Jump to content

Malware destroyed my computer.


Hi-Tech1

Recommended Posts

Hello,

Firstly I have to tell you that I am not very good at English. :(

This is my first time so if I posted this in the wrong place then I am really sorry.

So, I have go to one video website that you can see some videos and stuffs. Unfortunately, It told me that I have the old version of Flash player and it

asked me to install it. Then I installed it. (Flash Player got from the video website) It deleted something from my computer and told me that I am ready

to install new flash player.

After I installed it, everything gone wrong. My msn, sercurlity software, applications and etc. went wrong.

  • WLM keeps saying, "Windows Lice Communications Platform has stopped working." and "A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." and it log me off.
  • Malwarebytes' AntiMalware. I tried to scan it and after two seconds it just disappeared and if i tried to run it again this message will come up. "Windows cannot access the specified device path or file. You may not have the appropriate permissions to access the item." And if i right click and choose "Run as administator" The program will come up and if i try to run it, it will go the same again which is disappeared.
  • Hijackthis. It does the same thing as Malwarebytes' AntiMalware which is if I ask Hijackthis to scan it just disappear.
  • RootRepeal. After I ask it to scan files in the drive then it says, "Unrecognised partition type 6 (0x6)" [MBAM won't install or will not run this topics that I've been followed the instruction.]

I am not really sure if those caused of Malware or not but they won't work as they used to work before.

I have tried some of the other links from the other topics and it all doesn't work.

And also IE won't let me download anything. If I download something, before the download finish it disappear and gone. I will not get any files

that I have download. :(

Can anyone please help. I have tried lots but they don't seem like to work. ):

Thank you,

Chris.

PS. Cannot remember which website it was.

PS2. I use IE8 as my web browser.

PS3. I use Windows Vista.

Link to post
Share on other sites

I just scan using Combofix.

This is the Log hope this is useful.

ComboFix 09-09-24.01 - Christopher 25/09/2009 20:22.1.1 - NTFSx86

Running from: c:\users\Christopher\Documents\Downloads\Programs\ComboFix.exe

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-713748134-4097783401-793962716-1001

c:\$recycle.bin\S-1-5-21-713748134-4097783401-793962716-1002

c:\$recycle.bin\S-1-5-21-713748134-4097783401-793962716-1005

c:\$recycle.bin\S-1-5-21-713748134-4097783401-793962716-500

c:\users\Christopher\AppData\Roaming\.#

c:\windows\Installer\20a624.msi

c:\windows\Installer\9a1ec9.msi

c:\windows\Installer\b0757.msp

c:\windows\Installer\cd91c.msp

c:\windows\system32\aliases.ini

c:\windows\system32\conn.dll

c:\windows\system32\download

c:\windows\system32\drivers\nProtect.sys

c:\windows\system32\logs

c:\windows\system32\mirc.ini

c:\windows\system32\remote.ini

c:\windows\system32\server.dll

c:\windows\system32\servers.ini

c:\windows\system32\sounds

c:\windows\system32\tray.exe

c:\windows\system32\windows.txt

c:\windows\system32\XPerWin.dll

c:\windows\system32\xsystem.dll

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Legacy_IoHardware

-------\Service_IoHardware

((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))

.

2009-09-25 19:30 . 2009-09-25 19:35 -------- d-----w- c:\users\Christopher\AppData\Local\temp

2009-09-25 19:30 . 2009-09-25 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-09-21 19:09 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-21 19:09 . 2009-09-21 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-21 19:09 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-20 19:06 . 2009-09-20 19:06 -------- d-----w- C:\!KillBox

2009-09-19 20:40 . 2009-09-25 17:03 0 ----a-r- c:\windows\win32k.sys

2009-09-09 19:26 . 2009-09-09 19:26 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-09 17:55 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-09-09 17:55 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll

2009-09-09 17:55 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-09-09 17:55 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll

2009-09-09 17:55 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-09-09 17:55 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-09-09 17:55 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-09-09 17:55 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-09-09 17:55 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-09-09 17:55 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe

2009-09-09 17:54 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll

2009-09-09 17:54 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-09-09 17:54 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-09-09 17:54 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-09-09 17:54 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll

2009-09-08 20:08 . 2009-09-08 20:08 -------- d-----w- c:\users\Christopher\AppData\Roaming\Sortasoft

2009-09-08 20:08 . 2009-09-08 20:08 -------- d-----w- c:\programdata\Sortasoft

2009-09-04 19:07 . 2009-09-04 19:07 -------- d-----w- c:\windows\Lhsp

2009-09-02 21:47 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-09-02 21:47 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-01 19:10 . 2009-09-01 19:17 -------- d-----w- c:\users\Christopher\AppData\Roaming\MagicEffect Photo

2009-09-01 17:51 . 2009-09-01 17:51 -------- d-----w- c:\users\Christopher\AppData\Roaming\Morpheus Software

2009-08-30 15:58 . 2009-08-31 22:04 -------- d-----w- C:\output

2009-08-30 13:39 . 2009-09-24 06:39 -------- d-----w- c:\users\Christopher\AppData\Roaming\IDM

2009-08-30 13:19 . 2009-09-04 16:22 -------- d-----w- c:\program files\PhotoScape

2009-08-30 00:24 . 2009-09-19 21:04 -------- d-----w- c:\program files\Yahoo!

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-25 19:32 . 2009-01-03 16:19 12 ----a-w- c:\windows\bthservsdp.dat

2009-09-25 19:15 . 2008-11-14 18:22 -------- d-----w- c:\users\Christopher\AppData\Roaming\DMCache

2009-09-20 11:09 . 2008-09-11 18:31 -------- d-----w- c:\program files\Google

2009-09-09 19:22 . 2008-12-30 13:53 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-09 19:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-09 19:14 . 2008-02-26 03:14 -------- d-----w- c:\programdata\Microsoft Help

2009-09-04 19:13 . 2008-07-31 15:06 175592 ----a-w- c:\users\Christopher\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-02 18:32 . 2009-06-22 18:41 -------- d-----w- c:\program files\Windows Live Safety Center

2009-08-28 22:39 . 2008-10-14 20:56 -------- d-----w- c:\program files\Java

2009-08-23 12:41 . 2009-08-23 12:26 -------- d-----w- c:\programdata\FarmFrenzy3

2009-08-13 16:29 . 2009-08-13 16:29 -------- d-----w- c:\programdata\iWin Games

2009-08-13 16:29 . 2009-08-13 16:29 -------- d-----w- c:\programdata\iWin

2009-08-13 16:29 . 2008-08-12 14:26 -------- d-----w- c:\users\Christopher\AppData\Roaming\iWin

2009-08-12 19:45 . 2009-08-12 19:45 -------- d-----w- c:\users\Christopher\AppData\Roaming\GraveyardShift

2009-08-12 19:14 . 2009-08-12 19:14 -------- d-----w- c:\program files\ReflexiveArcade

2009-08-05 15:02 . 2008-02-26 03:05 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-31 10:39 . 2009-01-18 13:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-31 10:39 . 2009-01-18 13:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 10:39 . 2009-01-18 13:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-27 17:11 . 2008-08-31 00:30 1356 ----a-w- c:\users\Christopher\AppData\Local\d3d9caps.dat

2009-07-27 10:02 . 2009-07-27 09:31 53 ----a-w- c:\windows\hartlell.bat

2009-07-25 04:23 . 2009-01-19 20:44 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-21 21:52 . 2009-07-29 20:47 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 20:47 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 20:47 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 20:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-17 14:35 . 2009-08-13 11:52 71680 ----a-w- c:\windows\system32\atl.dll

2009-07-14 13:00 . 2009-08-13 11:51 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-14 12:59 . 2009-08-13 11:51 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-07-14 12:58 . 2009-08-13 11:51 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-07-14 10:59 . 2009-08-13 11:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2008-12-02 00:00 . 2008-12-01 16:16 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

2008-12-02 00:00 . 2008-12-01 16:16 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

2009-01-07 20:06 . 2009-01-07 19:53 0 --sha-w- c:\windows\System32\sys_drv.dat

.

------- Sigcheck -------

[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll

[-] 2008-01-27 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll

[7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-02 12:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-17 2022680]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]

[HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^system.lnk]

backup=c:\windows\pss\system.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{13ADE3BD-099C-44B2-A160-5484D6802808}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema

"{B6B81CF0-2AE4-455F-98A8-CA8E19F5FCDD}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program

"{20859917-0498-405B-A496-2F5D40E2B014}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{0123652C-844A-43DE-831A-EA7BA4B67C78}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{AB2CA533-4D4A-4EAB-98B3-BACD35DA0665}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia

"{CEEC57DF-B2EB-44FE-BF07-1CDF24DED781}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{8C6FA747-12FD-4896-876D-B91E52AAD223}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{D57E0144-5344-49B9-8695-7B8D5113B133}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{16D7C7D3-B171-459A-9D71-E979815C04CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1BB80880-D289-48D0-B7D4-120920453688}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F30EDD27-3F10-4261-ACB4-D5D30B3E426F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{03821814-4B99-4C3D-8F77-01E55708890C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{7D36F7F4-BC3A-4104-8DFA-EF64375B680C}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module

"UDP Query User{BA97FC0D-C70A-4F7E-86C8-1BD7EE7F9297}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module

"{F445F05F-5A3A-4E29-B980-422991B03E94}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe

"{D2D6945C-C9A0-466B-AFE6-2594B9C8A28C}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{793BF06D-39AF-4D80-AA55-7C67E6A2ED2F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"{31C09C84-4235-4F4D-96D9-765943F04C17}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet.exe

"{CEFC0204-FBD7-4AC3-B49C-A3A99587EF7B}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet.exe

"{58C05FE5-3712-4499-AED6-F8C78EB7C23A}"= UDP:11732:BitComet 11732 TCP

"{0C18720A-6186-4F2F-BD33-DD497E8E80DF}"= TCP:11732:BitComet 11732 UDP

"{66B2ECAE-C8FA-47BF-8F8F-EE8E995F55AE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{54877E2A-A700-4996-B527-6A818AC18788}"= UDP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe

"{36630E65-5AEA-4DA9-81CA-398DC20E7EB0}"= TCP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [18/01/2009 14:16 12552]

R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [18/01/2009 14:13 23832]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [18/01/2009 14:15 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [18/01/2009 14:15 108552]

R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [25/02/2008 20:04 51200]

R2 ampro;ampro;d:\artmoney\artmoney.sys [14/05/2009 19:24 7168]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [19/01/2009 21:29 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/06/2009 15:58 1370488]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26/02/2008 02:41 180736]

S2 PremierOpinion;PremierOpinion;c:\program files\PremierOpinion\pmservice.exe /service --> c:\program files\PremierOpinion\pmservice.exe [?]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31/05/2009 20:58 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-25 c:\windows\Tasks\User_Feed_Synchronization-{E09DCF49-D0DA-4A9C-9722-6C25155029C0}.job

- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Download all links with IDM - d:\internet download manager\IEGetAll.htm

IE: Download FLV video content with IDM - d:\internet download manager\IEGetVL.htm

IE: Download with IDM - d:\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

.

.

------- File Associations -------

.

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

MSConfigStartUp-DLD - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-25 20:35

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-713748134-4097783401-793962716-1000_Classes\CLSID\{78b86ad1-e074-4067-a584-ddc430f5b285}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000014e

"Therad"=dword:0000001d

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,

df,1c,2f,3b,8a,0a,32,11,89,01,b5,a1,a0,db,dc,a3,f5,f1,19,bf,4e,ee,3a,81,bc,\

[HKEY_USERS\S-1-5-21-713748134-4097783401-793962716-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):96,90,ba,6c,34,a0,d9,07,d9,1c,7c,09,31,4d,29,88,22,62,e2,e6,88,

42,1c,65,f7,f9,df,a0,2b,b9,07,fb,5a,8e,02,77,14,62,10,b0,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6088)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\audiodg.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\Launch Manager\LManager.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\windows\System32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Apoint2K\ApntEx.exe

c:\windows\System32\igfxext.exe

.

**************************************************************************

.

Completion time: 2009-09-25 20:41 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-25 19:41

Pre-Run: 4,947,460,096 bytes free

Post-Run: 4,551,602,176 bytes free

353 --- E O F --- 2009-09-25 17:12

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.