26——–d—–w-c:\program files\SUPERAntiSpyware
2010-01-22 11:53 . 2010-01-22 11:53——–d—–w-c:\documents and settings\butterbescotch\Application Data\SUPERAntiSpyware.com
2010-01-20 12:24 . 2010-01-20 12:24——–d—–w-c:\documents and settings\butterbescotch\Application Data\Sony Creative Software
2010-01-20 04:45 . 2008-04-13 18:4560032-c–a-w-c:\windows\system32\dllcache\usbaudio.sys
2010-01-20 04:45 . 2008-04-13 18:4560032—-a-w-c:\windows\system32\drivers\USBAUDIO.sys
2010-01-20 04:37 . 1998-06-17 16:0089360—-a-w-c:\windows\system32\VB5DB.DLL
2010-01-20 04:37 . 2004-03-08 04:5513567——w-c:\windows\system32\drivers\CDRBSDRV.SYS
2010-01-20 04:37 . 2010-01-23 11:26——–d–h–w-c:\program files\InstallShield Installation Information
2010-01-20 04:34 . 2008-04-13 18:4532128-c–a-w-c:\windows\system32\dllcache\usbccgp.sys
2010-01-20 04:34 . 2008-04-13 18:4532128—-a-w-c:\windows\system32\drivers\usbccgp.sys
2010-01-19 13:08 . 2010-01-19 13:08——–d—–w-c:\program files\Sonic Foundry
2010-01-19 13:07 . 2010-01-23 11:26——–d—–w-c:\documents and settings\butterbescotch\Application Data\proDAD
2010-01-19 13:07 . 2010-01-19 13:09——–d—–w-c:\program files\proDAD
2010-01-18 13:44 . 2009-05-26 07:4445056—-a-w-c:\windows\system32\WNASPI32.DLL
2010-01-18 13:44 . 2009-05-26 07:4416512—-a-w-c:\windows\system32\drivers\ASPI32.SYS
2010-01-18 13:21 . 2010-01-18 13:21——–d—–w-c:\documents and settings\butterbescotch\Application Data\Media Player Classic
2010-01-18 13:19 . 2010-01-18 13:19——–d—–w-c:\program files\XviD
2010-01-18 13:18 . 2010-01-23 11:26——–d—–w-c:\program files\Gabest
2010-01-18 13:04 . 2010-01-18 14:04——–d—–w-c:\documents and settings\butterbescotch\Application Data\Xilisoft Corporation
2010-01-18 13:03 . 2010-01-20 05:26——–d—–w-c:\program files\Xilisoft
2010-01-18 12:52 . 2010-01-18 13:02——–d—–w-c:\program files\Total Video Converter
2010-01-18 10:04 . 2010-01-18 10:04——–d—–w-c:\program files\Apple Software Update
2010-01-18 10:04 . 2010-01-18 10:04——–d—–w-c:\documents and settings\All Users\Application Data\Apple
2010-01-18 09:40 . 2010-01-18 09:40——–d—–r-C:\MSOCache
2010-01-18 04:56 . 2010-01-18 04:56——–d—–w-c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-18 04:48 . 2010-01-20 06:32——–d—–w-c:\documents and settings\butterbescotch\Local Settings\Application Data\WMTools Downloaded Files
2010-01-17 01:12 . 2010-01-17 01:12——–d—–w-c:\documents and settings\butterbescotch\Application Data\WindowsApplication1
2010-01-16 21:57 . 2010-01-16 21:57181904—-a-w-c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-16 15:38 . 2010-01-16 15:38——–d—–w-c:\program files\Sony
2010-01-16 14:51 . 2010-01-16 14:51——–d—–w-c:\program files\Common Files\eSellerate
2010-01-16 14:49 . 2010-01-16 14:49——–d—–w-c:\program files\NewBlue
2010-01-15 10:36 . 2010-01-15 10:36——–d—–w-c:\windows\system32\drivers\UMDF
2010-01-15 10:36 . 2010-01-15 10:36——–d—–w-c:\windows\system32\LogFiles
2010-01-12 19:36 . 2009-11-21 15:51471552-c—-w-c:\windows\system32\dllcache\aclayers.dll
2010-01-10 01:32 . 2010-01-10 01:32——–d—–w-c:\documents and settings\butterbescotch\Local Settings\Application Data\Ahead
2010-01-10 01:13 . 2010-01-10 01:13——–d—–w-c:\documents and settings\butterbescotch\Application Data\Nero
2010-01-10 01:11 . 2010-01-10 01:12——–d—–w-c:\program files\Common Files\Nero
2010-01-10 01:11 . 2010-01-10 01:11——–d—–w-c:\program files\Nero
2010-01-10 01:11 . 2010-01-10 01:11——–d—–w-c:\documents and settings\All Users\Application Data\Nero
2010-01-09 06:10 . 2010-01-23 04:27——–d—–w-c:\program files\Garena
2010-01-08 21:51 . 2007-04-09 05:2328552—-a-w-c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-01-08 21:51 . 2007-04-09 05:2328040—-a-w-c:\windows\system32\mdimon.dll
2010-01-08 21:51 . 2010-01-08 21:51——–d—–w-c:\program files\Microsoft ActiveSync
2010-01-08 21:50 . 2010-01-08 21:51——–d—–w-c:\windows\SHELLNEW
2010-01-08 21:50 . 2010-01-08 21:50——–d—–w-c:\program files\Microsoft.NET
2010-01-06 11:20 . 2010-01-06 11:20——–d—–w-c:\windows\system32\XPSViewer
2010-01-06 11:20 . 2010-01-06 11:20——–d—–w-c:\program files\MSBuild
2010-01-06 11:20 . 2010-01-06 11:20——–d—–w-c:\program files\Reference Assemblies
2010-01-06 11:19 . 2008-07-06 12:0689088—-a-w-c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-06 11:19 . 2008-07-06 12:0689088-c—-w-c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-06 11:19 . 2008-07-06 12:06575488-c—-w-c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-06 11:19 . 2008-07-06 12:06575488——w-c:\windows\system32\xpsshhdr.dll
2010-01-06 11:19 . 2008-07-06 12:06117760——w-c:\windows\system32\prntvpt.dll
2010-01-06 11:19 . 2008-07-06 10:50597504-c—-w-c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-06 11:19 . 2008-07-06 10:50597504——w-c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-06 11:19 . 2010-01-06 11:19——–d—–w-C:\ac56c7f5c618f124f6927c25f9
2010-01-06 11:19 . 2008-07-06 12:061676288-c—-w-c:\windows\system32\dllcache\xpssvcs.dll
2010-01-06 11:19 . 2008-07-06 12:061676288——w-c:\windows\system32\xpssvcs.dll
2010-01-03 11:15 . 2008-04-13 18:4515104-c–a-w-c:\windows\system32\dllcache\usbscan.sys
2010-01-03 11:15 . 2008-04-13 18:4515104—-a-w-c:\windows\system32\drivers\usbscan.sys
2010-01-03 11:15 . 2001-08-17 14:365632—-a-w-c:\windows\system32\ptpusb.dll
2010-01-03 11:15 . 2008-04-14 00:12159232—-a-w-c:\windows\system32\ptpusd.dll
2010-01-02 03:04 . 2010-01-02 03:0473216—-a-w-c:\documents and settings\butterbescotch\Application Data\IDM\stream_unrar.exe
2010-01-02 03:04 . 2010-01-02 03:04199680—-a-w-c:\documents and settings\butterbescotch\Application Data\IDM\unrar.dll
2010-01-02 01:11 . 2010-01-02 01:11——–d—–w-c:\documents and settings\butterbescotch\Application Data\Publish Providers
2010-01-02 01:11 . 2010-01-19 13:07——–d—–w-c:\documents and settings\butterbescotch\Application Data\Sony
2010-01-02 01:11 . 2010-01-15 10:45——–d—–w-c:\documents and settings\butterbescotch\Local Settings\Application Data\Sony
2010-01-02 01:09 . 2010-01-16 13:52——–d—–w-c:\documents and settings\All Users\Application Data\Sony
2010-01-02 00:54 . 2010-01-02 01:0223510720—-a-w-c:\documents and settings\butterbescotch\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
2010-01-02 00:53 . 2010-01-02 00:53——–d—–w-c:\documents and settings\butterbescotch\Application Data\Sony Setup
2010-01-01 01:05 . 2010-01-01 01:05——–d—–w-c:\documents and settings\butterbescotch\Application Data\Apple Computer
2010-01-01 00:58 . 2010-01-01 00:58——–d—–w-c:\documents and settings\butterbescotch\Local Settings\Application Data\TechSmith
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\World
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\Weather
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\Theme
2009-12-31 15:35 . 2009-12-31 15:36——–d—–w-c:\documents and settings\butterbescotch\Char
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\Sound
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\SFX
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\Music
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\Model
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\Item
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\Icon
2009-12-31 15:35 . 2009-12-31 15:35——–d—–w-c:\documents and settings\butterbescotch\Client
2009-12-31 15:05 . 2009-12-31 15:05——–d—–w-c:\documents and settings\butterbescotch\Local Settings\Application Data\Apple
2009-12-31 15:05 . 2009-12-31 15:05——–d—–w-c:\documents and settings\butterbescotch\Local Settings\Application Data\Apple Computer
2009-12-31 08:22 . 2009-08-18 21:18107864—-a-w-c:\windows\system32\tsccvid.dll
2009-12-31 08:22 . 2010-01-18 04:57——–d—–w-c:\program files\QuickTime
2009-12-29 15:42 . 2010-01-04 09:31——–d—–w-c:\documents and settings\butterbescotch\Application Data\skypePM
2009-12-29 15:42 . 2009-12-29 15:4256—ha-w-c:\windows\system32\ezsidmv.dat
2009-12-29 15:37 . 2010-01-13 12:06——–d—–w-c:\documents and settings\All Users\Application Data\Skype
2009-12-29 02:12 . 2009-12-29 02:12——–d—–w-c:\program files\Intelore
2009-12-28 00:31 . 2009-12-28 00:31——–d–h–w-c:\windows\PIF
2009-12-28 00:27 . 2009-12-28 00:27——–d—–w-c:\windows\Sun
2009-12-26 01:45 . 2008-04-13 18:4526368-c–a-w-c:\windows\system32\dllcache\usbstor.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 01:43 . 2010-01-24 01:42——–d—–w-c:\documents and settings\Administrator\Application Data\IDM
2010-01-24 01:42 . 2010-01-24 01:42198064—-a-w-c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-01-24 01:42 . 2010-01-24 01:42——–d—–w-c:\documents and settings\Administrator\Application Data\DMCache
2010-01-24 01:32 . 2009-12-21 17:07——–d—–w-c:\documents and settings\butterbescotch\Application Data\DMCache
2010-01-23 23:57 . 2009-12-21 12:58——–d—–w-c:\program files\Common Files\Adobe
2010-01-23 09:57 . 2009-12-22 14:46——–d—–w-c:\documents and settings\butterbescotch\Application Data\vlc
2010-01-21 10:49 . 2009-12-21 12:2227088—-a-w-c:\documents and settings\butterbescotch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 13:45 . 2009-12-24 16:32——–d—–w-c:\documents and settings\butterbescotch\Application Data\dvdcss
2010-01-17 13:54 . 2009-12-21 17:07——–d—–w-c:\documents and settings\butterbescotch\Application Data\IDM
2010-01-14 14:32 . 2009-12-21 12:53——–d—–w-c:\documents and settings\butterbescotch\Application Data\IObit
2010-01-02 00:52 . 2009-12-21 11:47——–d—–w-c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-02 00:52 . 2009-12-21 11:34——–d—–w-c:\program files\Yahoo!
2009-12-24 10:04 . 2009-12-24 10:04444952—-a-w-c:\windows\system32\wrap_oal.dll
2009-12-24 10:04 . 2009-12-24 10:04109080—-a-w-c:\windows\system32\OpenAL32.dll
2009-12-24 10:04 . 2009-12-24 10:04——–d—–w-c:\program files\OpenAL
2009-12-24 09:51 . 2009-12-24 09:48——–d—–w-c:\documents and settings\butterbescotch\Application Data\DAEMON Tools Lite
2009-12-24 09:48 . 2009-12-24 09:19691696—-a-w-c:\windows\system32\drivers\sptd.sys
2009-12-24 09:48 . 2009-12-24 09:48——–d—–w-c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-24 09:26 . 2009-12-24 09:26——–d—–w-c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-12-24 09:19 . 2009-12-24 09:19——–d—–w-c:\documents and settings\butterbescotch\Application Data\DAEMON Tools Pro
2009-12-23 02:51 . 2009-12-22 02:4756816—-a-w-c:\windows\system32\drivers\avgntflt.sys
2009-12-22 14:44 . 2009-12-22 14:44——–d—–w-c:\program files\VideoLAN
2009-12-22 11:52 . 2009-12-22 11:52411368—-a-w-c:\windows\system32\deploytk.dll
2009-12-22 11:52 . 2009-12-22 11:52——–d—–w-c:\program files\Java
2009-12-22 11:52 . 2009-12-22 11:52152576—-a-w-c:\documents and settings\butterbescotch\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-12-22 03:31 . 2009-12-22 03:31——–d—–w-c:\documents and settings\butterbescotch\Application Data\uTorrent
2009-12-22 02:47 . 2009-12-22 02:47——–d—–w-c:\program files\Avira
2009-12-22 02:47 . 2009-12-22 02:47——–d—–w-c:\documents and settings\All Users\Application Data\Avira
2009-12-22 02:00 . 2009-12-22 02:00——–d—–w-c:\program files\Common Files\INCA Shared
2009-12-22 01:39 . 2009-12-21 17:07——–d—–w-c:\program files\Internet Download Manager
2009-12-22 00:09 . 2009-12-22 00:09——–d—–w-c:\program files\CONEXANT
2009-12-22 00:05 . 2009-12-22 00:05——–d—–w-c:\program files\Analog Devices
2009-12-21 23:45 . 2009-12-21 08:0886327—-a-w-c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-21 19:14 . 2004-08-03 22:56916480—-a-w-c:\windows\system32\wininet.dll
2009-12-21 17:07 . 2009-12-21 17:07198064—-a-w-c:\documents and settings\butterbescotch\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-12-21 13:18 . 2009-12-21 13:18——–d—–w-c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-21 13:09 . 2009-12-21 13:09——–d—–w-c:\program files\Bonjour
2009-12-21 13:00 . 2009-12-21 13:00——–d—–w-c:\program files\Common Files\Macrovision Shared
2009-12-21 11:56 . 2009-12-21 11:47——–d—–w-c:\documents and settings\butterbescotch\Application Data\Yahoo!
2009-12-21 11:28 . 2009-12-21 11:280—-a-w-c:\windows\nsreg.dat
2009-12-21 09:40 . 2009-12-21 08:0422720—-a-w-c:\windows\system32\emptyregdb.dat
2009-12-21 08:10 . 2009-12-21 08:10——–d—–w-c:\program files\microsoft frontpage
2009-12-21 00:58 . 2009-12-21 00:582009088—-a-w-c:\documents and settings\butterbescotch\Neuz.exe
2009-11-21 15:51 . 2004-08-03 22:56471552—-a-w-c:\windows\AppPatch\aclayers.dll
2009-11-21 09:30 . 2009-11-21 09:3086016—-a-w-c:\windows\system32\frapsvid.dll
2009-11-10 06:39 . 2009-12-21 11:47607472—-a-w-c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IDMan”=”c:\program files\Internet Download Manager\IDMan.exe” [2009-11-11 3171760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avgnt”=”c:\program files\Avira\AntiVir Desktop\avgnt.exe” [2009-03-02 209153]
“QuickTime Task”=”c:\program files\QuickTime\QTTask.exe” [2008-01-31 385024]
“NeroFilterCheck”=”c:\program files\Common Files\Nero\Lib\NeroCheck.exe” [2008-07-09 570664]
“NBKeyScan”=”c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2008-02-18 2221352]
“COMODO Internet Security”=”c:\program files\COMODO\COMODO Internet Security\cfp.exe” [2010-01-23 1800464]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 06:21548352—-a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\system32\guard32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Java\\jre6\\bin\\javaw.exe”=
“c:\\Program Files\\Garena\\Garena.exe”=
“c:\\Program Files\\Xilisoft\\Video Converter Platinum\\vcloader.exe”=
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/24/2009 5:19 PM 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [1/24/2010 6:11 AM 133064]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/24/2010 6:11 AM 25160]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/22/2009 10:47 AM 108289]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\BUTTER~1\LOCALS~1\Temp\RIT517.tmp –> c:\docume~1\BUTTER~1\LOCALS~1\Temp\RIT517.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service –> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
— Other Services/Drivers In Memory —
*NewlyCreated* – MDMXSDK
.
Contents of the ‘Scheduled Tasks’ folder
2010-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
– c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
——- Supplementary Scan ——-
.
IE: Download all links with IDM – c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM – c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM – c:\program files\Internet Download Manager\IEExt.htm
TCP: {6727C02D-12A4-4FFD-8BF6-7E144A2FD5BA} = 156.154.70.22,156.154.71.22
TCP: {B4462C16-ADEB-403E-BACA-A8AEEA011E28} = 156.154.70.22,156.154.71.22
FF – ProfilePath – FF – HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} – c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 09:52
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
“ImagePath”=”\??\c:\docume~1\BUTTER~1\LOCALS~1\Temp\RIT517.tmp”
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
“ImagePath”=”c:\windows\system32\GameMon.des -service”
.
——————— DLLs Loaded Under Running Processes ———————
– – – – – – – > ‘winlogon.exe'(300)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\butterbescotch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\butterbescotch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.
Completion time: 2010-01-24 09:54:30
ComboFix-quarantined-files.txt 2010-01-24 01:54
Pre-Run: 19,926,835,200 bytes free
Post-Run: 19,969,564,672 bytes free
– – End Of File – – F9376E056C25687D15295BF05EE8137F
And guess what i still have the problem
