Jump to content

babyblueboi

Honorary Members
 View Profile  See their activity

  • Posts

    25

  • Joined

  • Last visited

 Content Type 

Everything posted by babyblueboi

  1. babyblueboi
    I have a folder called helpassistant.computername. Ive never seen this folder before my computer got infected. Is this safe?
  2. babyblueboi
    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again. how do i do this?
  3. babyblueboi
    Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4084 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09/05/2010 2:34:11 PM mbam-log-2010-05-09 (14-34-11).txt Scan type: Quick scan Objects scanned: 159835 Time elapsed: 8 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 4 Files Infected: 27 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\apmanager.exe (Rogue.APManager) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Owner\Application Data\ARManager (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages (Rogue.ARManager) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Owner\Local Settings\Temp\stp23ce5.exe (Trojan.FraudTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\settings.ini (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\uninstall.exe (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\Czech.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\Danish.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\Dutch.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\English.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\French.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\German.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\Italian.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\Portuguese.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\Slovak.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\Spanish.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\ARManager\languages\template.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\settings.ini (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\uninstall.exe (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Czech.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Danish.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Dutch.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\English.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\French.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\German.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Italian.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Portuguese.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Slovak.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Spanish.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\template.lng (Rogue.ARManager) -> Quarantined and deleted successfully. My internet works now. I went to internet options and reset the internet settings and its all good now.
  4. babyblueboi
    everything seems to be the same. i have internet connection on msn but internet explorer is still broken. where should i keep that file or can i delete it?
  5. babyblueboi
    nope
  6. babyblueboi
    what do you mean? a program called remove desktop? no
  7. babyblueboi
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=1bf5ec836396f742b67ff105102ddc42 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-09 01:09:36 # local_time=2010-05-08 06:09:36 (-0800, Pacific Daylight Time) # country="Canada" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 1038973 1038973 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=97352 # found=3 # cleaned=3 # scan_time=9661 C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Desktop\Age of Empires II\mythxpak.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Incomplete\Preview-T-5545150-gamma ray burst downlink.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Local Settings\Temp\jar_cache3120911810968013864.tmp multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
  8. babyblueboi
    how do i fix my internet? and is my system clear?
  9. babyblueboi
    i can go on like warcraft and msn but the internet explorer is still broken =(
  10. babyblueboi
    sorry for the multiple posts my laptop is being retarded.. =(
  11. babyblueboi
    ComboFix 10-05-05.04 - Administrator 05/05/2010 20:03:58.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.832 [GMT -7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1563521973-1625754414-1025055092-1003 c:\recycler\S-1-5-21-1897486801-1195557411-254619659-1003 c:\recycler\S-1-5-21-2202223250-1270081108-2901510911-1003 c:\recycler\S-1-5-21-4280248076-1143208040-3784694839-1003 c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\SHELLLNK.TLB c:\windows\system32\winsusrm.dll c:\windows\system32\wpcap.dll . original MBR restored successfully ! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 ))))))))))))))))))))))))))))))) . 2010-05-04 06:20 . 2010-05-06 00:54 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Tracing 2010-05-04 06:20 . 2010-05-04 06:20 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\WINDOWS 2010-05-04 06:19 . 2010-05-04 06:20 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Shared 2010-05-04 06:19 . 2010-05-04 06:19 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Saved Games 2010-05-04 06:19 . 2010-05-04 21:07 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\PrivacIE 2010-05-04 06:19 . 2010-05-04 06:19 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\New Folder (6) 2010-05-04 06:16 . 2010-05-04 06:16 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\LocalLow 2010-05-04 06:03 . 2010-05-05 19:42 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Incomplete 2010-05-04 06:03 . 2010-05-04 06:03 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\IETldCache 2010-05-04 06:03 . 2010-05-04 06:03 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\IECompatCache 2010-05-04 05:59 . 2010-05-04 06:00 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Contacts 2010-05-04 05:59 . 2010-05-04 05:59 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\config 2010-05-04 05:48 . 2010-05-04 05:49 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\.limewire 2010-05-04 05:46 . 2010-05-06 02:58 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME 2010-05-01 08:50 . 2010-05-01 08:50 84992 --sha-r- c:\windows\system32\urlmon5.dll 2010-04-26 21:11 . 2010-04-26 21:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-04-16 05:52 . 2010-04-16 05:52 -------- d-----w- c:\program files\AVG 2010-04-16 05:52 . 2010-05-06 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-16 04:43 . 2010-04-16 04:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-04-16 04:40 . 2010-04-16 04:40 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-04-16 04:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-16 04:28 . 2010-05-05 23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-16 04:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-16 04:28 . 2010-04-16 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-06 02:46 . 2005-12-26 03:48 -------- d-----w- c:\program files\Steam 2010-05-06 02:46 . 2004-09-12 18:35 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2010-05-05 23:16 . 2010-05-05 23:16 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-05-05 07:16 . 2007-04-05 00:39 -------- d-----w- c:\program files\Warcraft III 2010-04-29 01:58 . 2010-02-25 04:19 -------- d-----w- c:\program files\Garena 2010-04-17 06:28 . 2005-03-20 05:34 -------- d-----w- c:\program files\Google 2010-04-16 20:24 . 2004-09-12 19:58 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-16 05:45 . 2004-09-12 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-04-16 05:30 . 2009-07-21 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-04-04 07:32 . 2006-11-23 07:08 14 -c--a-w- c:\windows\popcinfo.dat 2010-03-16 19:05 . 2008-09-08 04:29 116379 ----a-w- c:\windows\War3Unin.dat 2010-03-16 05:53 . 2007-06-07 04:07 -------- d-----w- c:\program files\Windows Live 2010-03-13 01:14 . 2007-09-21 17:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-10 06:15 . 2004-09-11 15:29 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 09:03 . 2010-03-08 09:03 376 ----a-w- c:\windows\mozregistry.dat 2010-03-08 09:02 . 2010-03-08 09:02 -------- d-----w- c:\program files\Hewlett-Packard 2010-02-25 06:24 . 2004-09-11 15:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-09-11 15:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-09-11 15:29 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-09-11 15:29 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952] "Dit"="Dit.exe" [2004-04-02 86016] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363] "nwiz"="nwiz.exe" [2008-05-16 1630208] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064] "xMain"="c:\windows\system32\xlaunch.exe" [2007-01-27 0] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-19 68592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\condition zero\\hl.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\counter-strike\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Steam\\steamapps\\babyblueboi8888\\condition zero deleted scenes\\hl.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Garena\\Garena.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14069:TCP"= 14069:TCP:BitComet 14069 TCP "14069:UDP"= 14069:UDP:BitComet 14069 UDP "11843:TCP"= 11843:TCP:BitComet 11843 TCP "11843:UDP"= 11843:UDP:BitComet 11843 UDP "20331:TCP"= 20331:TCP:BitComet 20331 TCP "20331:UDP"= 20331:UDP:BitComet 20331 UDP "8579:TCP"= 8579:TCP:BitComet 8579 TCP "8579:UDP"= 8579:UDP:BitComet 8579 UDP "23382:TCP"= 23382:TCP:BitComet 23382 TCP "23382:UDP"= 23382:UDP:BitComet 23382 UDP "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "8688:TCP"= 8688:TCP:Services "8687:TCP"= 8687:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [12/09/2004 11:35 AM 13440] S2 gupdate1c98822f51d5298;Google Update Service (gupdate1c98822f51d5298);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2009 11:19 PM 133104] S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12/09/2004 11:15 AM 1287296] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp --> c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp [?] S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [10/03/2006 10:28 PM 227200] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [13/08/2006 6:29 PM 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [20/05/2007 4:40 PM 85696] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/04/2006 5:01 PM 642560] . Contents of the 'Scheduled Tasks' folder 2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 06:19] 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 06:19] 2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{E420AC28-E99F-4BA6-BB6D-D382DFC6AA6D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.medionusa.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} - hxxp://www.eminem.net/xplayer/xplayer.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl AddRemove-DOB - c:\program files\DOB\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-05 20:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1912723550-2934064969-3182515952-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,fc,e2,87,6b,ec,2a,4b,aa,0d,e6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,fc,e2,87,6b,ec,2a,4b,aa,0d,e6,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1204) c:\windows\system32\WININET.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe . ************************************************************************** . Completion time: 2010-05-05 20:18:45 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-06 03:18 Pre-Run: 35,278,991,360 bytes free Post-Run: 35,435,216,896 bytes free - - End Of File - - FC36651A422D3DE3448372BAF00F6155 im going camping tomorrow till the end of the weekend. if i dont get it fixed by then can i msg you when i get back and continue where we left off?
  12. babyblueboi
    ComboFix 10-05-05.04 - Administrator 05/05/2010 20:03:58.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.832 [GMT -7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1563521973-1625754414-1025055092-1003 c:\recycler\S-1-5-21-1897486801-1195557411-254619659-1003 c:\recycler\S-1-5-21-2202223250-1270081108-2901510911-1003 c:\recycler\S-1-5-21-4280248076-1143208040-3784694839-1003 c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\SHELLLNK.TLB c:\windows\system32\winsusrm.dll c:\windows\system32\wpcap.dll . original MBR restored successfully ! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 ))))))))))))))))))))))))))))))) . 2010-05-04 06:20 . 2010-05-06 00:54 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Tracing 2010-05-04 06:20 . 2010-05-04 06:20 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\WINDOWS 2010-05-04 06:19 . 2010-05-04 06:20 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Shared 2010-05-04 06:19 . 2010-05-04 06:19 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Saved Games 2010-05-04 06:19 . 2010-05-04 21:07 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\PrivacIE 2010-05-04 06:19 . 2010-05-04 06:19 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\New Folder (6) 2010-05-04 06:16 . 2010-05-04 06:16 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\LocalLow 2010-05-04 06:03 . 2010-05-05 19:42 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Incomplete 2010-05-04 06:03 . 2010-05-04 06:03 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\IETldCache 2010-05-04 06:03 . 2010-05-04 06:03 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\IECompatCache 2010-05-04 05:59 . 2010-05-04 06:00 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Contacts 2010-05-04 05:59 . 2010-05-04 05:59 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\config 2010-05-04 05:48 . 2010-05-04 05:49 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\.limewire 2010-05-04 05:46 . 2010-05-06 02:58 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME 2010-05-01 08:50 . 2010-05-01 08:50 84992 --sha-r- c:\windows\system32\urlmon5.dll 2010-04-26 21:11 . 2010-04-26 21:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-04-16 05:52 . 2010-04-16 05:52 -------- d-----w- c:\program files\AVG 2010-04-16 05:52 . 2010-05-06 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-16 04:43 . 2010-04-16 04:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-04-16 04:40 . 2010-04-16 04:40 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-04-16 04:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-16 04:28 . 2010-05-05 23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-16 04:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-16 04:28 . 2010-04-16 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-06 02:46 . 2005-12-26 03:48 -------- d-----w- c:\program files\Steam 2010-05-06 02:46 . 2004-09-12 18:35 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2010-05-05 23:16 . 2010-05-05 23:16 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-05-05 07:16 . 2007-04-05 00:39 -------- d-----w- c:\program files\Warcraft III 2010-04-29 01:58 . 2010-02-25 04:19 -------- d-----w- c:\program files\Garena 2010-04-17 06:28 . 2005-03-20 05:34 -------- d-----w- c:\program files\Google 2010-04-16 20:24 . 2004-09-12 19:58 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-16 05:45 . 2004-09-12 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-04-16 05:30 . 2009-07-21 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-04-04 07:32 . 2006-11-23 07:08 14 -c--a-w- c:\windows\popcinfo.dat 2010-03-16 19:05 . 2008-09-08 04:29 116379 ----a-w- c:\windows\War3Unin.dat 2010-03-16 05:53 . 2007-06-07 04:07 -------- d-----w- c:\program files\Windows Live 2010-03-13 01:14 . 2007-09-21 17:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-10 06:15 . 2004-09-11 15:29 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 09:03 . 2010-03-08 09:03 376 ----a-w- c:\windows\mozregistry.dat 2010-03-08 09:02 . 2010-03-08 09:02 -------- d-----w- c:\program files\Hewlett-Packard 2010-02-25 06:24 . 2004-09-11 15:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-09-11 15:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-09-11 15:29 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-09-11 15:29 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952] "Dit"="Dit.exe" [2004-04-02 86016] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363] "nwiz"="nwiz.exe" [2008-05-16 1630208] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064] "xMain"="c:\windows\system32\xlaunch.exe" [2007-01-27 0] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-19 68592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\condition zero\\hl.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\counter-strike\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Steam\\steamapps\\babyblueboi8888\\condition zero deleted scenes\\hl.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Garena\\Garena.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14069:TCP"= 14069:TCP:BitComet 14069 TCP "14069:UDP"= 14069:UDP:BitComet 14069 UDP "11843:TCP"= 11843:TCP:BitComet 11843 TCP "11843:UDP"= 11843:UDP:BitComet 11843 UDP "20331:TCP"= 20331:TCP:BitComet 20331 TCP "20331:UDP"= 20331:UDP:BitComet 20331 UDP "8579:TCP"= 8579:TCP:BitComet 8579 TCP "8579:UDP"= 8579:UDP:BitComet 8579 UDP "23382:TCP"= 23382:TCP:BitComet 23382 TCP "23382:UDP"= 23382:UDP:BitComet 23382 UDP "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "8688:TCP"= 8688:TCP:Services "8687:TCP"= 8687:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [12/09/2004 11:35 AM 13440] S2 gupdate1c98822f51d5298;Google Update Service (gupdate1c98822f51d5298);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2009 11:19 PM 133104] S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12/09/2004 11:15 AM 1287296] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp --> c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp [?] S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [10/03/2006 10:28 PM 227200] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [13/08/2006 6:29 PM 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [20/05/2007 4:40 PM 85696] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/04/2006 5:01 PM 642560] . Contents of the 'Scheduled Tasks' folder 2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 06:19] 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 06:19] 2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{E420AC28-E99F-4BA6-BB6D-D382DFC6AA6D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.medionusa.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} - hxxp://www.eminem.net/xplayer/xplayer.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl AddRemove-DOB - c:\program files\DOB\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-05 20:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1912723550-2934064969-3182515952-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,fc,e2,87,6b,ec,2a,4b,aa,0d,e6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,fc,e2,87,6b,ec,2a,4b,aa,0d,e6,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1204) c:\windows\system32\WININET.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe . ************************************************************************** . Completion time: 2010-05-05 20:18:45 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-06 03:18 Pre-Run: 35,278,991,360 bytes free Post-Run: 35,435,216,896 bytes free - - End Of File - - FC36651A422D3DE3448372BAF00F6155 im going camping tomorrow till the end of the weekend. if i dont get it fixed by then can i msg you when i get back and continue where we left off?
  13. babyblueboi
    ComboFix 10-05-05.04 - Administrator 05/05/2010 20:03:58.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.832 [GMT -7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1563521973-1625754414-1025055092-1003 c:\recycler\S-1-5-21-1897486801-1195557411-254619659-1003 c:\recycler\S-1-5-21-2202223250-1270081108-2901510911-1003 c:\recycler\S-1-5-21-4280248076-1143208040-3784694839-1003 c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\SHELLLNK.TLB c:\windows\system32\winsusrm.dll c:\windows\system32\wpcap.dll . original MBR restored successfully ! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 ))))))))))))))))))))))))))))))) . 2010-05-04 06:20 . 2010-05-06 00:54 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Tracing 2010-05-04 06:20 . 2010-05-04 06:20 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\WINDOWS 2010-05-04 06:19 . 2010-05-04 06:20 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Shared 2010-05-04 06:19 . 2010-05-04 06:19 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Saved Games 2010-05-04 06:19 . 2010-05-04 21:07 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\PrivacIE 2010-05-04 06:19 . 2010-05-04 06:19 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\New Folder (6) 2010-05-04 06:16 . 2010-05-04 06:16 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\LocalLow 2010-05-04 06:03 . 2010-05-05 19:42 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Incomplete 2010-05-04 06:03 . 2010-05-04 06:03 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\IETldCache 2010-05-04 06:03 . 2010-05-04 06:03 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\IECompatCache 2010-05-04 05:59 . 2010-05-04 06:00 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Contacts 2010-05-04 05:59 . 2010-05-04 05:59 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\config 2010-05-04 05:48 . 2010-05-04 05:49 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\.limewire 2010-05-04 05:46 . 2010-05-06 02:58 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME 2010-05-01 08:50 . 2010-05-01 08:50 84992 --sha-r- c:\windows\system32\urlmon5.dll 2010-04-26 21:11 . 2010-04-26 21:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-04-16 05:52 . 2010-04-16 05:52 -------- d-----w- c:\program files\AVG 2010-04-16 05:52 . 2010-05-06 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-16 04:43 . 2010-04-16 04:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-04-16 04:40 . 2010-04-16 04:40 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-04-16 04:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-16 04:28 . 2010-05-05 23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-16 04:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-16 04:28 . 2010-04-16 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-06 02:46 . 2005-12-26 03:48 -------- d-----w- c:\program files\Steam 2010-05-06 02:46 . 2004-09-12 18:35 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2010-05-05 23:16 . 2010-05-05 23:16 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-05-05 07:16 . 2007-04-05 00:39 -------- d-----w- c:\program files\Warcraft III 2010-04-29 01:58 . 2010-02-25 04:19 -------- d-----w- c:\program files\Garena 2010-04-17 06:28 . 2005-03-20 05:34 -------- d-----w- c:\program files\Google 2010-04-16 20:24 . 2004-09-12 19:58 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-16 05:45 . 2004-09-12 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-04-16 05:30 . 2009-07-21 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-04-04 07:32 . 2006-11-23 07:08 14 -c--a-w- c:\windows\popcinfo.dat 2010-03-16 19:05 . 2008-09-08 04:29 116379 ----a-w- c:\windows\War3Unin.dat 2010-03-16 05:53 . 2007-06-07 04:07 -------- d-----w- c:\program files\Windows Live 2010-03-13 01:14 . 2007-09-21 17:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-10 06:15 . 2004-09-11 15:29 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 09:03 . 2010-03-08 09:03 376 ----a-w- c:\windows\mozregistry.dat 2010-03-08 09:02 . 2010-03-08 09:02 -------- d-----w- c:\program files\Hewlett-Packard 2010-02-25 06:24 . 2004-09-11 15:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-09-11 15:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-09-11 15:29 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-09-11 15:29 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952] "Dit"="Dit.exe" [2004-04-02 86016] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363] "nwiz"="nwiz.exe" [2008-05-16 1630208] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064] "xMain"="c:\windows\system32\xlaunch.exe" [2007-01-27 0] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-19 68592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\condition zero\\hl.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\counter-strike\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Steam\\steamapps\\babyblueboi8888\\condition zero deleted scenes\\hl.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Garena\\Garena.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14069:TCP"= 14069:TCP:BitComet 14069 TCP "14069:UDP"= 14069:UDP:BitComet 14069 UDP "11843:TCP"= 11843:TCP:BitComet 11843 TCP "11843:UDP"= 11843:UDP:BitComet 11843 UDP "20331:TCP"= 20331:TCP:BitComet 20331 TCP "20331:UDP"= 20331:UDP:BitComet 20331 UDP "8579:TCP"= 8579:TCP:BitComet 8579 TCP "8579:UDP"= 8579:UDP:BitComet 8579 UDP "23382:TCP"= 23382:TCP:BitComet 23382 TCP "23382:UDP"= 23382:UDP:BitComet 23382 UDP "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "8688:TCP"= 8688:TCP:Services "8687:TCP"= 8687:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [12/09/2004 11:35 AM 13440] S2 gupdate1c98822f51d5298;Google Update Service (gupdate1c98822f51d5298);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2009 11:19 PM 133104] S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12/09/2004 11:15 AM 1287296] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp --> c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp [?] S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [10/03/2006 10:28 PM 227200] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [13/08/2006 6:29 PM 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [20/05/2007 4:40 PM 85696] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/04/2006 5:01 PM 642560] . Contents of the 'Scheduled Tasks' folder 2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 06:19] 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 06:19] 2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{E420AC28-E99F-4BA6-BB6D-D382DFC6AA6D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.medionusa.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} - hxxp://www.eminem.net/xplayer/xplayer.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl AddRemove-DOB - c:\program files\DOB\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-05 20:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1912723550-2934064969-3182515952-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,fc,e2,87,6b,ec,2a,4b,aa,0d,e6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,fc,e2,87,6b,ec,2a,4b,aa,0d,e6,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1204) c:\windows\system32\WININET.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe . ************************************************************************** . Completion time: 2010-05-05 20:18:45 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-06 03:18 Pre-Run: 35,278,991,360 bytes free Post-Run: 35,435,216,896 bytes free - - End Of File - - FC36651A422D3DE3448372BAF00F6155 im going camping tomorrow till the end of the weekend. if i dont get it fixed by then can i msg you when i get back and continue where we left off?
  14. babyblueboi
    ComboFix 10-05-05.04 - Administrator 05/05/2010 20:03:58.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.832 [GMT -7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1563521973-1625754414-1025055092-1003 c:\recycler\S-1-5-21-1897486801-1195557411-254619659-1003 c:\recycler\S-1-5-21-2202223250-1270081108-2901510911-1003 c:\recycler\S-1-5-21-4280248076-1143208040-3784694839-1003 c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\SHELLLNK.TLB c:\windows\system32\winsusrm.dll c:\windows\system32\wpcap.dll . original MBR restored successfully ! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 ))))))))))))))))))))))))))))))) . 2010-05-04 06:20 . 2010-05-06 00:54 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Tracing 2010-05-04 06:20 . 2010-05-04 06:20 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\WINDOWS 2010-05-04 06:19 . 2010-05-04 06:20 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Shared 2010-05-04 06:19 . 2010-05-04 06:19 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Saved Games 2010-05-04 06:19 . 2010-05-04 21:07 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\PrivacIE 2010-05-04 06:19 . 2010-05-04 06:19 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\New Folder (6) 2010-05-04 06:16 . 2010-05-04 06:16 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\LocalLow 2010-05-04 06:03 . 2010-05-05 19:42 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Incomplete 2010-05-04 06:03 . 2010-05-04 06:03 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\IETldCache 2010-05-04 06:03 . 2010-05-04 06:03 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\IECompatCache 2010-05-04 05:59 . 2010-05-04 06:00 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\Contacts 2010-05-04 05:59 . 2010-05-04 05:59 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\config 2010-05-04 05:48 . 2010-05-04 05:49 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME\.limewire 2010-05-04 05:46 . 2010-05-06 02:58 -------- d-----w- c:\documents and settings\HelpAssistant.COMPUTERNAME 2010-05-01 08:50 . 2010-05-01 08:50 84992 --sha-r- c:\windows\system32\urlmon5.dll 2010-04-26 21:11 . 2010-04-26 21:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-04-16 05:52 . 2010-04-16 05:52 -------- d-----w- c:\program files\AVG 2010-04-16 05:52 . 2010-05-06 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-16 04:43 . 2010-04-16 04:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-04-16 04:40 . 2010-04-16 04:40 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-04-16 04:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-16 04:28 . 2010-05-05 23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-16 04:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-16 04:28 . 2010-04-16 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-06 02:46 . 2005-12-26 03:48 -------- d-----w- c:\program files\Steam 2010-05-06 02:46 . 2004-09-12 18:35 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2010-05-05 23:16 . 2010-05-05 23:16 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-05-05 07:16 . 2007-04-05 00:39 -------- d-----w- c:\program files\Warcraft III 2010-04-29 01:58 . 2010-02-25 04:19 -------- d-----w- c:\program files\Garena 2010-04-17 06:28 . 2005-03-20 05:34 -------- d-----w- c:\program files\Google 2010-04-16 20:24 . 2004-09-12 19:58 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-16 05:45 . 2004-09-12 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-04-16 05:30 . 2009-07-21 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-04-04 07:32 . 2006-11-23 07:08 14 -c--a-w- c:\windows\popcinfo.dat 2010-03-16 19:05 . 2008-09-08 04:29 116379 ----a-w- c:\windows\War3Unin.dat 2010-03-16 05:53 . 2007-06-07 04:07 -------- d-----w- c:\program files\Windows Live 2010-03-13 01:14 . 2007-09-21 17:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-10 06:15 . 2004-09-11 15:29 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 09:03 . 2010-03-08 09:03 376 ----a-w- c:\windows\mozregistry.dat 2010-03-08 09:02 . 2010-03-08 09:02 -------- d-----w- c:\program files\Hewlett-Packard 2010-02-25 06:24 . 2004-09-11 15:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-09-11 15:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-09-11 15:29 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-09-11 15:29 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952] "Dit"="Dit.exe" [2004-04-02 86016] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363] "nwiz"="nwiz.exe" [2008-05-16 1630208] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064] "xMain"="c:\windows\system32\xlaunch.exe" [2007-01-27 0] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-19 68592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\condition zero\\hl.exe"= "c:\\Program Files\\Steam\\SteamApps\\babyblueboi8888\\counter-strike\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Steam\\steamapps\\babyblueboi8888\\condition zero deleted scenes\\hl.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Garena\\Garena.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14069:TCP"= 14069:TCP:BitComet 14069 TCP "14069:UDP"= 14069:UDP:BitComet 14069 UDP "11843:TCP"= 11843:TCP:BitComet 11843 TCP "11843:UDP"= 11843:UDP:BitComet 11843 UDP "20331:TCP"= 20331:TCP:BitComet 20331 TCP "20331:UDP"= 20331:UDP:BitComet 20331 UDP "8579:TCP"= 8579:TCP:BitComet 8579 TCP "8579:UDP"= 8579:UDP:BitComet 8579 UDP "23382:TCP"= 23382:TCP:BitComet 23382 TCP "23382:UDP"= 23382:UDP:BitComet 23382 UDP "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "8688:TCP"= 8688:TCP:Services "8687:TCP"= 8687:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [12/09/2004 11:35 AM 13440] S2 gupdate1c98822f51d5298;Google Update Service (gupdate1c98822f51d5298);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2009 11:19 PM 133104] S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12/09/2004 11:15 AM 1287296] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp --> c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp [?] S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [10/03/2006 10:28 PM 227200] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [13/08/2006 6:29 PM 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [20/05/2007 4:40 PM 85696] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/04/2006 5:01 PM 642560] . Contents of the 'Scheduled Tasks' folder 2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 06:19] 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 06:19] 2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{E420AC28-E99F-4BA6-BB6D-D382DFC6AA6D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.medionusa.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} - hxxp://www.eminem.net/xplayer/xplayer.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl AddRemove-DOB - c:\program files\DOB\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-05 20:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\CKC40.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1912723550-2934064969-3182515952-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,fc,e2,87,6b,ec,2a,4b,aa,0d,e6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,fc,e2,87,6b,ec,2a,4b,aa,0d,e6,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1204) c:\windows\system32\WININET.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe . ************************************************************************** . Completion time: 2010-05-05 20:18:45 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-06 03:18 Pre-Run: 35,278,991,360 bytes free Post-Run: 35,435,216,896 bytes free - - End Of File - - FC36651A422D3DE3448372BAF00F6155 im going camping tomorrow till the end of the weekend. if i dont get it fixed by then can i msg you when i get back and continue where we left off?
  15. babyblueboi
    censored copied the wrong one again lol Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4060 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 05/05/2010 5:08:38 PM mbam-log-2010-05-05 (17-08-38).txt Scan type: Quick scan Objects scanned: 149166 Time elapsed: 7 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ARManager (Rogue.ARManager) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages (Rogue.ARManager) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\settings.ini (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\uninstall.exe (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Czech.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Danish.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Dutch.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\English.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\French.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\German.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Italian.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Portuguese.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Slovak.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Spanish.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\template.lng (Rogue.ARManager) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
  16. babyblueboi
    Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 05/05/2010 4:28:49 PM mbam-log-2010-05-05 (16-28-49).txt Scan type: Quick scan Objects scanned: 148228 Time elapsed: 7 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  17. babyblueboi
    dont i already have that?
  18. babyblueboi
    sorry i copied the old one by accident Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 05/05/2010 4:28:49 PM mbam-log-2010-05-05 (16-28-49).txt Scan type: Quick scan Objects scanned: 148228 Time elapsed: 7 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  19. babyblueboi
    Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3994 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 05/05/2010 1:48:19 PM mbam-log-2010-05-05 (13-48-19).txt Scan type: Quick scan Objects scanned: 134979 Time elapsed: 5 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  20. babyblueboi
    Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3994 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 05/05/2010 1:48:19 PM mbam-log-2010-05-05 (13-48-19).txt Scan type: Quick scan Objects scanned: 134979 Time elapsed: 5 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.txt DDS.txt gmerlog.zip.zip
  21. babyblueboi
    also im not that tech savy so i dont know if i have a script blocker
  22. babyblueboi
    i cant open any programs in normal start up mode with freezing the whole system. should i do all of this in safe mode?
  23. babyblueboi
    i cant programs in normal start up mode so should i do all of this in safe mode?
  24. babyblueboi
    =(
  25. babyblueboi
    I got the antimalware virus and I tried removing it. a site told me to run it in safe mode and run rkill and then scan with mbam. i did this and after scanning it deleted about 10 files. after that i restarded and back to normal mode and the virus seemed to be gone. no pop ups and no fake programs. my internet explorer is still not working and when i open something up my whole system freezes. someone please help me since i have to get to a file right away for school. thanks. if you guys need more info just ask.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.