Jump to content

Hi-Tech1

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral

About Hi-Tech1

  • Birthday 08/28/1993

Profile Information

  • Location
    UK
  1. I just scan using Combofix. This is the Log hope this is useful. ComboFix 09-09-24.01 - Christopher 25/09/2009 20:22.1.1 - NTFSx86 Running from: c:\users\Christopher\Documents\Downloads\Programs\ComboFix.exe AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66} SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-713748134-4097783401-793962716-1001 c:\$recycle.bin\S-1-5-21-713748134-4097783401-793962716-1002 c:\$recycle.bin\S-1-5-21-713748134-4097783401-793962716-1005 c:\$recycle.bin\S-1-5-21-713748134-4097783401-793962716-500 c:\users\Christopher\AppData\Roaming\.# c:\windows\Installer\20a624.msi c:\windows\Installer\9a1ec9.msi c:\windows\Installer\b0757.msp c:\windows\Installer\cd91c.msp c:\windows\system32\aliases.ini c:\windows\system32\conn.dll c:\windows\system32\download c:\windows\system32\drivers\nProtect.sys c:\windows\system32\logs c:\windows\system32\mirc.ini c:\windows\system32\remote.ini c:\windows\system32\server.dll c:\windows\system32\servers.ini c:\windows\system32\sounds c:\windows\system32\tray.exe c:\windows\system32\windows.txt c:\windows\system32\XPerWin.dll c:\windows\system32\xsystem.dll Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} -------\Legacy_IoHardware -------\Service_IoHardware ((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 ))))))))))))))))))))))))))))))) . 2009-09-25 19:30 . 2009-09-25 19:35 -------- d-----w- c:\users\Christopher\AppData\Local\temp 2009-09-25 19:30 . 2009-09-25 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-21 19:09 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-21 19:09 . 2009-09-21 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 19:09 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-20 19:06 . 2009-09-20 19:06 -------- d-----w- C:\!KillBox 2009-09-19 20:40 . 2009-09-25 17:03 0 ----a-r- c:\windows\win32k.sys 2009-09-09 19:26 . 2009-09-09 19:26 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-09-09 17:55 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-09-09 17:55 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-09-09 17:55 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-09-09 17:55 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2009-09-09 17:55 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-09-09 17:55 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-09-09 17:55 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-09-09 17:55 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-09-09 17:55 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-09-09 17:55 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2009-09-09 17:54 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2009-09-09 17:54 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-09-09 17:54 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-09-09 17:54 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-09-09 17:54 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll 2009-09-08 20:08 . 2009-09-08 20:08 -------- d-----w- c:\users\Christopher\AppData\Roaming\Sortasoft 2009-09-08 20:08 . 2009-09-08 20:08 -------- d-----w- c:\programdata\Sortasoft 2009-09-04 19:07 . 2009-09-04 19:07 -------- d-----w- c:\windows\Lhsp 2009-09-02 21:47 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-09-02 21:47 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-09-01 19:10 . 2009-09-01 19:17 -------- d-----w- c:\users\Christopher\AppData\Roaming\MagicEffect Photo 2009-09-01 17:51 . 2009-09-01 17:51 -------- d-----w- c:\users\Christopher\AppData\Roaming\Morpheus Software 2009-08-30 15:58 . 2009-08-31 22:04 -------- d-----w- C:\output 2009-08-30 13:39 . 2009-09-24 06:39 -------- d-----w- c:\users\Christopher\AppData\Roaming\IDM 2009-08-30 13:19 . 2009-09-04 16:22 -------- d-----w- c:\program files\PhotoScape 2009-08-30 00:24 . 2009-09-19 21:04 -------- d-----w- c:\program files\Yahoo! . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-25 19:32 . 2009-01-03 16:19 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-25 19:15 . 2008-11-14 18:22 -------- d-----w- c:\users\Christopher\AppData\Roaming\DMCache 2009-09-20 11:09 . 2008-09-11 18:31 -------- d-----w- c:\program files\Google 2009-09-09 19:22 . 2008-12-30 13:53 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-09 19:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-09 19:14 . 2008-02-26 03:14 -------- d-----w- c:\programdata\Microsoft Help 2009-09-04 19:13 . 2008-07-31 15:06 175592 ----a-w- c:\users\Christopher\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-02 18:32 . 2009-06-22 18:41 -------- d-----w- c:\program files\Windows Live Safety Center 2009-08-28 22:39 . 2008-10-14 20:56 -------- d-----w- c:\program files\Java 2009-08-23 12:41 . 2009-08-23 12:26 -------- d-----w- c:\programdata\FarmFrenzy3 2009-08-13 16:29 . 2009-08-13 16:29 -------- d-----w- c:\programdata\iWin Games 2009-08-13 16:29 . 2009-08-13 16:29 -------- d-----w- c:\programdata\iWin 2009-08-13 16:29 . 2008-08-12 14:26 -------- d-----w- c:\users\Christopher\AppData\Roaming\iWin 2009-08-12 19:45 . 2009-08-12 19:45 -------- d-----w- c:\users\Christopher\AppData\Roaming\GraveyardShift 2009-08-12 19:14 . 2009-08-12 19:14 -------- d-----w- c:\program files\ReflexiveArcade 2009-08-05 15:02 . 2008-02-26 03:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-31 10:39 . 2009-01-18 13:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-31 10:39 . 2009-01-18 13:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-31 10:39 . 2009-01-18 13:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-27 17:11 . 2008-08-31 00:30 1356 ----a-w- c:\users\Christopher\AppData\Local\d3d9caps.dat 2009-07-27 10:02 . 2009-07-27 09:31 53 ----a-w- c:\windows\hartlell.bat 2009-07-25 04:23 . 2009-01-19 20:44 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-21 21:52 . 2009-07-29 20:47 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 20:47 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 20:47 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 20:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 14:35 . 2009-08-13 11:52 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-14 13:00 . 2009-08-13 11:51 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-14 12:59 . 2009-08-13 11:51 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-14 12:58 . 2009-08-13 11:51 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-14 10:59 . 2009-08-13 11:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2008-12-02 00:00 . 2008-12-01 16:16 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat 2008-12-02 00:00 . 2008-12-01 16:16 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat 2009-01-07 20:06 . 2009-01-07 19:53 0 --sha-w- c:\windows\System32\sys_drv.dat . ------- Sigcheck ------- [7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll [-] 2008-01-27 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll [7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-02 12:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-17 2022680] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk] [HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^system.lnk] backup=c:\windows\pss\system.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{13ADE3BD-099C-44B2-A160-5484D6802808}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema "{B6B81CF0-2AE4-455F-98A8-CA8E19F5FCDD}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program "{20859917-0498-405B-A496-2F5D40E2B014}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{0123652C-844A-43DE-831A-EA7BA4B67C78}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{AB2CA533-4D4A-4EAB-98B3-BACD35DA0665}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia "{CEEC57DF-B2EB-44FE-BF07-1CDF24DED781}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8C6FA747-12FD-4896-876D-B91E52AAD223}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D57E0144-5344-49B9-8695-7B8D5113B133}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{16D7C7D3-B171-459A-9D71-E979815C04CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1BB80880-D289-48D0-B7D4-120920453688}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F30EDD27-3F10-4261-ACB4-D5D30B3E426F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{03821814-4B99-4C3D-8F77-01E55708890C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{7D36F7F4-BC3A-4104-8DFA-EF64375B680C}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "UDP Query User{BA97FC0D-C70A-4F7E-86C8-1BD7EE7F9297}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "{F445F05F-5A3A-4E29-B980-422991B03E94}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe "{D2D6945C-C9A0-466B-AFE6-2594B9C8A28C}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{793BF06D-39AF-4D80-AA55-7C67E6A2ED2F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{31C09C84-4235-4F4D-96D9-765943F04C17}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet.exe "{CEFC0204-FBD7-4AC3-B49C-A3A99587EF7B}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet.exe "{58C05FE5-3712-4499-AED6-F8C78EB7C23A}"= UDP:11732:BitComet 11732 TCP "{0C18720A-6186-4F2F-BD33-DD497E8E80DF}"= TCP:11732:BitComet 11732 UDP "{66B2ECAE-C8FA-47BF-8F8F-EE8E995F55AE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{54877E2A-A700-4996-B527-6A818AC18788}"= UDP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe "{36630E65-5AEA-4DA9-81CA-398DC20E7EB0}"= TCP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DoNotAllowExceptions"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [18/01/2009 14:16 12552] R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [18/01/2009 14:13 23832] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [18/01/2009 14:15 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [18/01/2009 14:15 108552] R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [25/02/2008 20:04 51200] R2 ampro;ampro;d:\artmoney\artmoney.sys [14/05/2009 19:24 7168] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [19/01/2009 21:29 297752] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/06/2009 15:58 1370488] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26/02/2008 02:41 180736] S2 PremierOpinion;PremierOpinion;c:\program files\PremierOpinion\pmservice.exe /service --> c:\program files\PremierOpinion\pmservice.exe [?] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31/05/2009 20:58 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-25 c:\windows\Tasks\User_Feed_Synchronization-{E09DCF49-D0DA-4A9C-9722-6C25155029C0}.job - c:\windows\system32\msfeedssync.exe [2009-07-29 20:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: Download all links with IDM - d:\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - d:\internet download manager\IEGetVL.htm IE: Download with IDM - d:\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll . . ------- File Associations ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . - - - - ORPHANS REMOVED - - - - WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) MSConfigStartUp-DLD - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-25 20:35 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-713748134-4097783401-793962716-1000_Classes\CLSID\{78b86ad1-e074-4067-a584-ddc430f5b285}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000014e "Therad"=dword:0000001d "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,a1,a0,db,dc,a3,f5,f1,19,bf,4e,ee,3a,81,bc,\ [HKEY_USERS\S-1-5-21-713748134-4097783401-793962716-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):96,90,ba,6c,34,a0,d9,07,d9,1c,7c,09,31,4d,29,88,22,62,e2,e6,88, 42,1c,65,f7,f9,df,a0,2b,b9,07,fb,5a,8e,02,77,14,62,10,b0,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(6088) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\audiodg.exe c:\windows\System32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\progra~1\AVG\AVG8\avgam.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Launch Manager\LManager.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\windows\System32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Apoint2K\ApntEx.exe c:\windows\System32\igfxext.exe . ************************************************************************** . Completion time: 2009-09-25 20:41 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-25 19:41 Pre-Run: 4,947,460,096 bytes free Post-Run: 4,551,602,176 bytes free 353 --- E O F --- 2009-09-25 17:12
  2. I agree! I got all my virus from all those ways. Virus, Malware, Spyware, Trojan and the other harmful things. They destroyed and killed my laptop.
  3. Hello, Firstly I have to tell you that I am not very good at English. This is my first time so if I posted this in the wrong place then I am really sorry. So, I have go to one video website that you can see some videos and stuffs. Unfortunately, It told me that I have the old version of Flash player and it asked me to install it. Then I installed it. (Flash Player got from the video website) It deleted something from my computer and told me that I am ready to install new flash player. After I installed it, everything gone wrong. My msn, sercurlity software, applications and etc. went wrong. WLM keeps saying, "Windows Lice Communications Platform has stopped working." and "A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." and it log me off. Malwarebytes' AntiMalware. I tried to scan it and after two seconds it just disappeared and if i tried to run it again this message will come up. "Windows cannot access the specified device path or file. You may not have the appropriate permissions to access the item." And if i right click and choose "Run as administator" The program will come up and if i try to run it, it will go the same again which is disappeared. Hijackthis. It does the same thing as Malwarebytes' AntiMalware which is if I ask Hijackthis to scan it just disappear. RootRepeal. After I ask it to scan files in the drive then it says, "Unrecognised partition type 6 (0x6)" [MBAM won't install or will not run this topics that I've been followed the instruction.] I am not really sure if those caused of Malware or not but they won't work as they used to work before. I have tried some of the other links from the other topics and it all doesn't work. And also IE won't let me download anything. If I download something, before the download finish it disappear and gone. I will not get any files that I have download. Can anyone please help. I have tried lots but they don't seem like to work. ): Thank you, Chris. PS. Cannot remember which website it was. PS2. I use IE8 as my web browser. PS3. I use Windows Vista.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.