|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
I can't seem to visit any AV sites nor Download any Updates
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:13 PM, on 9/29/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\WTClient.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Vtune\TBPanel.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Quincy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Quincy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Quincy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Quincy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingle Instance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Quincy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{1BEDFF49-2D25-4402-94D9-20EDD3F8C425}: NameServer = 210.4.2.61 202.78.97.41 O17 - HKLM\System\CCS\Services\Tcpip\..\{402A7D4E-5B1B-4BE1-B14D-1B7FDE7472FB}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{1BEDFF49-2D25-4402-94D9-20EDD3F8C425}: NameServer = 210.4.2.61 202.78.97.41 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE -- End of file - 7591 bytes |
#2
|
||||
|
||||
Welcome to CTH itotterz,
No infection showing in this one view. Let's check further. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button. If necessary allow it to locate or download a copy of HijackThis as needed. Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). You can break logs into parts and use separate posts here when replying and posting the log files, if needed. -------------- Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer. If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things. If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. |
#3
|
|||
|
|||
I can't seem to download RSIT or visit its website just like what is happening when I am about to open Avira site nor Avast site. Hopefully this virus let me download Gmer and this is the log:
GMER 1.0.15.15087 - http://www.gmer.net Rootkit quick scan 2009-09-30 10:05:04 Windows 5.1.2600 Service Pack 2 Running: kdpckzbv.exe; Driver: C:\DOCUME~1\Quincy\LOCALS~1\Temp\pxtdipog.sys ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwEnumerateKey [0xF7513D1C] SSDT sptd.sys ZwEnumerateValueKey [0xF75140BC] Code \??\C:\DOCUME~1\Quincy\LOCALS~1\Temp\catchme.sys pIofCallDriver ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A3801D8 Device \FileSystem\Fastfat \Fat 8A00A470 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] ctqeaerx <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] evnmrktr <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] ewvefk <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nwnsc <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- Last edited by itotterz; September 30th, 2009 at 03:10 AM. |
#4
|
||||
|
||||
How did the CatchMe driver get there? Did you run ComboFix, and if so, did it complete and create a log you can post?
|
#5
|
|||
|
|||
Yep I tried to run combofix, what's suprising here is that, it did not run some updates as well, which combofix normally do once you ran it. Here is the log it created:
ComboFix 09-09-28.01 - Quincy 09/29/2009 22:01.7.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2936 [GMT -7:00] Running from: c:\documents and settings\Quincy\Desktop\123.exe . ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 ))))))))))))))))))))))))))))))) . 2009-09-29 14:42 . 2009-09-29 14:42 -------- d-----w- c:\documents and settings\Quincy\Local Settings\Application Data\CAPCOM 2009-09-29 13:34 . 2009-09-29 13:34 -------- d-----w- c:\program files\CAPCOM 2009-09-29 13:33 . 2009-03-09 22:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-09-29 13:33 . 2009-03-09 22:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-09-29 13:33 . 2009-03-16 21:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-09-29 13:33 . 2009-03-16 21:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-09-29 13:33 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-09-29 13:33 . 2009-03-16 21:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-09-29 13:33 . 2009-09-29 13:33 -------- d-----w- c:\program files\MSBuild 2009-09-29 13:33 . 2009-09-29 13:33 101408 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-09-29 13:31 . 2009-09-29 13:31 -------- d-----w- c:\windows\system32\XPSViewer 2009-09-29 13:31 . 2009-09-29 13:31 -------- d-----w- c:\program files\Reference Assemblies 2009-09-29 13:30 . 2006-06-29 20:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-09-29 13:28 . 2009-09-29 13:28 -------- d-----w- c:\windows\system32\xlive 2009-09-29 13:28 . 2009-09-29 13:29 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-09-21 02:14 . 2009-09-21 02:14 -------- d-----w- c:\documents and settings\Quincy\Local Settings\Application Data\PCHealth 2009-09-20 18:16 . 2009-09-20 18:16 -------- d-----w- c:\windows\ServicePackFiles 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdpash.dll 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdnepr.dll 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdiultn.dll 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdbhc.dll 2009-09-17 17:46 . 2009-09-30 05:00 -------- d-----w- c:\program files\LimeWire 2009-09-17 16:22 . 2009-09-30 04:58 -------- d-----w- C:\ComboFix 2009-09-14 05:25 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-09-14 05:25 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-09-14 05:25 . 2004-08-04 05:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-09-14 05:25 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-09-13 20:42 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-13 20:42 . 2009-09-22 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-13 20:42 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-13 16:36 . 2009-09-13 16:36 -------- d-----w- c:\documents and settings\Quincy\Application Data\NCH Swift Sound 2009-09-13 16:36 . 2009-09-13 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software 2009-09-13 16:35 . 2009-09-13 20:27 -------- d-----w- c:\program files\NCH Software 2009-09-12 22:17 . 2009-09-21 00:38 -------- d-----w- c:\program files\Paint.NET 2009-09-12 22:17 . 2009-09-26 21:03 -------- d-----w- c:\documents and settings\Quincy\Local Settings\Application Data\Paint.NET 2009-09-10 22:52 . 2009-09-27 14:46 -------- d-----w- C:\aw 2009-09-10 19:28 . 2002-07-17 16:20 45056 ----a-w- c:\windows\system32\Wnaspi32.dll 2009-09-10 19:28 . 2002-07-17 15:53 16877 ----a-w- c:\windows\system32\drivers\Aspi32.sys 2009-09-10 04:39 . 2009-09-10 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-09-10 04:39 . 2009-09-10 04:39 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-10 04:39 . 2009-09-10 04:39 -------- d-----w- c:\documents and settings\Quincy\Application Data\SUPERAntiSpyware.com 2009-09-07 05:18 . 2009-09-07 05:18 -------- d-----w- C:\logs 2009-09-07 05:18 . 2009-09-07 05:18 -------- d-----w- c:\documents and settings\Quincy\ChikkaDefault 2009-09-07 05:18 . 2009-09-07 05:18 -------- d-----w- c:\program files\Chikka Messenger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-09-30 04:56 . 2009-02-14 06:29 -------- d-----w- c:\documents and settings\Quincy\Application Data\GetRight 2009-09-30 04:20 . 2009-01-28 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-30 04:18 . 2009-01-28 20:31 -------- d-----w- c:\documents and settings\Quincy\Application Data\AVGTOOLBAR 2009-09-28 21:30 . 2009-05-01 12:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-26 20:56 . 2009-07-09 17:56 -------- d-----w- c:\documents and settings\Quincy\Application Data\LimeWire 2009-09-25 08:01 . 2009-07-24 21:56 -------- d-----w- c:\documents and settings\Quincy\Application Data\.purple 2009-09-22 19:43 . 2009-06-20 00:21 -------- d-----w- c:\program files\CCleaner 2009-09-20 18:06 . 2009-08-22 16:50 -------- d-----w- c:\program files\Level Up Games 2009-09-12 21:23 . 2009-01-28 20:37 -------- d-----w- c:\program files\Garena 2009-09-12 21:23 . 2009-01-28 19:49 -------- d-----w- c:\program files\Warcraft III 2009-09-10 04:38 . 2009-01-27 00:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-03 03:08 . 2009-08-24 06:22 -------- d-----w- c:\program files\MYGAME 2009-08-26 13:24 . 2009-06-20 17:22 -------- d-----w- c:\program files\Java 2009-08-13 17:49 . 2009-02-03 23:49 -------- d-----w- c:\program files\OpenDNS Updater 2009-07-30 21:03 . 2009-07-30 21:03 44 ----a-w- c:\documents and settings\Quincy\Aenarion.bat 2009-07-30 21:02 . 2009-07-30 21:02 44 ----a-w- c:\documents and settings\Quincy\multiclient.bat 2009-07-25 12:23 . 2009-06-20 17:22 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-03 18:14 . 2009-01-27 00:40 16680 ----a-w- c:\documents and settings\Quincy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2006-05-12 04:03 . 2004-08-04 04:56 163025 --sha-r- c:\windows\system32\zlpxrs.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 16:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-12-03 2158592] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-29 4363504] "Google Update"="c:\documents and settings\Quincy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-11 133104] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-09-26 33517568] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13672448] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-12-03 86016] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592] "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-03 1630208] "WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960] c:\documents and settings\All Users\Start Menu\Programs\Startup\ GetRight.lnk - c:\program files\GetRight\GetRight.exe [2009-2-13 4628752] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\RohanOnline\\RohanOnline\\rohanclient.exe "= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Quincy\\My Documents\\RohanOnline\\rohanclient.exe"= "c:\\Program Files\\iAM Interactive\\Exteel\\system\\exteel.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Quincy\\Desktop\\2nd Client\\rohanclient.exe"= "c:\\Documents and Settings\\Quincy\\Desktop\\3rdClient\\rohanclient. exe"= "c:\\Documents and Settings\\Quincy\\Desktop\\RohanOnline\\RohanOnlin e\\rohanclient.exe"= "c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.ex e"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "8831:TCP"= 8831:TCP:gwveo "4100:UDP"= 4100:UDP:uPNP Router Control Port R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/26/2009 5:39 PM 874880] S2 ctqeaerx;Helper Update;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 9:56 PM 14336] S2 evnmrktr;System Manager;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 9:56 PM 14336] S2 ewvefk;Image Update;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 9:56 PM 14336] S2 nwnsc;Manager Center;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 9:56 PM 14336] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [1/27/2009 5:40 PM 17149] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Quincy\Desktop\Ordeal\NtProcDrv.sys --> c:\documents and settings\Quincy\Desktop\Ordeal\NtProcDrv.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs evnmrktr ewvefk nwnsc ctqeaerx . Contents of the 'Scheduled Tasks' folder 2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-725345543-1003Core.job - c:\documents and settings\Quincy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-11 21:05] 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-725345543-1003UA.job - c:\documents and settings\Quincy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-11 21:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.garena.com/portal/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm TCP: {1BEDFF49-2D25-4402-94D9-20EDD3F8C425} = 210.4.2.61 202.78.97.41 TCP: {402A7D4E-5B1B-4BE1-B14D-1B7FDE7472FB} = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\documents and settings\Quincy\Application Data\Mozilla\Firefox\Profiles\aegjb7q9.default\ FF - plugin: c:\documents and settings\Quincy\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll . - - - - ORPHANS REMOVED - - - - Notify-avgrsstarter - avgrsstx.dll ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-29 22:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c tqeaerx] "ServiceDll"="c:\windows\system32\zlpxrs.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e vnmrktr] "ServiceDll"="c:\windows\system32\zlpxrs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e wvefk] "ServiceDll"="c:\windows\system32\zlpxrs.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n wnsc] "ServiceDll"="c:\windows\system32\zlpxrs.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(720) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3496) c:\windows\system32\nview.dll . Completion time: 2009-09-30 22:05 ComboFix-quarantined-files.txt 2009-09-30 05:05 ComboFix2.txt 2009-09-13 15:55 Pre-Run: 162,886,668,288 bytes free Post-Run: 163,255,713,792 bytes free 198 --- E O F --- 2009-03-10 11:30 |
#6
|
||||
|
||||
Let's work from that for the moment. If you have problems with one step just move to the next, and let me know in your next reply.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Click here and download sUBs' SvcQuery.exe to your desktop, then click that file to open that tool. A window will open. When prompted to provide a service name, type in the following, then press Enter: evnmrktr Repeat that for these as well: ewvefk nwnsc ctqeaerx -------------- Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it: Code:
KillAll:: Driver:: evnmrktr ewvefk nwnsc ctqeaerx File:: c:\windows\system32\zlpxrs.dll You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan. ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. -------------- Open SuperAntiSpyware and if possible, update that. Then run a scan with it, being sure to have it remove all the items it locates. SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon). Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here. --------------- Then download Malwarebytes' Anti-Malware from Here or Here. Right click to download, select Save Target/File As, and rename that mbam-setup.exe to bami.com as you download and save it to your desktop (don't download and then rename it). Double Click bami.com to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. ------- Post the C:\ComboFix.txt log the SuperAntiSpyware log and the Malwarebytes log please. |
#7
|
|||
|
|||
ComboFix 09-09-29.01 - Quincy 09/30/2009 10:59.8.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2722 [GMT -7:00] Running from: c:\documents and settings\Quincy\Desktop\123.exe Command switches used :: c:\documents and settings\Quincy\Desktop\CFScript.txt FILE :: "c:\windows\system32\zlpxrs.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\zlpxrs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CTQEAERX -------\Legacy_EVNMRKTR -------\Legacy_EWVEFK -------\Legacy_NWNSC -------\Service_ctqeaerx -------\Service_evnmrktr -------\Service_ewvefk -------\Service_nwnsc ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 ))))))))))))))))))))))))))))))) . 2009-09-30 05:00 . 2009-09-30 05:05 -------- d-----w- C:\123 2009-09-29 14:42 . 2009-09-29 14:42 -------- d-----w- c:\documents and settings\Quincy\Local Settings\Application Data\CAPCOM 2009-09-29 13:34 . 2009-09-29 13:34 -------- d-----w- c:\program files\CAPCOM 2009-09-29 13:33 . 2009-03-09 22:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-09-29 13:33 . 2009-03-09 22:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-09-29 13:33 . 2009-03-16 21:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-09-29 13:33 . 2009-03-16 21:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-09-29 13:33 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-09-29 13:33 . 2009-03-16 21:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-09-29 13:33 . 2009-09-29 13:33 -------- d-----w- c:\program files\MSBuild 2009-09-29 13:33 . 2009-09-29 13:33 101408 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-09-29 13:31 . 2009-09-29 13:31 -------- d-----w- c:\windows\system32\XPSViewer 2009-09-29 13:31 . 2009-09-29 13:31 -------- d-----w- c:\program files\Reference Assemblies 2009-09-29 13:30 . 2006-06-29 20:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-09-29 13:28 . 2009-09-29 13:28 -------- d-----w- c:\windows\system32\xlive 2009-09-29 13:28 . 2009-09-29 13:29 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-09-21 02:14 . 2009-09-21 02:14 -------- d-----w- c:\documents and settings\Quincy\Local Settings\Application Data\PCHealth 2009-09-20 18:16 . 2009-09-20 18:16 -------- d-----w- c:\windows\ServicePackFiles 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdpash.dll 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdnepr.dll 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdiultn.dll 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdbhc.dll 2009-09-17 17:46 . 2009-09-30 05:00 -------- d-----w- c:\program files\LimeWire 2009-09-17 16:22 . 2009-09-30 04:58 -------- d-----w- C:\ComboFix 2009-09-14 05:25 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-09-14 05:25 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-09-14 05:25 . 2004-08-04 05:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-09-14 05:25 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-09-13 20:42 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-13 20:42 . 2009-09-22 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-13 20:42 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-13 16:36 . 2009-09-13 16:36 -------- d-----w- c:\documents and settings\Quincy\Application Data\NCH Swift Sound 2009-09-13 16:36 . 2009-09-13 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software 2009-09-13 16:35 . 2009-09-13 20:27 -------- d-----w- c:\program files\NCH Software 2009-09-12 22:17 . 2009-09-21 00:38 -------- d-----w- c:\program files\Paint.NET 2009-09-12 22:17 . 2009-09-26 21:03 -------- d-----w- c:\documents and settings\Quincy\Local Settings\Application Data\Paint.NET 2009-09-10 22:52 . 2009-09-27 14:46 -------- d-----w- C:\aw 2009-09-10 19:28 . 2002-07-17 16:20 45056 ----a-w- c:\windows\system32\Wnaspi32.dll 2009-09-10 19:28 . 2002-07-17 15:53 16877 ----a-w- c:\windows\system32\drivers\Aspi32.sys 2009-09-10 04:39 . 2009-09-10 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-09-10 04:39 . 2009-09-10 04:39 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-10 04:39 . 2009-09-10 04:39 -------- d-----w- c:\documents and settings\Quincy\Application Data\SUPERAntiSpyware.com 2009-09-07 05:18 . 2009-09-07 05:18 -------- d-----w- C:\logs 2009-09-07 05:18 . 2009-09-07 05:18 -------- d-----w- c:\documents and settings\Quincy\ChikkaDefault 2009-09-07 05:18 . 2009-09-07 05:18 -------- d-----w- c:\program files\Chikka Messenger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-09-30 06:10 . 2009-07-24 21:56 -------- d-----w- c:\documents and settings\Quincy\Application Data\.purple 2009-09-30 04:56 . 2009-02-14 06:29 -------- d-----w- c:\documents and settings\Quincy\Application Data\GetRight 2009-09-30 04:20 . 2009-01-28 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-30 04:18 . 2009-01-28 20:31 -------- d-----w- c:\documents and settings\Quincy\Application Data\AVGTOOLBAR 2009-09-28 21:30 . 2009-05-01 12:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-26 20:56 . 2009-07-09 17:56 -------- d-----w- c:\documents and settings\Quincy\Application Data\LimeWire 2009-09-22 19:43 . 2009-06-20 00:21 -------- d-----w- c:\program files\CCleaner 2009-09-20 18:06 . 2009-08-22 16:50 -------- d-----w- c:\program files\Level Up Games 2009-09-12 21:23 . 2009-01-28 20:37 -------- d-----w- c:\program files\Garena 2009-09-12 21:23 . 2009-01-28 19:49 -------- d-----w- c:\program files\Warcraft III 2009-09-10 04:38 . 2009-01-27 00:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-03 03:08 . 2009-08-24 06:22 -------- d-----w- c:\program files\MYGAME 2009-08-26 13:24 . 2009-06-20 17:22 -------- d-----w- c:\program files\Java 2009-08-13 17:49 . 2009-02-03 23:49 -------- d-----w- c:\program files\OpenDNS Updater 2009-07-30 21:03 . 2009-07-30 21:03 44 ----a-w- c:\documents and settings\Quincy\Aenarion.bat 2009-07-30 21:02 . 2009-07-30 21:02 44 ----a-w- c:\documents and settings\Quincy\multiclient.bat 2009-07-25 12:23 . 2009-06-20 17:22 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-03 18:14 . 2009-01-27 00:40 16680 ----a-w- c:\documents and settings\Quincy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 16:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-12-03 2158592] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-29 4363504] "Google Update"="c:\documents and settings\Quincy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-11 133104] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-09-26 33517568] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13672448] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-12-03 86016] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592] "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-03 1630208] "WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960] c:\documents and settings\All Users\Start Menu\Programs\Startup\ GetRight.lnk - c:\program files\GetRight\GetRight.exe [2009-2-13 4628752] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\RohanOnline\\RohanOnline\\rohanclient.exe "= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Quincy\\My Documents\\RohanOnline\\rohanclient.exe"= "c:\\Program Files\\iAM Interactive\\Exteel\\system\\exteel.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Quincy\\Desktop\\2nd Client\\rohanclient.exe"= "c:\\Documents and Settings\\Quincy\\Desktop\\3rdClient\\rohanclient. exe"= "c:\\Documents and Settings\\Quincy\\Desktop\\RohanOnline\\RohanOnlin e\\rohanclient.exe"= "c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.ex e"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "8831:TCP"= 8831:TCP:gwveo "4100:UDP"= 4100:UDP:uPNP Router Control Port R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/26/2009 5:39 PM 874880] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [1/27/2009 5:40 PM 17149] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Quincy\Desktop\Ordeal\NtProcDrv.sys --> c:\documents and settings\Quincy\Desktop\Ordeal\NtProcDrv.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-725345543-1003Core.job - c:\documents and settings\Quincy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-11 21:05] 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-725345543-1003UA.job - c:\documents and settings\Quincy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-11 21:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.garena.com/portal/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm TCP: {402A7D4E-5B1B-4BE1-B14D-1B7FDE7472FB} = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\documents and settings\Quincy\Application Data\Mozilla\Firefox\Profiles\aegjb7q9.default\ FF - plugin: c:\documents and settings\Quincy\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 11:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(2804) c:\windows\system32\nview.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Brother\ControlCenter3\BrccMCtl.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\drivers\WTSrv.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe . ************************************************** ************************ . Completion time: 2009-09-30 11:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-30 18:05 ComboFix2.txt 2009-09-30 05:05 ComboFix3.txt 2009-09-13 15:55 Pre-Run: 163,107,348,480 bytes free Post-Run: 163,018,973,184 bytes free 212 --- E O F --- 2009-03-10 11:30 |
#8
|
|||
|
|||
SUPERAntiSpyware Scan Log
http://www.superantispyware.com Generated 09/30/2009 at 11:25 AM Application Version : 4.28.1010 Core Rules Database Version : 4135 Trace Rules Database Version: 2068 Scan type : Complete Scan Total Scan Time : 00:13:11 Memory items scanned : 462 Memory threats detected : 0 Registry items scanned : 4854 Registry threats detected : 0 File items scanned : 14556 File threats detected : 7 Adware.Tracking Cookie C:\Documents and Settings\Quincy\Cookies\quincy@serving-sys[1].txt C:\Documents and Settings\Quincy\Cookies\quincy@bs.serving-sys[2].txt C:\Documents and Settings\Quincy\Cookies\quincy@adinterax[1].txt C:\Documents and Settings\Quincy\Cookies\quincy@ak[2].txt C:\Documents and Settings\Quincy\Cookies\quincy@atdmt[2].txt C:\Documents and Settings\Quincy\Cookies\quincy@ad.yieldmanager[2].txt Trojan.Agent/Gen C:\WINDOWS\SYSTEM32\ZLPXRS.DLL |
#9
|
|||
|
|||
Malwarebytes' Anti-Malware 1.41
Database version: 2874 Windows 5.1.2600 Service Pack 2 9/30/2009 11:44:31 AM mbam-log-2009-09-30 (11-44-31).txt Scan type: Quick Scan Objects scanned: 96169 Time elapsed: 2 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
#10
|
||||
|
||||
Improved, but very much wondering why SuperAntiSpyware picked up that file ComboFix should have removed. Reboot, and run a new ComboFix scan, and then a new SuperAntiSpyware scan, and post those logs please.
|
#11
|
|||
|
|||
Hi jintan, while you were out, I downloaded Avast on my computer, after it did some updates, it automatically did something upon startup just left it what its doing since I thought it is part of the update. Unfortunately, I have to go to work that time so I'm not sure what it did and once I get back home (today) I just noticed that it deleted some files (infected files) and after the computer rebooted. Some nasty error message shows up on my screen and it is giving me some message that it Unable to Locate Components. It is telling me that COMRes.dll was not found. I'm not sure what happened here.
I tried to run superantispyware but it never loaded, also combofix. I shouldn't have downloaded Avast if it will just ruin my system. Last edited by itotterz; October 1st, 2009 at 01:39 AM. |
#12
|
||||
|
||||
Yes, it truly is much better all around if you just stay the course with only what we do here for now.
Run new RSIT and Gmer scans and post those logs please. |
#13
|
|||
|
|||
Hello Jintan,
I was able to recover the missing dll file and was able to run ComboFix and SuperAntiSpyware. After that I ran a new RSIT GMER scans, here are the logs: |
#14
|
|||
|
|||
ComboFix 09-09-30.01 - Quincy 10/01/2009 9:09.9.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2821 [GMT -7:00] Running from: c:\documents and settings\Quincy\Desktop\123.exe AV: avast! antivirus 4.8.1356 [VPS 090930-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\ming9df16.ini c:\documents and settings\All Users\ming9df32.ini c:\windows\cc16.ini c:\windows\Downloaded Program Files\BcHCMJEEXFxaCm3q.Ttf c:\windows\Downloaded Program Files\DdrDVWV49HPgHP9kh.Ttf c:\windows\Downloaded Program Files\dGRbFvvXexA8MsPnW.Ttf c:\windows\Downloaded Program Files\eVaMpZ3AmmmbCPjX.Ttf c:\windows\Downloaded Program Files\fZKkTmDAwTdKqXn8.Ttf c:\windows\Downloaded Program Files\jEDR2jykhSujaMqF.Ttf c:\windows\Downloaded Program Files\NFesCyNNswv2Crfru.Ttf c:\windows\Downloaded Program Files\sFTeYEwVMFwRyW7hr.Ttf c:\windows\Downloaded Program Files\skF72DppdVCUzqhF.Ttf c:\windows\Downloaded Program Files\SvS2DJAqqTvtTYEU.Ttf c:\windows\Downloaded Program Files\u8w23uRSuevxt2VP.Ttf c:\windows\Downloaded Program Files\uMub3WCE6aZ3nFgrYRX.Ttf c:\windows\Downloaded Program Files\vyUD66dJ999myu4W.Ttf c:\windows\Downloaded Program Files\WD2B9pAnWGBjB2sz.Ttf c:\windows\Downloaded Program Files\WQKrDGnXQQb3Mgjk.Ttf c:\windows\Downloaded Program Files\XqCj7sp8EBTaYJBb.Ttf c:\windows\Fonts\cD9KArZZUHxCqnyM.Ttf c:\windows\Fonts\cFDPmh3MDPjcHMPd.Ttf c:\windows\Fonts\CRp3uYCmcxMp3qQn9.Ttf c:\windows\Fonts\eCgMhGRkPUcdutd0.Ttf c:\windows\Fonts\eSEWZRdrSK3NeEJVy4.Ttf c:\windows\Fonts\G8qZ5hBX7H.Ttf c:\windows\Fonts\HXxfduw9KeQTCeP6Z.Ttf c:\windows\Fonts\Qq3qg7RGSp9raxWW.Ttf c:\windows\Fonts\RCZbVbjCY6wYszD3.Ttf c:\windows\system32\dfc8ac3ed7da.dll c:\windows\system32\drivers\dcwjh.sys c:\windows\system32\homrunsrv.dll c:\windows\system32\YfXZ.dll c:\windows\Tasks\dcV3RyyQqPxNf2bd.ico c:\windows\Tasks\gBuDCU6XjBAEHzzrg.ico c:\windows\Tasks\kTS4JJGUYtVagxPs.ico c:\windows\Tasks\kZdWDEpQcNC2NwDe.ico c:\windows\Tasks\ThGkkhVnR6Dhf3eN.ico c:\windows\Tasks\vC6ykXbjUGCVeCJa.ico c:\windows\temp\14.exe Infected copy of c:\windows\system32\qmgr.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\qmgr.dll Infected copy of c:\windows\system32\xmlprov.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\xmlprov.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TXPLATFORM -------\Service_Txplatform -------\Legacy_HomeListen -------\Legacy_yrha -------\Service_HomeListen -------\Service_yrha ((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 ))))))))))))))))))))))))))))))) . 2009-10-01 16:08 . 2009-10-01 16:09 -------- d-----w- c:\windows\system32\2W59Z402GF 2009-10-01 16:07 . 2009-10-01 16:08 -------- d-----w- c:\windows\system32\1JM5DFP28Y 2009-10-01 16:06 . 2009-10-01 16:07 -------- d-----w- c:\windows\system32\18TZ5L1OP9 2009-10-01 16:06 . 2009-10-01 16:07 -------- d-----w- c:\windows\system32\1T7HDYKV02 2009-10-01 16:05 . 2009-10-01 16:06 -------- d-----w- c:\windows\system32\1EKYKB32CW 2009-10-01 16:04 . 2009-10-01 16:05 -------- d-----w- c:\windows\system32\1NEPGKJD5W 2009-10-01 16:03 . 2009-10-01 16:04 -------- d-----w- c:\windows\system32\171MKNN1HL 2009-10-01 16:03 . 2009-10-01 15:58 792064 -c--a-w- c:\windows\system32\dllcache\comres.dll 2009-10-01 16:03 . 2009-10-01 15:58 792064 ----a-w- c:\windows\system32\comres.dll 2009-10-01 15:59 . 2009-10-01 15:59 -------- d-----w- c:\windows\system32\0N74MXQFXT 2009-10-01 15:58 . 2009-10-01 15:59 -------- d-----w- c:\windows\system32\0K5C5FCJRG 2009-10-01 15:57 . 2009-10-01 15:58 -------- d-----w- c:\windows\system32\ZUCW3BI320 2009-10-01 15:57 . 2009-10-01 15:57 -------- d-----w- c:\windows\system32\Z2TUXX83DG 2009-10-01 15:56 . 2009-10-01 15:57 -------- d-----w- c:\windows\system32\ZZQ2GEV773 2009-10-01 15:55 . 2009-10-01 15:56 -------- d-----w- c:\windows\system32\ZTGIM17P3C 2009-10-01 15:54 . 2009-10-01 15:55 -------- d-----w- c:\windows\system32\Z8X82PSOSZ 2009-10-01 15:53 . 2009-10-01 15:54 -------- d-----w- c:\windows\system32\Y7BNTRAVKV 2009-10-01 15:50 . 2009-10-01 15:50 97 ----a-w- c:\windows\system32\dzvbbsk.bat 2009-10-01 15:50 . 2009-10-01 15:50 48 ----a-w- c:\windows\system32\cnqzdeua.bat 2009-10-01 15:50 . 2009-10-01 15:50 35747 ----a-w- c:\windows\system32\ipklwiv.exe 2009-10-01 15:49 . 2009-10-01 15:50 -------- d-----w- c:\windows\system32\Y23OOOT1O9 2009-10-01 15:49 . 2009-10-01 15:49 -------- d-----w- c:\windows\system32\XA7UGNTTI5 2009-10-01 15:48 . 2009-10-01 15:48 -------- d-----w- c:\windows\system32\XNUYXO2IHN 2009-10-01 15:48 . 2009-10-01 15:48 -------- d-----w- c:\windows\system32\XKR6G6PMBA 2009-10-01 15:47 . 2009-10-01 15:48 -------- d-----w- c:\windows\system32\XSVC84PD55 2009-10-01 15:46 . 2009-10-01 15:47 -------- d-----w- c:\windows\system32\XD9TGI8KGZ 2009-10-01 15:45 . 2009-10-01 15:46 -------- d-----w- c:\windows\system32\XLCZ8H9BAU 2009-10-01 15:45 . 2009-10-01 15:45 -------- d-----w- c:\windows\system32\XV6Q4PPM4V 2009-10-01 15:44 . 2009-10-01 15:45 -------- d-----w- c:\windows\system32\WT7CT4HJE6 2009-10-01 15:43 . 2009-10-01 15:44 -------- d-----w- c:\windows\system32\WXE45ZR5BK 2009-10-01 15:42 . 2009-10-01 15:43 -------- d-----w- c:\windows\system32\WMB6QTB72B 2009-10-01 15:41 . 2009-10-01 15:42 -------- d-----w- c:\windows\system32\WKCSF834CM 2009-10-01 15:41 . 2009-10-01 15:41 -------- d-----w- c:\windows\system32\W2IHARBPQ2 2009-10-01 15:40 . 2009-10-01 15:41 -------- d-----w- c:\windows\system32\WQQYSBF9HP 2009-10-01 15:39 . 2009-10-01 15:40 -------- d-----w- c:\windows\system32\VP3DIDXF9L 2009-10-01 15:39 . 2009-10-01 15:39 -------- d-----w- c:\windows\system32\VRKKQXSI8U 2009-10-01 15:38 . 2009-10-01 15:39 -------- d-----w- c:\windows\system32\V4YW0O8OGS 2009-10-01 15:37 . 2009-10-01 15:38 -------- d-----w- c:\windows\system32\VS5DI8C77F 2009-10-01 15:36 . 2009-10-01 15:36 -------- d-----w- c:\windows\system32\V88O7UG046 2009-10-01 15:35 . 2009-10-01 15:36 -------- d-----w- c:\windows\system32\V9296GS9VB 2009-10-01 15:34 . 2009-10-01 15:35 -------- d-----w- c:\windows\system32\UPXSOQ3H1I 2009-10-01 15:33 . 2009-10-01 15:34 -------- d-----w- c:\windows\system32\UD495B71T5 2009-10-01 15:32 . 2009-10-01 15:32 -------- d-----w- c:\windows\system32\UB4VUQZX3G 2009-10-01 15:31 . 2009-10-01 15:32 -------- d-----w- c:\windows\system32\UAIALSH4VC 2009-10-01 15:30 . 2009-10-01 15:31 -------- d-----w- c:\windows\system32\T9WOCTZBN8 2009-10-01 15:30 . 2009-10-01 15:30 -------- d-----w- c:\windows\system32\TBZ2IQ433W 2009-10-01 15:29 . 2009-10-01 15:30 -------- d-----w- c:\windows\system32\TMW7KXP7DL 2009-10-01 15:27 . 2009-10-01 15:29 -------- d-----w- c:\windows\system32\T005YXKWLO 2009-10-01 15:27 . 2009-10-01 15:27 -------- d-----w- c:\windows\system32\TIKNV3JRGO 2009-10-01 15:26 . 2009-10-01 15:27 -------- d-----w- c:\windows\system32\TTISX94UQD 2009-10-01 15:25 . 2009-10-01 15:26 -------- d-----w- c:\windows\system32\SI21HHYNZK 2009-10-01 15:24 . 2009-10-01 15:25 -------- d-----w- c:\windows\system32\STZ6JNJR99 2009-10-01 15:23 . 2009-10-01 15:24 -------- d-----w- c:\windows\system32\SGTVYKX0JC 2009-10-01 15:22 . 2009-10-01 15:23 -------- d-----w- c:\windows\system32\S3NJEIBATE 2009-10-01 15:21 . 2009-10-01 15:22 -------- d-----w- c:\windows\system32\SRI7TFQK2H 2009-10-01 15:20 . 2009-10-01 15:21 -------- d-----w- c:\windows\system32\RYVRH4BSX8 2009-10-01 15:19 . 2009-10-01 15:20 -------- d-----w- c:\windows\system32\RKCNVEZSPQ 2009-10-01 15:19 . 2009-10-01 15:19 -------- d-----w- c:\windows\system32\R7TJ8POSI8 2009-10-01 15:18 . 2009-10-01 15:18 -------- d-----w- c:\windows\system32\REJVY0Y9UK 2009-10-01 15:17 . 2009-10-01 15:18 -------- d-----w- c:\windows\system32\RPH107JD49 2009-10-01 15:16 . 2009-10-01 15:17 -------- d-----w- c:\windows\system32\QCYWEH8DWR 2009-10-01 15:16 . 2009-10-01 15:16 -------- d-----w- c:\windows\system32\Q4LYE7F2CB 2009-10-01 15:15 . 2009-10-01 15:16 -------- d-----w- c:\windows\system32\Q5FJDTSB2G 2009-10-01 15:14 . 2009-10-01 15:15 -------- d-----w- c:\windows\system32\Q4TY4V9HUC 2009-10-01 15:13 . 2009-10-01 15:13 -------- d-----w- c:\windows\system32\QYJEAILZQL 2009-10-01 15:12 . 2009-10-01 15:13 -------- d-----w- c:\windows\system32\QK09OSAZI3 2009-10-01 15:11 . 2009-10-01 15:12 -------- d-----w- c:\windows\system32\P7H513Z0AM 2009-10-01 15:10 . 2009-10-01 15:11 -------- d-----w- c:\windows\system32\P6IRQIQWKX 2009-10-01 15:09 . 2009-10-01 15:10 -------- d-----w- c:\windows\system32\P5V5HJ83CT 2009-10-01 15:08 . 2009-10-01 15:09 -------- d-----w- c:\windows\system32\PHWPPNYZ37 2009-10-01 15:02 . 2009-10-01 15:03 -------- d-----w- c:\windows\system32\N3GE40EIOH 2009-10-01 15:01 . 2009-10-01 15:02 -------- d-----w- c:\windows\system32\NR0NN87BXO 2009-10-01 14:16 . 2009-10-01 14:18 -------- d-----w- c:\windows\system32\EN8ZYS87IE 2009-10-01 14:11 . 2009-10-01 14:13 -------- d-----w- c:\windows\system32\DAR2ORVSTD 2009-10-01 14:11 . 2009-10-01 14:11 17920 ----a-w- c:\windows\system32\Txplatform.dll 2009-10-01 14:07 . 2009-10-01 14:07 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\Yahoo! 2009-10-01 14:07 . 2009-10-01 14:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo! 2009-10-01 14:07 . 2009-10-01 14:07 25600 -c--a-w- c:\windows\system32\dllcache\lsasvc.dll 2009-10-01 14:06 . 2009-10-01 14:54 -------- d-----w- c:\windows\system32\BQB0H3FD0H 2009-10-01 01:04 . 2009-10-01 01:04 -------- d-----w- c:\windows\system32\NXP6YZE8BJ 2009-10-01 01:00 . 2009-10-01 01:00 -------- d-----w- c:\windows\system32\MLVUYXJOUN 2009-10-01 00:59 . 2009-10-01 00:59 -------- d-----w- c:\windows\system32\M7M57XS4N0 2009-10-01 00:49 . 2009-10-01 00:49 -------- d-----w- c:\windows\system32\KTV8XCHZ98 2009-10-01 00:48 . 2009-10-01 00:48 -------- d-----w- c:\windows\system32\KRWUMR9WJJ 2009-10-01 00:47 . 2009-10-01 00:47 -------- d-----w- c:\windows\system32\J2TZOXUZT8 2009-09-30 23:38 . 2009-09-30 23:38 -------- d-----w- c:\windows\system32\436KKGB36K 2009-09-30 23:37 . 2009-09-30 23:37 -------- d-----w- c:\windows\system32\4Q08ZDPDGM 2009-09-30 23:36 . 2009-09-30 23:36 -------- d-----w- c:\windows\system32\4LG9ABHEB0 2009-09-30 23:36 . 2009-09-30 23:36 -------- d-----w- c:\windows\system32\4FXBL89F6E 2009-09-30 23:35 . 2009-09-30 23:35 -------- d-----w- c:\windows\system32\4P4UJ4E0HY 2009-09-30 23:35 . 2009-09-30 23:35 12136 ----a-w- c:\windows\system32\drivers\tcpz-x86d.sys 2009-09-30 23:35 . 2009-10-01 14:06 430080 --sh--r- c:\windows\system32\BtSrv.exe 2009-09-30 23:34 . 2009-09-30 23:35 -------- d-----w- c:\windows\system32\i 2009-09-30 19:38 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-30 19:38 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-30 19:38 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-30 19:38 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-30 19:38 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-30 19:38 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-30 19:38 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-30 19:38 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-30 19:38 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-30 19:38 . 2009-09-30 19:38 -------- d-----w- c:\program files\Alwil Software 2009-09-30 17:58 . 2009-09-30 18:05 -------- d-----w- C:\12325291 2009-09-30 05:00 . 2009-09-30 05:05 -------- d-----w- C:\123 2009-09-29 14:42 . 2009-09-29 14:42 -------- d-----w- c:\documents and settings\Quincy\Local Settings\Application Data\CAPCOM 2009-09-29 13:34 . 2009-09-29 13:34 -------- d-----w- c:\program files\CAPCOM 2009-09-29 13:33 . 2009-03-09 22:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-09-29 13:33 . 2009-03-09 22:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-09-29 13:33 . 2009-03-16 21:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-09-29 13:33 . 2009-03-16 21:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-09-29 13:33 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-09-29 13:33 . 2009-03-16 21:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-09-29 13:33 . 2009-09-29 13:33 -------- d-----w- c:\program files\MSBuild 2009-09-29 13:33 . 2009-09-29 13:33 101408 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-09-29 13:31 . 2009-09-29 13:31 -------- d-----w- c:\windows\system32\XPSViewer 2009-09-29 13:31 . 2009-09-29 13:31 -------- d-----w- c:\program files\Reference Assemblies 2009-09-29 13:30 . 2006-06-29 20:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-09-29 13:28 . 2009-09-29 13:28 -------- d-----w- c:\windows\system32\xlive 2009-09-29 13:28 . 2009-10-01 15:08 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-09-21 02:14 . 2009-09-21 02:14 -------- d-----w- c:\documents and settings\Quincy\Local Settings\Application Data\PCHealth 2009-09-20 18:16 . 2009-09-20 18:16 -------- d-----w- c:\windows\ServicePackFiles 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdpash.dll 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdnepr.dll 2009-09-20 18:16 . 2006-05-12 04:03 6144 ------w- c:\windows\system32\kbdiultn.dll |
#15
|
|||
|
|||
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
. 2009-10-01 16:02 . 2009-02-14 06:29 -------- d-----w- c:\documents and settings\Quincy\Application Data\GetRight 2009-10-01 15:36 . 2009-01-27 00:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-01 00:46 . 2009-01-27 00:40 16680 ----a-w- c:\documents and settings\Quincy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-30 06:10 . 2009-07-24 21:56 -------- d-----w- c:\documents and settings\Quincy\Application Data\.purple 2009-09-30 04:20 . 2009-01-28 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-30 04:18 . 2009-01-28 20:31 -------- d-----w- c:\documents and settings\Quincy\Application Data\AVGTOOLBAR 2009-09-28 21:30 . 2009-05-01 12:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-26 20:56 . 2009-07-09 17:56 -------- d-----w- c:\documents and settings\Quincy\Application Data\LimeWire 2009-09-22 19:43 . 2009-06-20 00:21 -------- d-----w- c:\program files\CCleaner 2009-09-20 18:06 . 2009-08-22 16:50 -------- d-----w- c:\program files\Level Up Games 2009-09-12 21:23 . 2009-01-28 20:37 -------- d-----w- c:\program files\Garena 2009-09-12 21:23 . 2009-01-28 19:49 -------- d-----w- c:\program files\Warcraft III 2009-09-03 03:08 . 2009-08-24 06:22 -------- d-----w- c:\program files\MYGAME 2009-08-26 13:24 . 2009-06-20 17:22 -------- d-----w- c:\program files\Java 2009-08-13 17:49 . 2009-02-03 23:49 -------- d-----w- c:\program files\OpenDNS Updater 2009-07-30 21:03 . 2009-07-30 21:03 44 ----a-w- c:\documents and settings\Quincy\Aenarion.bat 2009-07-30 21:02 . 2009-07-30 21:02 44 ----a-w- c:\documents and settings\Quincy\multiclient.bat 2009-07-25 12:23 . 2009-06-20 17:22 411368 ----a-w- c:\windows\system32\deploytk.dll . ------- Sigcheck ------- [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a 78495f397efb821e37bf356\appmgmts.dll [7] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\appmgmts.dll [-] 2004-08-04 04:56 . 3FB13DFEC78EF8A22C64980A6CF1AF50 . 17408 . . [------] . . c:\windows\system32\appmgmts.dll [7] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll [7] 2004-08-11 09:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\ERDNT\cache\MsPMSNSv.dll [7] 2004-08-11 09:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-11 09:45 . CAAC5C1A725D6FCD90D86612582133EB . 42496 . . [------] . . c:\windows\system32\MsPMSNSv.dll [7] 2004-08-11 09:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll [7] 2004-08-04 04:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a 78495f397efb821e37bf356\ntmssvc.dll [7] 2004-08-04 04:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\ERDNT\cache\ntmssvc.dll [-] 2004-08-04 04:56 . 3FB13DFEC78EF8A22C64980A6CF1AF50 . 17408 . . [------] . . c:\windows\system32\ntmssvc.dll [7] 2004-08-04 04:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Cannot visit certain sites after ip adress conflict. | 00smita | Networking | 1 | October 8th, 2010 11:12 PM |
any videos or links on the sites i visit have X's | esturner420 | Internet / Browsers | 0 | February 4th, 2008 06:50 PM |
can't visit web sites or up date | radioman | Windows XP | 4 | May 2nd, 2007 02:29 AM |
Connected to net, can't visit sites | COMPZACK | Internet / Browsers | 0 | September 21st, 2006 01:45 AM |
when i visit some sites i get an error.... | anti-flag | Windows 98 | 1 | July 19th, 2004 05:18 PM |
All times are GMT +1. The time now is 07:52 PM.