CiD spyware!!cant get rid of it! - Free Antivirus Forum

CiD spyware!!cant get rid of it!

BullGuard Antivirus Forum > Virus Removal > Removal Help > CiD spyware!!cant get rid of it!

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

fake7
New Member

Date Joined Oct 2008
Total Posts : 2

Posted 10-2-2008 1:37 (GMT +1)

hello mates!i have problem with this CiD spyware, out of the sudden pop ups appear with ads with the CiD.what can i do?

thnx a lot!!!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 10-2-2008 6:30 (GMT +1)

Hello

Download this program: http://www.ctrlaltdel.dk/Fix_download.exe

and save it on the desktop. Then double click on it (Fix_download.exe).

You may have to allow the program to download files from the web!

The program download the necessary cleaning programs. Once the program
is downloaded, there will be a folder on your desktop named
Fix. – if the instructions not automatically opens, so
double-click "FIX_manual.htm" in Fix folder.

Please follow the instructions and copy the logs here, in this Topic:

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

fake7
New Member

Date Joined Oct 2008
Total Posts : 2

Posted 10-6-2008 3:18 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.16.05, on 06/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Marina\Desktop\FIX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [plusfive] "C:\ProgramData\city size size.letpk"
O4 - HKCU\..\Run: [clock drv coal bird] "C:\ProgramData\manager comp chin.bo1nle6"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7609 bytes

ComboFix 08-10-05.08 - Marina 2008-10-06 16.11.36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2037 [GMT 2:00]
Eseguito da: C:\Users\Marina\Desktop\FIX\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre elimi!!!!oni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Marina\AppData\Roaming\.#
C:\Users\Marina\AppData\Roaming\.#\MBX@163C@1C92990.###
C:\Users\Marina\AppData\Roaming\.#\MBX@163C@1C929C0.###
C:\Users\Marina\AppData\Roaming\.#\MBX@163C@1C929F0.###

.
((((((((((((((((((((((((( Files Creati Da 2008-09-06 al 2008-10-06 )))))))))))))))))))))))))))))))))))
.

2008-10-05 15:17 . 2008-10-05 15:18 <DIR> d-------- C:\Program Files\Windows Live
2008-10-02 16:52 . 2008-10-02 16:52 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-02 15:41 . 2008-10-02 15:41 <DIR> d-------- C:\Users\Marina\AppData\Roaming\Malwarebytes
2008-10-02 15:41 . 2008-10-02 15:41 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-02 15:41 . 2008-10-02 15:41 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-02 15:41 . 2008-10-05 12:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 15:41 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-02 15:41 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-02 15:40 . 2008-10-02 15:40 <DIR> d-------- C:\Users\Marina\AppData\Roaming\SUPERAntiSpyware.com
2008-10-02 15:40 . 2008-10-02 15:40 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-02 15:40 . 2008-10-02 15:40 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-02 15:40 . 2008-10-02 15:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-02 15:08 . 2008-05-27 06:59 106,605 --a------ C:\Windows\System32\StructuredQuerySchema.bin
2008-10-02 15:08 . 2008-05-27 07:17 34,816 --a------ C:\Windows\System32\msscb.dll
2008-10-02 15:08 . 2008-05-27 06:59 18,904 --a------ C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-10-02 15:08 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
2008-10-02 15:03 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-02 14:54 . 2008-10-02 14:54 <DIR> d-------- C:\Users\Marina\AppData\Roaming\URSoft
2008-10-02 14:54 . 2008-10-02 16:02 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-10-02 13:38 . 2008-10-02 13:38 106 --a------ C:\delete.bat
2008-10-02 10:49 . 2008-10-02 10:49 <DIR> d-------- C:\PerfLogs
2008-10-01 14:22 . 2008-10-01 16:03 27,934 --a------ C:\Users\Marina\AppData\Roaming\nvModes.dat
2008-10-01 13:19 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-10-01 13:18 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-10-01 13:17 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-10-01 13:17 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-10-01 13:17 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-10-01 13:17 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-10-01 13:15 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-10-01 13:15 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-10-01 13:15 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-10-01 13:15 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-10-01 13:15 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-10-01 12:28 . 2008-10-06 16:05 <DIR> d-------- C:\Users\Marina\Contacts
2008-10-01 10:45 . 2008-10-02 15:07 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-01 10:45 . 2008-10-02 15:07 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-01 10:45 . 2008-10-01 10:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-30 18:10 . 2008-09-30 18:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-30 18:09 . 2008-10-02 15:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-30 17:53 . 2008-10-02 15:59 <DIR> d-a------ C:\Users\All Users\TEMP
2008-09-30 17:53 . 2008-10-02 15:59 <DIR> d-a------ C:\ProgramData\TEMP
2008-09-30 09:43 . 2008-09-30 09:43 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-09-30 09:43 . 2008-09-30 09:43 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-09-29 23:20 . 2008-09-29 23:20 <DIR> d-------- C:\Users\Marina\AppData\Roaming\Jubler
2008-09-29 23:19 . 2008-09-29 23:19 <DIR> d-------- C:\Program Files\Jubler
2008-09-29 21:23 . 2008-09-29 21:24 <DIR> d-------- C:\Users\Marina\AppData\Roaming\Winamp
2008-09-29 21:23 . 2008-09-29 21:24 <DIR> d-------- C:\Program Files\Winamp
2008-09-29 21:23 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-09-29 20:38 . 2008-10-06 15:54 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-09-29 20:38 . 2008-09-29 20:38 <DIR> d-------- C:\Users\All Users\avg8
2008-09-29 20:38 . 2008-09-29 20:38 <DIR> d-------- C:\ProgramData\avg8
2008-09-29 20:38 . 2008-09-29 20:38 <DIR> d-------- C:\Program Files\AVG
2008-09-29 20:38 . 2008-09-29 20:38 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-29 20:38 . 2008-09-29 20:38 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-09-29 20:38 . 2008-09-29 20:38 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-29 12:33 . 2008-09-29 12:47 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-29 12:33 . 2008-09-29 12:47 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-29 10:23 . 2008-09-29 10:23 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-09-28 23:13 . 2008-09-28 23:13 <DIR> d-------- C:\Program Files\CCleaner
2008-09-28 22:56 . 2008-09-28 22:57 <DIR> d-------- C:\Program Files\Java
2008-09-28 22:55 . 2008-09-28 22:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-28 22:49 . 2008-09-28 22:49 <DIR> d-------- C:\Users\Marina\AppData\Roaming\Media Player Classic
2008-09-28 22:43 . 2008-09-28 22:43 <DIR> d-------- C:\Users\All Users\Real
2008-09-28 22:43 . 2008-09-28 22:43 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-28 10:40 . 2008-09-28 10:40 <DIR> d-------- C:\Users\All Users\HeckHelpDale
2008-09-28 10:40 . 2008-09-28 10:40 <DIR> d-------- C:\Users\All Users\book this clock drv
2008-09-28 10:40 . 2008-09-28 10:40 <DIR> d-------- C:\ProgramData\HeckHelpDale
2008-09-28 10:40 . 2008-09-28 10:40 <DIR> d-------- C:\ProgramData\book this clock drv
2008-09-28 10:20 . 2008-09-28 10:20 <DIR> d-------- C:\Users\All Users\eMule AdunanzA
2008-09-28 10:20 . 2008-09-28 10:20 <DIR> d-------- C:\ProgramData\eMule AdunanzA
2008-09-27 19:14 . 2008-09-27 19:14 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-09-27 19:14 . 2008-09-27 19:14 272,896 --a------ C:\Windows\System32\polstore.dll
2008-09-27 19:14 . 2008-09-27 19:14 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-09-27 19:14 . 2008-09-27 19:14 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
2008-09-27 19:13 . 2008-09-27 19:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-27 19:13 . 2008-09-27 19:13 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-09-27 19:13 . 2008-09-27 19:13 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-27 19:11 . 2008-09-27 19:11 269,312 --a------ C:\Windows\System32\es.dll
2008-09-27 19:11 . 2008-09-27 19:11 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-27 19:10 . 2008-09-27 19:10 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-27 19:07 . 2008-09-27 19:07 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-09-27 19:07 . 2008-09-27 19:07 827,392 --a------ C:\Windows\System32\wininet.dll
2008-09-27 19:06 . 2008-09-27 19:06 988,216 --a------ C:\Windows\System32\winload.exe
2008-09-27 19:06 . 2008-09-27 19:06 927,288 --a------ C:\Windows\System32\winresume.exe
2008-09-27 19:06 . 2008-09-27 19:06 615,992 --a------ C:\Windows\System32\ci.dll
2008-09-27 19:06 . 2008-09-27 19:06 378,368 --a------ C:\Windows\System32\srcore.dll
2008-09-27 19:06 . 2008-09-27 19:06 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-09-27 19:06 . 2008-09-27 19:06 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-09-27 19:06 . 2008-09-27 19:06 40,960 --a------ C:\Windows\System32\srclient.dll
2008-09-27 19:06 . 2008-09-27 19:06 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-09-27 19:06 . 2008-09-27 19:06 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-09-27 19:06 . 2008-09-27 19:06 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-09-27 19:05 . 2008-09-27 19:05 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-09-27 19:05 . 2008-09-27 19:05 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-09-27 18:40 . 2008-09-30 14:58 <DIR> d-------- C:\Users\Marina\AppData\Roaming\CyberLink
2008-09-27 18:34 . 2008-10-02 16:03 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-09-27 18:31 . 2008-09-27 18:33 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-27 18:30 . 2008-10-05 15:17 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-09-27 18:30 . 2008-10-05 15:17 <DIR> d-------- C:\ProgramData\WLInstaller
2008-09-27 18:29 . 2008-09-27 18:29 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-27 18:29 . 2008-09-27 18:29 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-27 18:29 . 2008-09-27 18:29 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-27 18:29 . 2008-09-27 18:29 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-27 18:29 . 2008-09-27 18:29 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-27 18:29 . 2008-09-27 18:29 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-27 18:29 . 2008-09-27 18:29 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-27 18:29 . 2008-09-27 18:29 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-27 18:29 . 2008-09-27 18:29 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-27 18:21 . 2008-09-27 18:21 <DIR> dr------- C:\Users\Marina\Searches
2008-09-27 18:21 . 2008-09-30 17:51 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-27 18:20 . 2008-10-04 12:47 <DIR> dr------- C:\Users\Marina\Videos
2008-09-27 18:20 . 2008-09-27 18:43 <DIR> dr------- C:\Users\Marina\Saved Games
2008-09-27 18:20 . 2008-10-02 17:40 <DIR> dr------- C:\Users\Marina\Pictures
2008-09-27 18:20 . 2008-10-02 14:00 <DIR> dr------- C:\Users\Marina\Music
2008-09-27 18:20 . 2008-09-27 18:21 <DIR> dr------- C:\Users\Marina\Links
2008-09-27 18:20 . 2008-10-05 15:16 <DIR> dr------- C:\Users\Marina\Downloads
2008-09-27 18:20 . 2008-09-29 22:31 <DIR> dr------- C:\Users\Marina\Documents
2008-09-27 18:20 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Marina\AppData\Roaming\Media Center Programs
2008-09-27 18:20 . 2008-03-15 07:50 <DIR> d-------- C:\Users\Marina\AppData\Roaming\Acer GameZone Console
2008-09-27 18:20 . 2008-09-27 18:21 <DIR> d--h----- C:\Users\Marina\AppData
2008-09-27 18:20 . 2008-10-05 15:13 <DIR> d-------- C:\Users\Marina
2008-09-27 18:16 . 2008-09-27 18:16 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 13:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-02 12:58 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-10-02 08:58 174 --sha-w C:\Program Files\desktop.ini
2008-10-02 08:52 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-02 08:52 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-02 08:52 --------- d-----w C:\Program Files\Windows Mail
2008-10-02 08:52 --------- d-----w C:\Program Files\Windows Journal
2008-10-02 08:52 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-02 08:52 --------- d-----w C:\Program Files\Windows Calendar
2008-10-02 08:51 --------- d-----w C:\Program Files\Windows Defender
2008-10-02 08:48 --------- d-----w C:\ProgramData\NVIDIA
2008-10-02 08:41 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-10-02 08:41 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-30 15:57 --------- d-----w C:\Program Files\Acer GameZone
2008-09-29 17:19 --------- d-----w C:\ProgramData\McAfee
2008-09-29 17:17 --------- d-----w C:\ProgramData\SiteAdvisor
2008-09-27 17:13 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-09-27 17:13 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-09-27 17:13 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-09-27 17:13 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-09-27 17:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-09-27 17:04 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-09-27 17:04 738,304 ----a-w C:\Windows\System32\inetcomm.dll
2008-09-27 17:04 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-09-27 17:04 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-09-27 17:04 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-09-27 17:04 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-09-27 17:04 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-09-27 17:03 --------- d-----w C:\Program Files\Microsoft Works
2008-09-27 16:16 --------- d-sh--w C:\ProgramData\Preferiti
2008-09-27 16:16 --------- d-sh--w C:\ProgramData\Modelli
2008-09-27 16:16 --------- d-sh--w C:\ProgramData\Menu Avvio
2008-09-27 16:16 --------- d-sh--w C:\ProgramData\Documenti
2008-09-27 16:16 --------- d-sh--w C:\ProgramData\Dati applicazioni
2008-09-27 16:16 --------- d-sh--w C:\Program Files\File comuni
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-16 18:51 2,041,363 ----a-w C:\Windows\System32\x264vfw.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"plusfive"="C:\ProgramData\city size size.letpk" [X]
"clock drv coal bird"="C:\ProgramData\manager comp chin.bo1nle6" [X]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-12 1286144]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-11 88608]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-12-14 C:\Windows\SkyTel.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-15 535336]
SETAUDIO.EXE [2008-03-15 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-699164814-3575636508-1086591931-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{467BD4D3-45B4-4638-8117-3204F97DD6D0}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{8DE8F842-EAFC-444A-A56E-7A9D288D4510}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{EC090954-58B8-4D6A-A13B-1059D0B85902}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{79105C7E-0218-4A60-8CCC-FBFEDAC17209}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{918586BB-EADD-4C8C-B96F-FCB8911A2A43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4F14F409-4AEC-4670-AADE-2261F75126C0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{47732D1F-8928-4863-AF0A-3BE75FC9E2A5}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{0AB857BB-A6D8-4F96-83FB-4BD74BB01730}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{B6587276-354C-4AF9-8195-A2A95955673E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{E9F46C2B-3528-4220-B155-E2522D7BBB98}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{571E4A76-5857-4C6B-A2F4-0007FE6A0219}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{443E4EB6-B7B1-4E1F-859F-D2F8035E9394}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{FCABB07F-C3E8-4230-9646-BCE018398983}C:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:C:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{25AE51E6-30AF-4BFF-BB4E-25C2215F610F}C:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:C:\program files\emule adunanza\emule_adnza.exe:eMule
"{BD9BCA56-E4E3-4EB8-B16A-29CDEF91EECA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-29 97928]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 17:15 41456]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-29 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-29 69128]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-12-14 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 179712]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3e63e17-8e53-11dd-a449-87d2db5f4436}]
\shell\AutoRun\command - System\Security\DriveGuard.exe -run
\shell\Explore\Command - System\Security\DriveGuard.exe -run
\shell\Open\Command - System\Security\DriveGuard.exe -run

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-eRecoveryService - (no file)

.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Users\Marina\AppData\Roaming\Mozilla\Firefox\Profiles\3sb23ggx.default\
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 16:13:31
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-10-06 16:14:39
ComboFix-quarantined-files.txt 2008-10-06 14:14:37

Pre-Run: 74.059.161.600 byte disponibili
Post-Run: 74,024,009,728 byte disponibili

292 --- E O F --- 2008-10-05 10:27:53

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 6.0.6001 Service Pack 1

05/10/2008 15.12.45
mbam-log-2008-10-05 (15-12-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 118024
Time elapsed: 1 hour(s), 18 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 10-6-2008 4:15 (GMT +1)

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

Killall::

Snapshot::

Folder::
C:\ProgramData\city size size.letpk

C:\Users\All Users\HeckHelpDale
C:\Users\All Users\book this clock drv
C:\ProgramData\HeckHelpDale
C:\ProgramData\book this clock drv

DirLook::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"plusfive"=-
"clock drv coal bird"=-

Save this as:
CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

Then post fresh combofix log.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Forum Information

Currently it is Wednesday, December 03, 2008 6:31 AM (GMT +1)
There are a total of 64.512 posts in 15.910 threads.
In the last 3 days there were 19 new threads and 77 reply posts. View Active Threads