stinker
-
Posts
30 -
Joined
-
Last visited
-
Update: My computer fails to run. It freezes and blue-screens 2-3mins after it starts up. Ima just do a reinstall of the operating system.
-
I think the deployment cache is full. but im not sure
-
Today my computer froze up and then failed to un-freeze itsself. I turned it off then turned it back on, and it appears to be working. O.O
-
Update: Scanned my Appdata/locallow/Sun/java and found 2 Java:Agent-UY[Expl] in the deployment cache. I havent uninstalled java and reinstalled it yet. Im doing it right now.
-
And will just updating java work too?
-
Mkay . Ive been scanning with malwarebytes for the past couple of days and nothing has popped up. Although, I have noticed when I start up my computer, It freezes for a bit when I get to my desktop. And when I typed Combofix /uninstall in Run, instead of deleting combofix; combofix ran. So I restarted my computer and just deleted the Combofix.exe that was saved to my desktop. When Vista asked me if i wanted to delete combofix, I clicked yes and my computer froze for about a good 5-7 seconds, then returned back to normal.
-
Yeah... it ran for about a hour with no malicious files. But I didnt find the .txt file for it
-
Results of screen317's Security Check version 0.99.18 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! avast! Free Antivirus ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 26 Adobe Flash Player 10.3.181.14 Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe system32 AvastSvc.exe -?- AVAST Software Avast AvastUI.exe ``````````End of Log````````````
-
When I click on the ATF cleaner, it takes me to a webpage that says (This ID doesnt exist). Sorry it has taken me a while to get back to you... I appear to have gotten a virus myself (terrible cold)!
-
Here is the new DDS log for you. Btw: Thank you for helping me with this . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26 Run by Brian at 9:21:25 on 2011-08-22 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1796 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskeng.exe C:\Program Files\Steam\Steam.exe C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Windows\System32\mobsync.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [Steam] "c:\program files\steam\Steam.exe" -silent mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{EFC2CF7A-648E-4D93-9A2D-B52E827B2E64} : DhcpNameServer = 192.168.1.254 AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\3mx889wz.default\ FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-3 309848] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 36568] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-3 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-3 54104] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-3 42184] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-5-25 154424] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-27 2218600] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176] . =============== Created Last 30 ================ . 2011-08-21 16:31:58 -------- d-----w- c:\programdata\Comodo 2011-08-21 16:31:52 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-08-21 16:31:52 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2011-08-21 16:31:52 1060864 ----a-w- c:\windows\system32\mfc71.dll 2011-08-20 19:14:19 -------- d-----w- c:\users\brian\appdata\roaming\.minecraft 2011-08-19 15:15:28 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b75baced-6096-475f-b4c3-d98be958898d}\mpengine.dll 2011-08-16 01:40:50 -------- d-sh--w- C:\$RECYCLE.BIN 2011-08-16 01:40:44 -------- d-----w- c:\users\brian\appdata\local\temp 2011-08-16 01:26:46 98816 ----a-w- c:\windows\sed.exe 2011-08-16 01:26:46 518144 ----a-w- c:\windows\SWREG.exe 2011-08-16 01:26:46 256000 ----a-w- c:\windows\PEV.exe 2011-08-16 01:26:46 208896 ----a-w- c:\windows\MBR.exe 2011-08-16 01:26:33 -------- d-----w- C:\ComboFix 2011-08-10 23:07:06 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-08-10 23:07:04 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-05 16:06:47 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA622.tmp 2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA621.tmp 2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA610.tmp 2011-07-26 17:17:50 -------- d-----w- c:\program files\CCleaner . ==================== Find3M ==================== . 2011-08-05 01:35:53 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-22 13:54:40 1383424 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-06-21 15:49:52 834048 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 14:13:51 389632 ----a-w- c:\windows\system32\html.iec 2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-17 20:13:55 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-04 01:26:19 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2011-06-04 01:26:11 82432 ----a-w- c:\windows\system32\axaltocm.dll 2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-05-31 23:09:01 377344 ----a-w- c:\windows\system32\winhttp.dll 2011-05-31 23:05:04 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui 2011-05-30 14:43:45 14848 ----a-w- c:\windows\system32\wshrm.dll 2011-05-30 14:43:17 43520 ----a-w- c:\windows\system32\msdxm.tlb 2011-05-30 14:43:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2011-05-30 14:43:17 18432 ----a-w- c:\windows\system32\amcompat.tlb 2011-05-30 14:43:15 7680 ----a-w- c:\windows\system32\spwmp.dll 2011-05-30 14:43:14 4096 ----a-w- c:\windows\system32\msdxm.ocx 2011-05-30 14:43:14 4096 ----a-w- c:\windows\system32\dxmasf.dll 2011-05-29 19:01:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 15:16:47 23552 ----a-w- c:\windows\system32\lpk.dll 2011-05-29 15:16:47 10240 ----a-w- c:\windows\system32\dciman32.dll 2011-05-29 15:14:25 72704 ----a-w- c:\windows\system32\admparse.dll 2011-05-29 15:14:19 48128 ----a-w- c:\windows\system32\mshtmler.dll 2011-05-29 15:12:28 61440 ----a-w- c:\windows\system32\winipsec.dll 2011-05-29 15:12:28 272896 ----a-w- c:\windows\system32\polstore.dll 2011-05-29 15:09:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2011-05-29 15:09:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2011-05-29 15:09:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2011-05-29 15:09:03 105984 ----a-w- c:\windows\system32\netiohlp.dll 2011-05-29 15:09:02 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2011-05-29 15:09:02 19968 ----a-w- c:\windows\system32\ARP.EXE 2011-05-29 15:09:02 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2011-05-29 15:09:02 10240 ----a-w- c:\windows\system32\finger.exe 2011-05-29 15:06:39 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2011-05-29 15:06:38 68096 ----a-w- c:\windows\system32\wlanhlp.dll 2011-05-29 15:06:38 65024 ----a-w- c:\windows\system32\wlanapi.dll 2011-05-29 15:06:38 513536 ----a-w- c:\windows\system32\wlansvc.dll 2011-05-29 15:06:38 302592 ----a-w- c:\windows\system32\wlansec.dll 2011-05-29 15:06:38 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2011-05-29 15:06:35 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs 2011-05-29 15:05:20 1401856 ----a-w- c:\windows\system32\msxml6.dll 2011-05-29 15:05:19 2048 ----a-w- c:\windows\system32\msxml6r.dll 2011-05-29 15:05:19 2048 ----a-w- c:\windows\system32\msxml3r.dll 2011-05-29 15:04:03 218624 ----a-w- c:\windows\system32\msv1_0.dll 2011-05-29 15:00:43 98816 ----a-w- c:\windows\system32\mfps.dll 2011-05-29 15:00:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe 2011-05-29 15:00:43 2868224 ----a-w- c:\windows\system32\mf.dll 2011-05-29 15:00:43 24576 ----a-w- c:\windows\system32\mfpmp.exe 2011-05-29 15:00:43 2048 ----a-w- c:\windows\system32\mferror.dll 2011-05-29 14:55:21 71680 ----a-w- c:\windows\system32\atl.dll 2011-05-29 14:50:43 160256 ----a-w- c:\windows\system32\wkssvc.dll 2011-05-29 14:49:36 136192 ----a-w- c:\windows\system32\aaclient.dll 2011-05-29 14:49:35 53248 ----a-w- c:\windows\system32\tsgqec.dll 2011-05-29 14:37:28 623616 ----a-w- c:\windows\system32\localspl.dll 2011-05-29 14:33:24 175104 ----a-w- c:\windows\system32\wdigest.dll 2011-05-29 14:33:23 9728 ----a-w- c:\windows\system32\lsass.exe 2011-05-29 14:33:23 72704 ----a-w- c:\windows\system32\secur32.dll 2011-05-29 14:33:23 499712 ----a-w- c:\windows\system32\kerberos.dll 2011-05-29 14:33:23 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2011-05-29 14:33:23 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2011-05-29 14:25:04 6656 ----a-w- c:\windows\system32\kbd106n.dll 2011-05-29 14:21:26 62464 ----a-w- c:\windows\system32\l3codeca.acm 2011-05-29 14:21:26 220672 ----a-w- c:\windows\system32\l3codecp.acm 2011-05-29 14:18:21 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2011-05-29 14:18:21 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2011-05-29 14:18:20 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2011-05-29 14:18:20 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS 2011-05-29 14:11:57 37888 ----a-w- c:\windows\system32\printcom.dll 2011-05-29 13:21:22 84480 ----a-w- c:\windows\system32\INETRES.dll 2011-05-29 13:20:53 60928 ----a-w- c:\windows\system32\msasn1.dll 2011-05-29 13:20:11 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2011-05-29 13:19:16 411648 ----a-w- c:\windows\system32\drivers\http.sys 2011-05-29 13:19:16 30720 ----a-w- c:\windows\system32\httpapi.dll 2011-05-29 13:19:16 24064 ----a-w- c:\windows\system32\nshhttp.dll 2011-05-29 13:16:59 243712 ----a-w- c:\windows\system32\rastls.dll 2011-05-29 13:16:34 355328 ----a-w- c:\windows\system32\WSDApi.dll 2011-05-29 13:15:28 91136 ----a-w- c:\windows\system32\avifil32.dll 2011-05-29 13:15:28 82944 ----a-w- c:\windows\system32\mciavi32.dll 2011-05-29 13:15:28 65024 ----a-w- c:\windows\system32\avicap32.dll 2011-05-29 13:15:28 31744 ----a-w- c:\windows\system32\msvidc32.dll 2011-05-29 13:15:28 13312 ----a-w- c:\windows\system32\msrle32.dll 2011-05-29 13:15:28 123904 ----a-w- c:\windows\system32\msvfw32.dll 2011-05-29 13:15:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2011-05-29 13:15:27 22528 ----a-w- c:\windows\system32\msyuv.dll 2011-05-29 13:15:27 1314816 ----a-w- c:\windows\system32\quartz.dll 2011-05-29 13:15:27 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2011-05-29 13:13:51 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2011-05-28 00:32:21 172032 ----a-w- c:\windows\system32\wintrust.dll 2011-05-28 00:32:03 98304 ----a-w- c:\windows\system32\cabview.dll 2011-05-28 00:25:36 2421760 ----a-w- c:\windows\system32\wucltux.dll 2011-05-28 00:24:38 87552 ----a-w- c:\windows\system32\wudriver.dll 2011-05-28 00:24:03 33792 ----a-w- c:\windows\system32\wuapp.exe 2011-05-28 00:24:03 171608 ----a-w- c:\windows\system32\wuwebv.dll 2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 9:23:13.01 =============== Now regarding combofix... Im kinda hesitant to run it again. On account of the fact that it messed up steam, and messed up my comodo firewall program. I just dont want it deleting stuff I need, you know? If you could get back to me about this that would be great. P.S. When combofix deleted steam.exe, I promptly reinstalled steam and fixed the issue. Now that there is a new steam.exe will de-quarantining the old one combofix has in its quarantine mess stuff up? And again, Thank You for helping me.
-
?
-
Just to be sure. Am I doing the Combofix /uninstall and re-downloading a new one?
-
?
-
Nevermind. Rooted around and found it ComboFix 11-08-15.08 - Brian 08/15/2011 18:29:13.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1643 [GMT -7:00] Running from: c:\users\Brian\Desktop\ComboFix.exe FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Steam\Steam.exe D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 ))))))))))))))))))))))))))))))) . . 2011-08-16 01:37 . 2011-08-16 01:38 -------- d-----w- c:\users\Brian\AppData\Local\temp 2011-08-14 01:59 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84862CC0-D8EA-47FD-9DED-21657857DC3F}\mpengine.dll 2011-08-10 23:07 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-08-10 23:07 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-05 16:06 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-08-05 01:37 . 2011-08-05 01:37 -------- d-----w- c:\program files\Common Files\Java 2011-08-05 01:35 . 2011-08-05 01:35 -------- d-----w- c:\program files\Java 2011-08-05 01:01 . 2011-08-05 01:01 0 ----a-w- c:\windows\system32\RENA622.tmp 2011-08-05 01:01 . 2011-08-05 01:01 0 ----a-w- c:\windows\system32\RENA621.tmp 2011-08-05 01:01 . 2011-08-05 01:01 0 ----a-w- c:\windows\system32\RENA610.tmp 2011-07-26 17:17 . 2011-07-26 17:17 -------- d-----w- c:\program files\CCleaner 2011-07-22 23:50 . 2011-08-16 01:18 -------- d-----w- c:\users\Brian\AppData\Local\PMB Files 2011-07-22 23:50 . 2011-07-22 23:50 -------- d-----w- c:\programdata\PMB Files 2011-07-22 23:49 . 2011-07-22 23:49 -------- d-----w- c:\program files\Pando Networks 2011-07-20 00:04 . 2011-07-20 00:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-07-20 00:04 . 2011-07-20 00:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-05 01:35 . 2011-05-28 16:09 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-07 02:52 . 2011-06-24 01:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2011-06-24 01:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-06 13:56 . 2011-05-03 03:36 285256 ----a-w- c:\windows\system32\guard32.dll 2011-07-06 13:56 . 2011-05-07 23:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-07-06 13:56 . 2011-05-03 03:36 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-07-06 13:56 . 2011-05-03 03:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-07-06 13:56 . 2011-05-03 03:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-07-04 11:43 . 2011-06-04 02:37 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2011-06-04 02:37 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-06-04 02:38 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-06-04 02:38 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2011-06-04 02:38 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:32 . 2011-06-04 02:38 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-06-04 02:38 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-07-04 11:32 . 2011-06-04 02:38 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-04 01:26 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2011-06-04 01:26 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2011-06-02 13:34 . 2011-07-13 20:55 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-05-31 23:09 . 2011-05-31 23:09 377344 ----a-w- c:\windows\system32\winhttp.dll 2011-05-31 23:05 . 2011-05-31 23:05 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui 2011-05-30 14:43 . 2011-05-30 14:43 14848 ----a-w- c:\windows\system32\wshrm.dll 2011-05-30 14:43 . 2011-05-30 14:43 43520 ----a-w- c:\windows\system32\msdxm.tlb 2011-05-30 14:43 . 2011-05-30 14:43 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2011-05-30 14:43 . 2011-05-30 14:43 18432 ----a-w- c:\windows\system32\amcompat.tlb 2011-05-30 14:43 . 2011-05-30 14:43 7680 ----a-w- c:\windows\system32\spwmp.dll 2011-05-30 14:43 . 2011-05-30 14:43 4096 ----a-w- c:\windows\system32\msdxm.ocx 2011-05-30 14:43 . 2011-05-30 14:43 4096 ----a-w- c:\windows\system32\dxmasf.dll 2011-05-29 19:01 . 2011-05-29 19:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 15:16 . 2011-05-29 15:16 23552 ----a-w- c:\windows\system32\lpk.dll 2011-05-29 15:16 . 2011-05-29 15:16 10240 ----a-w- c:\windows\system32\dciman32.dll 2011-05-29 15:14 . 2011-05-29 15:14 72704 ----a-w- c:\windows\system32\admparse.dll 2011-05-29 15:14 . 2011-05-29 15:14 48128 ----a-w- c:\windows\system32\mshtmler.dll 2011-05-29 15:12 . 2011-05-29 15:12 61440 ----a-w- c:\windows\system32\winipsec.dll 2011-05-29 15:12 . 2011-05-29 15:12 272896 ----a-w- c:\windows\system32\polstore.dll 2011-05-29 15:09 . 2011-05-29 15:09 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2011-05-29 15:09 . 2011-05-29 15:09 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2011-05-29 15:09 . 2011-05-29 15:09 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2011-05-29 15:09 . 2011-05-29 15:09 105984 ----a-w- c:\windows\system32\netiohlp.dll 2011-05-29 15:09 . 2011-05-29 15:09 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2011-05-29 15:09 . 2011-05-29 15:09 19968 ----a-w- c:\windows\system32\ARP.EXE 2011-05-29 15:09 . 2011-05-29 15:09 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2011-05-29 15:09 . 2011-05-29 15:09 10240 ----a-w- c:\windows\system32\finger.exe 2011-05-29 15:06 . 2011-05-29 15:06 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2011-05-29 15:06 . 2011-05-29 15:06 68096 ----a-w- c:\windows\system32\wlanhlp.dll 2011-05-29 15:06 . 2011-05-29 15:06 65024 ----a-w- c:\windows\system32\wlanapi.dll 2011-05-29 15:06 . 2011-05-29 15:06 513536 ----a-w- c:\windows\system32\wlansvc.dll 2011-05-29 15:06 . 2011-05-29 15:06 302592 ----a-w- c:\windows\system32\wlansec.dll 2011-05-29 15:06 . 2011-05-29 15:06 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2011-05-29 15:06 . 2011-05-29 15:06 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs 2011-05-29 15:05 . 2011-05-29 15:05 1401856 ----a-w- c:\windows\system32\msxml6.dll 2011-05-29 15:05 . 2011-05-29 15:05 2048 ----a-w- c:\windows\system32\msxml3r.dll 2011-05-29 15:05 . 2011-05-29 15:05 2048 ----a-w- c:\windows\system32\msxml6r.dll 2011-05-29 15:04 . 2011-05-29 15:04 218624 ----a-w- c:\windows\system32\msv1_0.dll 2011-05-29 15:00 . 2011-05-29 15:00 98816 ----a-w- c:\windows\system32\mfps.dll 2011-05-29 15:00 . 2011-05-29 15:00 53248 ----a-w- c:\windows\system32\rrinstaller.exe 2011-05-29 15:00 . 2011-05-29 15:00 2868224 ----a-w- c:\windows\system32\mf.dll 2011-05-29 15:00 . 2011-05-29 15:00 24576 ----a-w- c:\windows\system32\mfpmp.exe 2011-05-29 15:00 . 2011-05-29 15:00 2048 ----a-w- c:\windows\system32\mferror.dll 2011-05-29 14:55 . 2011-05-29 14:55 71680 ----a-w- c:\windows\system32\atl.dll 2011-05-29 14:50 . 2011-05-29 14:50 160256 ----a-w- c:\windows\system32\wkssvc.dll 2011-05-29 14:49 . 2011-05-29 14:49 136192 ----a-w- c:\windows\system32\aaclient.dll 2011-05-29 14:49 . 2011-05-29 14:49 53248 ----a-w- c:\windows\system32\tsgqec.dll 2011-05-29 14:37 . 2011-05-29 14:37 623616 ----a-w- c:\windows\system32\localspl.dll 2011-05-29 14:33 . 2011-05-29 14:33 175104 ----a-w- c:\windows\system32\wdigest.dll 2011-05-29 14:33 . 2011-05-29 14:33 9728 ----a-w- c:\windows\system32\lsass.exe 2011-05-29 14:33 . 2011-05-29 14:33 72704 ----a-w- c:\windows\system32\secur32.dll 2011-05-29 14:33 . 2011-05-29 14:33 499712 ----a-w- c:\windows\system32\kerberos.dll 2011-05-29 14:33 . 2011-05-29 14:33 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2011-05-29 14:33 . 2011-05-29 14:33 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2011-05-29 14:29 . 2011-05-29 14:29 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll 2011-05-29 14:29 . 2011-05-29 14:29 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll 2011-05-29 14:29 . 2011-05-29 14:29 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll 2011-05-29 14:29 . 2011-05-29 14:29 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll 2011-05-29 14:29 . 2011-05-29 14:29 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll 2011-05-29 14:29 . 2011-05-29 14:29 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll 2011-05-29 14:29 . 2011-05-29 14:29 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll 2011-05-29 14:29 . 2011-05-29 14:29 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll 2011-05-29 14:29 . 2011-05-29 14:29 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll 2011-05-29 14:29 . 2011-05-29 14:29 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll 2011-05-29 14:29 . 2011-05-29 14:29 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll 2011-05-29 14:29 . 2011-05-29 14:29 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll 2011-05-29 14:29 . 2011-05-29 14:29 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll 2011-05-29 14:29 . 2011-05-29 14:29 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll 2011-05-29 14:29 . 2011-05-29 14:29 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll 2011-05-29 14:29 . 2011-05-29 14:29 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll 2011-05-29 14:29 . 2011-05-29 14:29 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll 2011-05-29 14:29 . 2011-05-29 14:29 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll 2011-05-29 14:29 . 2011-05-29 14:29 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll 2011-05-29 14:29 . 2011-05-29 14:29 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll 2011-05-29 14:29 . 2011-05-29 14:29 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll 2011-05-29 14:29 . 2011-05-29 14:29 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll 2011-05-29 14:29 . 2011-05-29 14:29 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll 2011-05-29 14:29 . 2011-05-29 14:29 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll 2011-05-29 14:29 . 2011-05-29 14:29 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll 2011-05-29 14:29 . 2011-05-29 14:29 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll 2011-05-29 14:29 . 2011-05-29 14:29 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll 2011-05-29 14:29 . 2011-05-29 14:29 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll 2011-05-29 14:29 . 2011-05-29 14:29 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll 2011-05-29 14:29 . 2011-05-29 14:29 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll 2011-07-20 00:04 . 2011-05-28 01:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-22 3077528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-06 2554696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-07-06 238960] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-07-06 36568] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472] . . Contents of the 'Scheduled Tasks' folder . 2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 03:26] . 2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 03:26] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx889wz.default\ . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Steam - c:\program files\Steam\steam.exe AddRemove-Steam App 1200 - c:\program files\Steam\steam.exe AddRemove-Steam App 1230 - c:\program files\Steam\steam.exe AddRemove-Steam App 1280 - c:\program files\Steam\steam.exe AddRemove-Steam App 1290 - c:\program files\Steam\steam.exe AddRemove-Steam App 17500 - c:\program files\Steam\steam.exe AddRemove-Steam App 17510 - c:\program files\Steam\steam.exe AddRemove-Steam App 215 - c:\program files\Steam\steam.exe AddRemove-Steam App 240 - c:\program files\Steam\steam.exe AddRemove-Steam App 4000 - c:\program files\Steam\steam.exe AddRemove-Steam App 500 - c:\program files\Steam\steam.exe AddRemove-Steam App 550 - c:\program files\Steam\steam.exe AddRemove-Steam App 70 - c:\program files\Steam\steam.exe AddRemove-Steam App 9880 - c:\program files\Steam\steam.exe AddRemove-Steam App 99900 - c:\program files\Steam\steam.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-15 18:38 Windows 6.0.6002 Service Pack 2 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(708) c:\windows\system32\guard32.dll . Completion time: 2011-08-15 18:40:41 ComboFix-quarantined-files.txt 2011-08-16 01:40 . Pre-Run: 175,721,050,112 bytes free Post-Run: 175,685,304,320 bytes free . Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - 5978FF4D8254FD33A1AE3FE49C48F60A
-
Im sorry but I accidentally exited the combofix log. Where can I find it? And as a added note, I have steam installed on my computer and I guess Combofix deleted the steam.vtf file making steam unable to run. I reinstalled steam and everything appears to be normal, but is it common for combofix to mess up steam like that?