Winlogon @ Startup
January 21st, 2020
Virus And Spyware Scan, Where is the file located?
Check your startup folder. By the way, does the application menu still contain that startup folder like in XP? Then i`d search there too. You can do it manually, or use different applications. I`ve found STARTUPCPL_EXE a usefull, leightweight, portable application to do it.
This seems to be the origin of it. I got STARTUPCPL_EXE but it doesn’t kill the exe. I also found that there is winlogon.exe which is legitimate but this one is called winlog.exe.
use msconfig (type in run…) and remove it from startup
If you like to check System and if necessary remove malware pls doo this:
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr
Double click dds.scr to run the tool. * When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
# Save both reports to your desktop. Post DDS.txt back to topic.
Here it is:
Attach.txt
http://www.mediafire.com/?gmmnwmyog1y
DDS.txt
http://www.mediafire.com/?mm3jw20q3zj
DDS (Ver_09-12-01.01) - NTFSx86 Run by Kenny at 13:43:10.00 on Sat 12/26/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.1.1033.18.2037.889 [GMT -8:00]
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\sdra64.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\o2flash.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Tablet.exe
C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
"C:\Users\Kenny\AppData\Roaming\Microsoft\svchost.exe"
C:\Users\Kenny\AppData\Roaming\41b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskeng.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kenny\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uWindow Title = Hacked by Godzilla
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [{C46B0D9C-5E03-538E-E5CF-A5A65E76D03D}] c:\users\kenny\appdata\roaming\explorer32.exe
uRun: [Windows Video Drivers] c:\recycler\s-1-5-21-7395324379-3975237482-079941684-5001\winlogon.exe
uRun: [Win32load] c:\users\kenny\appdata\roaming\41b.exe -lds
uRun: [userinit] c:\users\kenny\appdata\roaming\sdra64.exe
uRun: [svchost.exe] c:\users\kenny\appdata\roaming\microsoft\svchost.exe
uRun: [{D261FF47-DDCA-3AE5-9683-364D6462CC9D}] c:\users\kenny\appdata\roaming\winlog.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [Unattend0000000001{2D70D39F-FE4B-4A7D-94F8-E863EEE3EA8C}] c:\fujitsu\logoncommands\gexc.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\updatenv.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQ"&"inst=NwA5AC0AOAAwADMA"&"prod=90"&"ver=9.0.716
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
mASetup: {D261FF47-DDCA-3AE5-9683-364D6462CC9D} - c:\windows\system32\winlog.exe
================= FIREFOX ===================
FF - ProfilePath - c:\users\kenny\appdata\roaming\mozilla\firefox\profiles\mfnie50e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={672ADA99-1978-7449-B1A3-647B95766E79}&q=
FF - prefs.js: network.proxy.http - 192.168.2.1
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\kenny\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-4-16 8960]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-10-8 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-12-18 583640]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\fjdvrupd\updnvsrv.exe [2007-1-27 11776]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-16 5632]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-10-8 72264]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-10-8 168776]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-2-4 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-1-21 41560]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2008-6-28 34736]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2008-5-3 3872]
S3 FjGenIo;Fujitsu Generic I/O Driver;c:\windows\system32\drivers\FjGenIo.sys [2007-9-19 7680]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-23 21504]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2007-4-16 785408]
S3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2007-4-16 7680]
=============== Created Last 30 ================
2009-12-26 17:42:52 0 d-----w- C:\$AVG
2009-12-26 17:42:50 12464 ------w- c:\windows\system32\avgrsstx.dll.install_backup
2009-12-26 17:42:28 0 d-----w- c:\program files\AVG
2009-12-26 17:42:26 0 d-----w- c:\programdata\avg9
2009-12-23 10:02:10 32256 ----a-w- c:\users\kenny\appdata\roaming\41b.exe
2009-12-22 18:52:54 0 d-----w- c:\users\kenny\appdata\roaming\OpenOffice.org
2009-12-22 18:49:18 0 d-----w- c:\program files\JRE
2009-12-22 18:48:13 0 d-----w- c:\program files\OpenOffice.org 3
2009-12-19 19:49:40 0 d-----w- c:\program files\SystemRequirementsLab
2009-12-19 03:04:43 8192 ----a-w- C:\wubildr.mbr
2009-12-19 03:04:43 80177 ----a-w- C:\wubildr
2009-12-19 03:03:43 0 d-----w- C:\ubuntu
2009-12-19 02:20:09 0 d-----w- c:\users\kenny\appdata\roaming\InfraRecorder
2009-12-19 02:18:17 0 d-----w- c:\program files\InfraRecorder
2009-12-19 00:34:19 0 d-----w- c:\program files\Windows Portable Devices
2009-12-19 00:25:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-19 00:25:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-19 00:17:10 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-19 00:17:09 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-19 00:17:08 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-19 00:14:22 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-18 23:53:46 0 d-----w- c:\users\kenny\appdata\roaming\Registry Mechanic
2009-12-18 23:46:37 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2009-12-18 23:46:37 506368 ----a-w- c:\windows\system32\msxml.dll
2009-12-18 23:46:37 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2009-12-18 23:46:37 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2009-12-18 23:39:14 0 d-----w- c:\program files\common files\PC Tools
2009-12-18 21:29:42 0 d-----w- c:\program files\Advanced Spyware Remover
2009-12-18 18:52:06 0 d-----w- c:\windows\system32\SDA
2009-12-18 18:52:04 0 d-----w- c:\program files\O2Micro
2009-12-18 18:50:55 0 d-----w- C:\drivers
2009-12-18 16:31:42 126372 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 02:43:53 0 d-----w- c:\program files\OpenAL
2009-12-16 02:43:52 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-16 02:43:52 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-16 02:42:55 0 d-----w- c:\program files\AssaultCube_v1.0
2009-12-15 20:56:13 0 d-----w- c:\program files\3DRipperDX
2009-12-15 20:29:35 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-15 20:19:54 0 d-----w- c:\program files\Sierra
2009-12-15 18:03:29 0 d-----w- c:\windows\system32\SAVES
2009-12-15 18:03:29 0 ----a-w- c:\windows\system32\temp5117.dat
2009-12-14 16:45:59 0 d-----w- C:\Games
2009-12-12 17:10:56 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-12-12 17:04:25 0 d--h--w- c:\windows\msdownld.tmp
2009-12-12 17:04:22 0 d-----w- c:\windows\system32\directx
2009-12-12 17:03:50 22360 ----a-w- c:\windows\system\X3DAudio1_6.dll
2009-12-12 17:01:46 1892184 ----a-w- c:\windows\system\d3dx9_42.dll
2009-12-12 16:58:54 68888 ----a-w- c:\windows\system\xinput1_3.dll
2009-12-12 16:53:25 0 d-----w- c:\users\kenny\appdata\roaming\Uniblue
2009-12-11 19:06:47 0 d-----w- c:\programdata\id Software
2009-12-11 18:55:29 55 ----a-w- c:\windows\SpeederXP.INI
2009-12-11 18:09:31 0 d-----w- c:\programdata\Office Genuine Advantage
2009-12-11 17:58:57 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-11 17:58:57 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-11 17:58:57 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-11 17:42:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-12-11 17:42:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-11 17:41:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-12-11 17:41:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-11 17:40:40 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-12-09 23:50:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 23:50:08 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 23:50:08 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 23:45:41 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 23:44:39 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 17:22:22 510 ----a-w- c:\windows\WORDPAD.INI
2009-12-09 17:06:16 0 d-----w- c:\program files\common files\Steam
2009-12-09 16:56:06 0 d-----w- c:\program files\Cracked Steam
2009-12-08 15:06:09 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-08 00:56:10 0 d-----w- c:\users\kenny\appdata\roaming\Xfire
2009-12-08 00:56:08 0 d-----w- c:\programdata\Xfire
2009-12-08 00:52:44 0 d-----w- c:\program files\Xfire
2009-12-07 17:29:06 808459 ----a-w- c:\windows\system32\winlog
2009-12-07 17:27:34 0 d-sh--w- c:\windows\system32\lowsec
2009-12-01 21:04:52 0 d-----w- c:\program files\common files\xing shared
2009-11-30 19:37:34 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-29 06:14:34 1781 ----a-w- c:\users\kenny\appdata\roaming\gjicrcivi.exe
2009-11-29 01:07:25 1781 ----a-w- c:\users\kenny\appdata\roaming\tedjhxcwq.exe
2009-11-29 01:01:18 1781 ----a-w- c:\users\kenny\appdata\roaming\abnwwkoov.exe
2009-11-28 19:35:43 610304 ----a-w- c:\users\kenny\appdata\roaming\yfsxrkpjp.exe
2009-11-28 15:38:52 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-28 15:35:51 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-28 15:35:51 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-27 22:28:35 610304 ----a-w- c:\users\kenny\appdata\roaming\wmyymmxry.exe
2009-11-27 21:29:26 610304 ----a-w- c:\users\kenny\appdata\roaming\jccdtmpud.exe
2009-11-27 20:39:49 610304 ----a-w- c:\users\kenny\appdata\roaming\cidtkqmqx.exe
2009-11-27 19:07:32 610304 ----a-w- c:\users\kenny\appdata\roaming\ssewgjrjc.exe
2009-11-27 18:55:00 610304 ----a-w- c:\users\kenny\appdata\roaming\xjjtbuyoh.exe
2009-11-27 18:50:59 610304 ----a-w- c:\users\kenny\appdata\roaming\bauqcmuos.exe
2009-11-27 15:12:17 0 d-----w- c:\users\kenny\appdata\roaming\Mp3tag
2009-11-27 15:12:08 0 d-----w- c:\program files\Mp3tag
==================== Find3M ====================
2009-12-19 00:34:14 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-19 00:34:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-19 00:34:14 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-19 00:34:14 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-29 12:18:18 1 --sh--w- c:\users\kenny\appdata\roaming\lsass.exe
2009-11-26 00:10:07 864256 ----a-w- c:\users\kenny\appdata\roaming\jqqqbqubu.exe
2009-11-26 00:03:00 864256 ----a-w- c:\users\kenny\appdata\roaming\hqhvjyybh.exe
2009-11-26 00:00:42 864256 ----a-w- c:\users\kenny\appdata\roaming\oxfsrkssh.exe
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-16 16:35:48 487424 ----a-w- c:\users\kenny\appdata\roaming\explorer32.exe
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-28 18:20:43 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2008-05-26 04:38:36 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-09-18 00:40:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007091720070918\index.dat
============= FINISH: 13:43:59.79 ===============
I also recently notice my internet explorer is labeled as “Hacked by Godzilla.” So I have a virus, I’m working on having it removed. However I can’t run as an administrator from the command line.
You have fine collection of malware in your computer…
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix:
http://www.bleepingcomputer.com/forums/topic114351.html
Remember to re-enable them afterwards.
2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
The problem has been fixed. Hvala vam dobar prijatelj. ComboFix
http://www.mediafire.com/?o13ljzbzwgb
ComboFix 09-12-27.04 - Kenny 12/28/2009 8:57.1.2 - x86
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.1.1033.18.2037.1213 [GMT -8:00]
Running from: c:\users\Kenny\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-4047919966-426220825-4163492893-1001
c:\recycler\S-1-5-21-7395324379-3975237482-079941684-5001
c:\recycler\S-1-5-21-8749679017-0950430147-468708784-3200
c:\users\Kenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\101.gif
c:\users\Kenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\102.gif
c:\users\Kenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\103.gif
c:\users\Kenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\104.gif
c:\users\Kenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\105.gif
c:\users\Kenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\106.gif
c:\users\Kenny\AppData\Roaming\41b.exe
c:\users\Kenny\AppData\Roaming\lsass.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_fix374.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_fix89634.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_fix897e.exe
c:\users\Kenny\AppData\Roaming\Microsoft\Windows_Run23.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update034.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update0384450.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update0723439.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update0934.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update0973432.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update0973454.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update3049872.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update875764.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update90384.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update9724.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update97332.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update9734.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update98374.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update9874.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_updaye0984.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\SIntf16.dll
c:\windows\system32\winio.vxd
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-28 17:06 . 2009-12-28 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-27 16:46 . 2009-12-27 16:47 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-12-26 23:29 . 2009-12-26 23:29 -------- d-----w- c:\users\Kenny\AppData\Local\Microsoft Corporation
2009-12-26 17:42 . 2009-12-26 17:42 -------- d-----w- C:\$AVG
2009-12-26 17:42 . 2009-12-26 17:42 -------- d-----w- c:\program files\AVG
2009-12-26 17:42 . 2009-12-26 18:12 -------- d-----w- c:\programdata\avg9
2009-12-22 18:53 . 2009-12-23 02:49 1 ----a-w- c:\users\Kenny\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-22 18:52 . 2009-12-22 18:52 -------- d-----w- c:\users\Kenny\AppData\Roaming\OpenOffice.org
2009-12-22 18:49 . 2009-12-22 18:49 -------- d-----w- c:\program files\JRE
2009-12-22 18:48 . 2009-12-22 18:49 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-19 19:49 . 2009-12-19 19:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-19 19:49 . 2009-12-19 19:49 -------- d-----w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab
2009-12-19 03:03 . 2009-12-19 03:03 -------- d-----w- C:\ubuntu
2009-12-19 02:20 . 2009-12-19 02:39 -------- d-----w- c:\users\Kenny\AppData\Roaming\InfraRecorder
2009-12-19 02:18 . 2009-12-19 02:18 -------- d-----w- c:\program files\InfraRecorder
2009-12-19 00:34 . 2009-12-19 00:34 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-19 00:17 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-19 00:17 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-19 00:17 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-19 00:14 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-18 23:53 . 2009-12-18 23:53 -------- d-----w- c:\users\Kenny\AppData\Roaming\Registry Mechanic
2009-12-18 23:46 . 2004-08-04 16:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-12-18 23:39 . 2009-12-18 23:39 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-18 21:29 . 2009-12-18 21:29 -------- d-----w- c:\program files\Advanced Spyware Remover
2009-12-18 18:52 . 2009-12-18 18:52 -------- d-----w- c:\windows\system32\SDA
2009-12-18 18:52 . 2009-12-18 18:52 -------- d-----w- c:\program files\O2Micro
2009-12-18 18:50 . 2009-12-18 18:50 -------- d-----w- C:\drivers
2009-12-18 16:31 . 2009-12-18 16:31 126372 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 02:43 . 2009-12-16 02:43 -------- d-----w- c:\program files\OpenAL
2009-12-16 02:43 . 2009-12-16 02:43 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-16 02:43 . 2009-12-16 02:43 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-16 02:42 . 2009-12-16 02:44 -------- d-----w- c:\program files\AssaultCube_v1.0
2009-12-16 02:24 . 2009-12-16 23:23 -------- d-----w- c:\users\Kenny\AppData\Local\Deployment
2009-12-15 20:56 . 2009-12-15 20:57 -------- d-----w- c:\program files\3DRipperDX
2009-12-15 20:29 . 2009-12-15 20:29 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-15 20:19 . 2009-12-15 21:11 -------- d-----w- c:\program files\Sierra
2009-12-15 18:03 . 2009-12-15 18:03 0 ----a-w- c:\windows\system32\temp5117.dat
2009-12-15 18:03 . 2009-12-15 18:03 -------- d-----w- c:\windows\system32\SAVES
2009-12-14 16:45 . 2009-12-27 20:55 -------- d-----w- C:\Games
2009-12-12 17:10 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-12-12 17:04 . 2009-12-12 17:09 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-12 17:03 . 2009-03-16 22:18 22360 ----a-w- c:\windows\system\X3DAudio1_6.dll
2009-12-12 17:01 . 2009-09-30 21:08 1892184 ----a-w- c:\windows\system\d3dx9_42.dll
2009-12-12 16:58 . 2007-02-21 10:11 68888 ----a-w- c:\windows\system\xinput1_3.dll
2009-12-12 16:53 . 2009-12-12 16:53 -------- d-----w- c:\users\Kenny\AppData\Roaming\Uniblue
2009-12-11 19:06 . 2009-12-11 19:06 -------- d-----w- c:\programdata\id Software
2009-12-11 18:09 . 2009-12-11 18:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-12-11 17:58 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-11 17:58 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-11 17:58 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-11 17:42 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-12-11 17:42 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-11 17:41 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-12-11 17:41 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-09 23:50 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 23:50 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 23:50 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 23:45 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 23:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 20:15 . 2009-12-09 20:15 -------- d-----w- c:\windows\Sun
2009-12-09 17:06 . 2009-12-27 20:47 -------- d-----w- c:\program files\Common Files\Steam
2009-12-09 16:56 . 2009-12-27 20:47 -------- d-----w- c:\program files\Cracked Steam
2009-12-08 15:06 . 2009-12-08 15:06 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-08 00:56 . 2009-12-19 20:23 -------- d-----w- c:\users\Kenny\AppData\Roaming\Xfire
2009-12-08 00:56 . 2009-12-18 01:13 -------- d-----w- c:\programdata\Xfire
2009-12-08 00:52 . 2009-12-08 03:38 -------- d-----w- c:\program files\Xfire
2009-12-01 21:05 . 2009-12-01 21:05 -------- d-----w- c:\users\Kenny\AppData\Local\Real
2009-12-01 21:04 . 2009-12-01 21:04 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-30 20:19 . 2009-11-30 20:19 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-11-30 20:17 . 2009-11-30 20:17 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe
2009-11-30 19:37 . 2009-11-30 19:37 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-29 06:14 . 2009-11-29 06:14 1781 ----a-w- c:\users\Kenny\AppData\Roaming\gjicrcivi.exe
2009-11-29 01:07 . 2009-11-29 01:07 1781 ----a-w- c:\users\Kenny\AppData\Roaming\tedjhxcwq.exe
2009-11-29 01:01 . 2009-11-29 01:01 1781 ----a-w- c:\users\Kenny\AppData\Roaming\abnwwkoov.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 02:14 . 2007-10-09 21:59 -------- d-----w- c:\users\Kenny\AppData\Roaming\uTorrent
2009-12-28 00:51 . 2008-06-29 02:48 -------- d-----w- c:\users\Kenny\AppData\Roaming\WTablet
2009-12-27 22:21 . 2007-10-10 00:20 -------- d-----w- c:\users\Kenny\AppData\Roaming\foobar2000
2009-12-27 17:57 . 2007-09-18 19:37 -------- d-----w- c:\program files\QuickTime
2009-12-26 22:32 . 2007-09-18 03:19 6324 ----a-w- c:\users\Kenny\AppData\Local\d3d9caps.dat
2009-12-25 13:33 . 2009-02-06 01:48 -------- d-----w- c:\users\Kenny\AppData\Roaming\FrostWire
2009-12-22 19:57 . 2007-09-18 03:19 74176 ----a-w- c:\users\Kenny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-22 18:45 . 2007-09-29 22:13 -------- d-----w- c:\program files\Java
2009-12-19 01:42 . 2007-09-26 18:57 -------- d-----w- c:\program files\PeerGuardian2
2009-12-19 01:42 . 2009-11-01 19:59 -------- d-----w- c:\program files\Pando Networks
2009-12-19 01:38 . 2007-09-18 05:29 -------- d-----w- c:\program files\Bonjour
2009-12-19 01:21 . 2009-03-30 22:22 -------- d-----w- c:\program files\Microsoft
2009-12-19 01:10 . 2008-06-02 22:26 -------- d-----w- c:\programdata\Sony
2009-12-19 01:08 . 2007-09-30 02:27 -------- d-----w- c:\programdata\ScanSoft
2009-12-19 01:06 . 2007-11-29 01:51 -------- d-----w- c:\program files\Real
2009-12-19 01:00 . 2008-12-28 23:34 -------- d-----w- c:\program files\Unity
2009-12-19 00:45 . 2009-01-23 23:16 -------- d-----w- c:\program files\eMusic Download Manager
2009-12-19 00:45 . 2009-01-23 23:16 -------- d-----w- c:\users\Kenny\AppData\Roaming\eMusic
2009-12-19 00:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-19 00:25 . 2009-12-19 00:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-19 00:25 . 2009-12-19 00:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-18 18:54 . 2007-04-16 19:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 16:24 . 2009-02-06 01:47 -------- d-----w- c:\program files\FrostWire
2009-12-15 04:19 . 2008-08-08 04:20 -------- d-----w- c:\program files\Pariah
2009-12-12 07:12 . 2008-01-07 19:53 -------- d-----w- c:\program files\Gore Special Edition
2009-12-11 23:37 . 2007-11-04 20:48 -------- d-----w- c:\program files\Elaborate Bytes
2009-12-11 20:16 . 2009-11-17 00:11 -------- d-----w- c:\program files\SpeederXP
2009-12-11 17:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-06 23:34 . 2009-11-26 00:00 -------- d-sh--w- c:\users\Kenny\AppData\Roaming\lowsec
2009-12-01 21:05 . 2007-11-29 01:51 -------- d-----w- c:\program files\Common Files\Real
2009-11-28 02:12 . 2007-09-18 19:37 -------- d-----w- c:\programdata\Apple
2009-11-27 20:51 . 2007-09-18 19:38 -------- d-----w- c:\users\Kenny\AppData\Roaming\Apple Computer
2009-11-27 15:15 . 2009-11-27 15:12 -------- d-----w- c:\users\Kenny\AppData\Roaming\Mp3tag
2009-11-27 15:12 . 2009-11-27 15:12 -------- d-----w- c:\program files\Mp3tag
2009-11-26 00:10 . 2009-11-26 00:10 864256 ----a-w- c:\users\Kenny\AppData\Roaming\jqqqbqubu.exe
2009-11-26 00:10 . 2009-11-26 00:10 864256 ----a-w- c:\users\Kenny\AppData\Roaming\jqqqbqubu.exe
2009-11-26 00:03 . 2009-11-26 00:02 864256 ----a-w- c:\users\Kenny\AppData\Roaming\hqhvjyybh.exe
2009-11-26 00:03 . 2009-11-26 00:02 864256 ----a-w- c:\users\Kenny\AppData\Roaming\hqhvjyybh.exe
2009-11-26 00:00 . 2009-11-26 00:00 864256 ----a-w- c:\users\Kenny\AppData\Roaming\oxfsrkssh.exe
2009-11-26 00:00 . 2009-11-26 00:00 864256 ----a-w- c:\users\Kenny\AppData\Roaming\oxfsrkssh.exe
2009-11-25 15:25 . 2009-11-25 15:25 439816 ----a-w- c:\users\Kenny\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-24 15:18 . 2009-11-24 15:18 -------- d-----w- c:\program files\Ask.com
2009-11-21 06:40 . 2009-12-11 17:57 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-11 17:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-11 17:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-11 17:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 23:26 . 2009-11-20 23:24 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 23:26 . 2009-11-20 23:24 -------- d-----w- c:\program files\iTunes
2009-11-20 23:24 . 2009-11-20 23:24 -------- d-----w- c:\program files\iPod
2009-11-20 23:24 . 2007-09-18 19:37 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 23:14 . 2009-11-20 23:14 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-20 23:08 . 2008-04-13 21:37 -------- d-----w- c:\program files\Safari
2009-11-20 23:03 . 2009-11-20 23:03 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-17 00:21 . 2009-11-17 00:21 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate7632.exe
2009-11-16 19:43 . 2009-11-03 17:09 -------- d-----w- c:\users\Kenny\AppData\Roaming\Orbit
2009-11-16 16:50 . 2009-11-16 16:50 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate90732.exe
2009-11-16 12:58 . 2009-11-16 12:58 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windows_update8765.exe
2009-11-15 23:13 . 2009-11-15 23:13 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate2386.exe
2009-11-15 21:35 . 2009-11-15 21:35 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windows_update1736.exe
2009-11-15 11:32 . 2009-11-14 22:57 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windows_update4826.exe
2009-11-14 22:58 . 2009-11-14 22:58 -------- d-sh--r- c:\users\Kenny\AppData\Roaming\taskmgr
2009-11-14 22:57 . 2009-11-14 22:58 82944 ----a-w- c:\users\Kenny\AppData\Roaming\taskmgr\taskmgr.exe
2009-11-14 20:33 . 2009-11-14 20:33 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_pidd.exe
2009-11-14 12:26 . 2009-11-14 12:26 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windows_update4659.exe
2009-11-13 12:52 . 2009-11-13 12:52 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_4729.exe
2009-11-12 09:35 . 2009-11-12 09:35 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_3864.exe
2009-11-03 17:09 . 2009-11-03 17:09 -------- d-----w- c:\users\Kenny\AppData\Roaming\GrabPro
2009-11-03 04:42 . 2009-11-05 02:05 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 01:09 . 2009-11-02 01:09 -------- d-----w- c:\programdata\Nexon
2009-11-02 01:09 . 2009-11-01 21:58 -------- d-----w- c:\programdata\NexonUS
2009-11-01 21:58 . 2009-11-01 21:58 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-01 21:58 . 2009-11-01 21:58 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-01 21:58 . 2009-11-01 21:58 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-01 21:58 . 2009-11-01 21:58 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-01 21:58 . 2009-11-01 21:58 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-01 21:58 . 2009-11-01 21:58 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-10-31 02:25 . 2009-10-28 14:49 -------- d-----w- c:\program files\GamersFirst
2009-10-29 09:17 . 2009-11-28 15:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 12:17 . 2009-03-30 01:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02 . 2009-12-19 00:14 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-12-19 00:14 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-12-19 00:14 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-12-19 00:14 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-12-19 00:14 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-12-19 00:14 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-12-19 00:14 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-12-19 00:14 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-12-19 00:14 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-12-19 00:14 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-12-19 00:14 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-12-19 00:14 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-12-19 00:14 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-12-19 00:14 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-12-19 00:14 33280 ----a-w- c:\windows\system32\WpdConns.dll
2008-02-22 05:58 . 2008-02-22 05:58 0 --sh--w- c:\windows\S9A529F09.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 22:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"Unattend0000000001{2D70D39F-FE4B-4A7D-94F8-E863EEE3EA8C}"="c:\fujitsu\LogonCommands\gexc.exe" [2006-12-18 258048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-01 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e7,71,f9,15,dd,08,ca,01
R0 FBIOSDRV;FBIOSDRV;c:\windows\System32\drivers\FBIOSDRV.SYS [4/16/2007 11:15 AM 8960]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/18/2009 3:46 PM 583640]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [1/27/2007 3:49 AM 11776]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [4/16/2007 11:27 AM 5632]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2/4/2008 5:23 PM 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [1/21/2008 1:56 AM 41560]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\System32\drivers\wisdpen.sys [6/28/2008 6:47 PM 34736]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [5/3/2008 12:54 AM 3872]
S3 FjGenIo;Fujitsu Generic I/O Driver;c:\windows\System32\drivers\FjGenIo.sys [9/19/2007 9:35 AM 7680]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [5/23/2008 10:48 PM 21504]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [11/2/2006 2:25 AM 30720]
S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\System32\drivers\USBAVCap.sys [4/16/2007 11:15 AM 785408]
S3 wtpfiltr;wtpfiltr;c:\windows\System32\drivers\wtpfiltr.sys [4/16/2007 11:11 AM 7680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\mfnie50e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={672ADA99-1978-7449-B1A3-647B95766E79}&q=
FF - prefs.js: network.proxy.http - 192.168.2.1
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Kenny\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-{D261FF47-DDCA-3AE5-9683-364D6462CC9D} - c:\users\Kenny\AppData\Roaming\winlog.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
ActiveSetup-{D261FF47-DDCA-3AE5-9683-364D6462CC9D} - c:\windows\system32\winlog.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 09:06
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{D261FF47-DDCA-3AE5-9683-364D6462CC9D} = c:\users\Kenny\AppData\Roaming\winlog.exe?a?\?R?o?a?m?i?n?g??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-28 09:10:02
ComboFix-quarantined-files.txt 2009-12-28 17:10
Pre-Run: 24,027,414,528 bytes free
Post-Run: 28,130,615,296 bytes free
- - End Of File - - 0495D0525F136E93B4BFD50199F72BA0
Thanks;)
maybe the problem is been resolved but you system is still infected.
1.Copy Combofix tool on the Desktop!
c:\users\Kenny\Downloads\ComboFix.exe
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\users\Kenny\AppData\Roaming\winlog.exe
c:\windows\system32\temp5117.dat
c:\users\Kenny\AppData\Roaming\gjicrcivi.exe
c:\users\Kenny\AppData\Roaming\tedjhxcwq.exe
c:\users\Kenny\AppData\Roaming\abnwwkoov.exe
c:\users\Kenny\AppData\Roaming\jqqqbqubu.exe
c:\users\Kenny\AppData\Roaming\jqqqbqubu.exe
c:\windows\S9A529F09.tmp
c:\users\Kenny\AppData\Roaming\hqhvjyybh.exe
c:\users\Kenny\AppData\Roaming\hqhvjyybh.exe
c:\users\Kenny\AppData\Roaming\oxfsrkssh.exe
c:\users\Kenny\AppData\Roaming\oxfsrkssh.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate90732.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update8765.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate2386.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update1736.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update4826.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_pidd.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update4659.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_4729.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_3864.exe
Save this as CFScript.txt
Close all browser windows and refering to the picture above, drag CFScript into Combofix.exe
Then post the resultant log …………………….
Scan your Computer with Malwarebytes Anti-Malware
Tuto::
Download Malwarebytes Anti-Malware and save it to your desktop.
http://www.malwarebytes.org/mbam.php
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
* Make sure you are connected to the Internet.
* Double-click on mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
* If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
* Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
ComboFix Log
ComboFix 09-12-27.04 - Kenny 12/28/2009 15:43:22.2.2 - x86
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.1.1033.18.2037.1172 [GMT -8:00]
Running from: c:\users\Kenny\Desktop\ComboFix.exe
Command switches used :: c:\users\Kenny\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\Kenny\AppData\Roaming\abnwwkoov.exe"
"c:\users\Kenny\AppData\Roaming\gjicrcivi.exe"
"c:\users\Kenny\AppData\Roaming\hqhvjyybh.exe"
"c:\users\Kenny\AppData\Roaming\jqqqbqubu.exe"
"c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_3864.exe"
"c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_4729.exe"
"c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_pidd.exe"
"c:\users\Kenny\AppData\Roaming\Microsoft\windows_update1736.exe"
"c:\users\Kenny\AppData\Roaming\Microsoft\windows_update4659.exe"
"c:\users\Kenny\AppData\Roaming\Microsoft\windows_update4826.exe"
"c:\users\Kenny\AppData\Roaming\Microsoft\windows_update8765.exe"
"c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate2386.exe"
"c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate90732.exe"
"c:\users\Kenny\AppData\Roaming\oxfsrkssh.exe"
"c:\users\Kenny\AppData\Roaming\tedjhxcwq.exe"
"c:\users\Kenny\AppData\Roaming\winlog.exe"
"c:\windows\S9A529F09.tmp"
"c:\windows\system32\temp5117.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Kenny\AppData\Roaming\abnwwkoov.exe
c:\users\Kenny\AppData\Roaming\gjicrcivi.exe
c:\users\Kenny\AppData\Roaming\hqhvjyybh.exe
c:\users\Kenny\AppData\Roaming\jqqqbqubu.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_3864.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_4729.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update_pidd.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update1736.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update4659.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update4826.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windows_update8765.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate2386.exe
c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate90732.exe
c:\users\Kenny\AppData\Roaming\oxfsrkssh.exe
c:\users\Kenny\AppData\Roaming\tedjhxcwq.exe
c:\windows\S9A529F09.tmp
c:\windows\system32\temp5117.dat
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-28 23:51 . 2009-12-28 23:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-12-28 23:51 . 2009-12-28 23:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-28 23:51 . 2009-12-28 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-28 22:51 . 2009-12-28 22:51 -------- d-----w- c:\users\Kenny\AppData\Roaming\Malwarebytes
2009-12-28 22:51 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 22:51 . 2009-12-28 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 22:51 . 2009-12-28 22:51 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 22:51 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 18:12 . 2009-12-28 18:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2009-12-27 16:46 . 2009-12-27 16:47 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-12-26 23:29 . 2009-12-26 23:29 -------- d-----w- c:\users\Kenny\AppData\Local\Microsoft Corporation
2009-12-26 17:42 . 2009-12-26 17:42 -------- d-----w- C:\$AVG
2009-12-26 17:42 . 2009-12-26 17:42 -------- d-----w- c:\program files\AVG
2009-12-26 17:42 . 2009-12-26 18:12 -------- d-----w- c:\programdata\avg9
2009-12-22 18:53 . 2009-12-23 02:49 1 ----a-w- c:\users\Kenny\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-22 18:52 . 2009-12-22 18:52 -------- d-----w- c:\users\Kenny\AppData\Roaming\OpenOffice.org
2009-12-22 18:49 . 2009-12-22 18:49 -------- d-----w- c:\program files\JRE
2009-12-22 18:48 . 2009-12-22 18:49 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-19 19:49 . 2009-12-19 19:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-19 19:49 . 2009-12-19 19:49 -------- d-----w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab
2009-12-19 03:03 . 2009-12-19 03:03 -------- d-----w- C:\ubuntu
2009-12-19 02:20 . 2009-12-19 02:39 -------- d-----w- c:\users\Kenny\AppData\Roaming\InfraRecorder
2009-12-19 02:18 . 2009-12-19 02:18 -------- d-----w- c:\program files\InfraRecorder
2009-12-19 00:34 . 2009-12-19 00:34 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-19 00:17 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-19 00:17 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-19 00:17 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-19 00:14 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-18 23:53 . 2009-12-18 23:53 -------- d-----w- c:\users\Kenny\AppData\Roaming\Registry Mechanic
2009-12-18 23:46 . 2004-08-04 16:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-12-18 23:39 . 2009-12-18 23:39 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-18 21:29 . 2009-12-18 21:29 -------- d-----w- c:\program files\Advanced Spyware Remover
2009-12-18 18:52 . 2009-12-18 18:52 -------- d-----w- c:\windows\system32\SDA
2009-12-18 18:52 . 2009-12-18 18:52 -------- d-----w- c:\program files\O2Micro
2009-12-18 18:50 . 2009-12-18 18:50 -------- d-----w- C:\drivers
2009-12-18 16:31 . 2009-12-18 16:31 126372 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 02:43 . 2009-12-16 02:43 -------- d-----w- c:\program files\OpenAL
2009-12-16 02:43 . 2009-12-16 02:43 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-16 02:43 . 2009-12-16 02:43 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-16 02:42 . 2009-12-16 02:44 -------- d-----w- c:\program files\AssaultCube_v1.0
2009-12-16 02:24 . 2009-12-16 23:23 -------- d-----w- c:\users\Kenny\AppData\Local\Deployment
2009-12-15 20:56 . 2009-12-15 20:57 -------- d-----w- c:\program files\3DRipperDX
2009-12-15 20:29 . 2009-12-15 20:29 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-15 20:19 . 2009-12-15 21:11 -------- d-----w- c:\program files\Sierra
2009-12-15 18:03 . 2009-12-15 18:03 -------- d-----w- c:\windows\system32\SAVES
2009-12-14 16:45 . 2009-12-27 20:55 -------- d-----w- C:\Games
2009-12-12 17:10 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-12-12 17:04 . 2009-12-12 17:09 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-12 17:03 . 2009-03-16 22:18 22360 ----a-w- c:\windows\system\X3DAudio1_6.dll
2009-12-12 17:01 . 2009-09-30 21:08 1892184 ----a-w- c:\windows\system\d3dx9_42.dll
2009-12-12 16:58 . 2007-02-21 10:11 68888 ----a-w- c:\windows\system\xinput1_3.dll
2009-12-12 16:53 . 2009-12-12 16:53 -------- d-----w- c:\users\Kenny\AppData\Roaming\Uniblue
2009-12-11 19:06 . 2009-12-11 19:06 -------- d-----w- c:\programdata\id Software
2009-12-11 18:09 . 2009-12-11 18:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-12-11 17:58 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-11 17:58 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-11 17:58 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-11 17:42 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-12-11 17:42 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-11 17:41 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-12-11 17:41 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-09 23:50 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 23:50 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 23:50 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 23:45 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 23:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 20:15 . 2009-12-09 20:15 -------- d-----w- c:\windows\Sun
2009-12-09 17:06 . 2009-12-27 20:47 -------- d-----w- c:\program files\Common Files\Steam
2009-12-09 16:56 . 2009-12-27 20:47 -------- d-----w- c:\program files\Cracked Steam
2009-12-08 15:06 . 2009-12-08 15:06 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-08 00:56 . 2009-12-19 20:23 -------- d-----w- c:\users\Kenny\AppData\Roaming\Xfire
2009-12-08 00:56 . 2009-12-18 01:13 -------- d-----w- c:\programdata\Xfire
2009-12-08 00:52 . 2009-12-08 03:38 -------- d-----w- c:\program files\Xfire
2009-12-01 21:05 . 2009-12-01 21:05 -------- d-----w- c:\users\Kenny\AppData\Local\Real
2009-12-01 21:04 . 2009-12-01 21:04 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-30 20:19 . 2009-11-30 20:19 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-11-30 20:17 . 2009-11-30 20:17 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe
2009-11-30 19:37 . 2009-11-30 19:37 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 21:39 . 2007-04-16 19:58 -------- d-----w- c:\program files\Google
2009-12-28 21:35 . 2008-06-29 02:48 -------- d-----w- c:\users\Kenny\AppData\Roaming\WTablet
2009-12-28 02:14 . 2007-10-09 21:59 -------- d-----w- c:\users\Kenny\AppData\Roaming\uTorrent
2009-12-27 22:21 . 2007-10-10 00:20 -------- d-----w- c:\users\Kenny\AppData\Roaming\foobar2000
2009-12-27 17:57 . 2007-09-18 19:37 -------- d-----w- c:\program files\QuickTime
2009-12-26 22:32 . 2007-09-18 03:19 6324 ----a-w- c:\users\Kenny\AppData\Local\d3d9caps.dat
2009-12-25 13:33 . 2009-02-06 01:48 -------- d-----w- c:\users\Kenny\AppData\Roaming\FrostWire
2009-12-22 19:57 . 2007-09-18 03:19 74176 ----a-w- c:\users\Kenny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-22 18:45 . 2007-09-29 22:13 -------- d-----w- c:\program files\Java
2009-12-19 01:42 . 2007-09-26 18:57 -------- d-----w- c:\program files\PeerGuardian2
2009-12-19 01:42 . 2009-11-01 19:59 -------- d-----w- c:\program files\Pando Networks
2009-12-19 01:38 . 2007-09-18 05:29 -------- d-----w- c:\program files\Bonjour
2009-12-19 01:21 . 2009-03-30 22:22 -------- d-----w- c:\program files\Microsoft
2009-12-19 01:10 . 2008-06-02 22:26 -------- d-----w- c:\programdata\Sony
2009-12-19 01:08 . 2007-09-30 02:27 -------- d-----w- c:\programdata\ScanSoft
2009-12-19 01:06 . 2007-11-29 01:51 -------- d-----w- c:\program files\Real
2009-12-19 01:00 . 2008-12-28 23:34 -------- d-----w- c:\program files\Unity
2009-12-19 00:45 . 2009-01-23 23:16 -------- d-----w- c:\program files\eMusic Download Manager
2009-12-19 00:45 . 2009-01-23 23:16 -------- d-----w- c:\users\Kenny\AppData\Roaming\eMusic
2009-12-19 00:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-19 00:25 . 2009-12-19 00:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-19 00:25 . 2009-12-19 00:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-18 18:54 . 2007-04-16 19:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 16:24 . 2009-02-06 01:47 -------- d-----w- c:\program files\FrostWire
2009-12-15 04:19 . 2008-08-08 04:20 -------- d-----w- c:\program files\Pariah
2009-12-12 07:12 . 2008-01-07 19:53 -------- d-----w- c:\program files\Gore Special Edition
2009-12-11 23:37 . 2007-11-04 20:48 -------- d-----w- c:\program files\Elaborate Bytes
2009-12-11 20:16 . 2009-11-17 00:11 -------- d-----w- c:\program files\SpeederXP
2009-12-11 17:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-06 23:34 . 2009-11-26 00:00 -------- d-sh--w- c:\users\Kenny\AppData\Roaming\lowsec
2009-12-01 21:05 . 2007-11-29 01:51 -------- d-----w- c:\program files\Common Files\Real
2009-11-28 02:12 . 2007-09-18 19:37 -------- d-----w- c:\programdata\Apple
2009-11-27 20:51 . 2007-09-18 19:38 -------- d-----w- c:\users\Kenny\AppData\Roaming\Apple Computer
2009-11-27 15:15 . 2009-11-27 15:12 -------- d-----w- c:\users\Kenny\AppData\Roaming\Mp3tag
2009-11-27 15:12 . 2009-11-27 15:12 -------- d-----w- c:\program files\Mp3tag
2009-11-25 15:25 . 2009-11-25 15:25 439816 ----a-w- c:\users\Kenny\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-24 15:18 . 2009-11-24 15:18 -------- d-----w- c:\program files\Ask.com
2009-11-21 06:40 . 2009-12-11 17:57 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-11 17:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-11 17:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-11 17:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 23:26 . 2009-11-20 23:24 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 23:26 . 2009-11-20 23:24 -------- d-----w- c:\program files\iTunes
2009-11-20 23:24 . 2009-11-20 23:24 -------- d-----w- c:\program files\iPod
2009-11-20 23:24 . 2007-09-18 19:37 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 23:14 . 2009-11-20 23:14 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-20 23:08 . 2008-04-13 21:37 -------- d-----w- c:\program files\Safari
2009-11-20 23:03 . 2009-11-20 23:03 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-17 00:21 . 2009-11-17 00:21 415 ----a-w- c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate7632.exe
2009-11-16 19:43 . 2009-11-03 17:09 -------- d-----w- c:\users\Kenny\AppData\Roaming\Orbit
2009-11-14 22:58 . 2009-11-14 22:58 -------- d-sh--r- c:\users\Kenny\AppData\Roaming\taskmgr
2009-11-14 22:57 . 2009-11-14 22:58 82944 ----a-w- c:\users\Kenny\AppData\Roaming\taskmgr\taskmgr.exe
2009-11-03 17:09 . 2009-11-03 17:09 -------- d-----w- c:\users\Kenny\AppData\Roaming\GrabPro
2009-11-03 04:42 . 2009-11-05 02:05 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 01:09 . 2009-11-02 01:09 -------- d-----w- c:\programdata\Nexon
2009-11-02 01:09 . 2009-11-01 21:58 -------- d-----w- c:\programdata\NexonUS
2009-11-01 21:58 . 2009-11-01 21:58 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-01 21:58 . 2009-11-01 21:58 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-01 21:58 . 2009-11-01 21:58 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-01 21:58 . 2009-11-01 21:58 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-01 21:58 . 2009-11-01 21:58 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-01 21:58 . 2009-11-01 21:58 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-10-31 02:25 . 2009-10-28 14:49 -------- d-----w- c:\program files\GamersFirst
2009-10-29 09:17 . 2009-11-28 15:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 12:17 . 2009-03-30 01:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02 . 2009-12-19 00:14 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-12-19 00:14 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-12-19 00:14 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-12-19 00:14 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-12-19 00:14 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-12-19 00:14 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-12-19 00:14 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-12-19 00:14 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-12-19 00:14 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-12-19 00:14 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-12-19 00:14 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-12-19 00:14 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-12-19 00:14 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-12-19 00:14 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-12-19 00:14 33280 ----a-w- c:\windows\system32\WpdConns.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-28_17.06.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-06 21:35 . 2009-12-28 21:37 97230 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-28 21:37 83264 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-18 03:20 . 2009-12-28 21:37 18754 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4047919966-426220825-4163492893-1000_UserData.bin
+ 2009-12-28 17:47 . 2009-12-28 17:47 84507 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2007-09-18 00:40 . 2009-12-28 21:35 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-18 00:40 . 2009-12-28 15:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-18 00:40 . 2009-12-28 21:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-18 00:40 . 2009-12-28 15:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-18 00:40 . 2009-12-28 15:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-18 00:40 . 2009-12-28 21:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-28 18:12 . 2009-12-28 18:12 22528 c:\windows\Installer\350cd2.msi
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ARPPRODUCTICON.exe
+ 2007-09-30 17:37 . 2009-12-28 17:14 3926 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2007-09-30 17:37 . 2009-12-27 22:44 3926 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-12-28 00:51 . 2009-12-28 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-28 21:35 . 2009-12-28 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-28 00:51 . 2009-12-28 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-28 21:35 . 2009-12-28 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-26 16:36 . 2009-12-28 21:04 244762 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-11-03 00:24 . 2009-11-03 00:24 257440 c:\windows\System32\Macromed\Flash\FlashUtil10d.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 1258496 c:\windows\Installer\350cd9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 22:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"Unattend0000000001{2D70D39F-FE4B-4A7D-94F8-E863EEE3EA8C}"="c:\fujitsu\LogonCommands\gexc.exe" [2006-12-18 258048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-01 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e7,71,f9,15,dd,08,ca,01
R0 FBIOSDRV;FBIOSDRV;c:\windows\System32\drivers\FBIOSDRV.SYS [4/16/2007 11:15 AM 8960]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/18/2009 3:46 PM 583640]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [1/27/2007 3:49 AM 11776]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [4/16/2007 11:27 AM 5632]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2/4/2008 5:23 PM 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [1/21/2008 1:56 AM 41560]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\System32\drivers\wisdpen.sys [6/28/2008 6:47 PM 34736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 10:12 AM 135664]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [5/3/2008 12:54 AM 3872]
S3 FjGenIo;Fujitsu Generic I/O Driver;c:\windows\System32\drivers\FjGenIo.sys [9/19/2007 9:35 AM 7680]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [5/23/2008 10:48 PM 21504]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [11/2/2006 2:25 AM 30720]
S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\System32\drivers\USBAVCap.sys [4/16/2007 11:15 AM 785408]
S3 wtpfiltr;wtpfiltr;c:\windows\System32\drivers\wtpfiltr.sys [4/16/2007 11:11 AM 7680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\mfnie50e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={672ADA99-1978-7449-B1A3-647B95766E79}&q=
FF - prefs.js: network.proxy.http - 192.168.2.1
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Kenny\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 15:51
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-28 15:54:32
ComboFix-quarantined-files.txt 2009-12-28 23:54
ComboFix2.txt 2009-12-28 17:10
Pre-Run: 31,011,381,248 bytes free
Post-Run: 30,791,618,560 bytes free
- - End Of File - - 801EB58D2A0ACCFFE77F6EE3D2D93F6F
Malwarebytes
Malwarebytes' Anti-Malware 1.42
Database version: 3446
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
12/28/2009 5:38:14 PM
mbam-log-2009-12-28 (17-38-14).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 278064
Time elapsed: 1 hour(s), 5 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD 2.9.0.9 Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Kenny\AppData\Roaming\Microsoft\Windows_Run23.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\users\Kenny\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Save this as CFScript
Close all browser windows and refering to the picture above, drag CFScript into Combofix.exe
Then post the resultant log
…………………………………………………
* Now tell me how a computer works?
My computer runs better now, I installed Malwarebytes along with Microsoft Security Essentials
ComboFix 09-12-29.04 - Kenny 12/29/2009 15:40:25.3.2 - x86
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.1.1033.18.2037.1191 [GMT -8:00]
Running from: c:\users\Kenny\Desktop\ComboFix.exe
Command switches used :: c:\users\Kenny\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\Kenny\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys"
"c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf"
"c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Kenny\AppData\Roaming\Microsoft\windowsupdate7632.exe
c:\users\Kenny\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
c:\windows\system32\Chip.dll
c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.
2009-12-29 23:48 . 2009-12-29 23:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-12-29 23:48 . 2009-12-29 23:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-29 23:48 . 2009-12-29 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-28 22:51 . 2009-12-28 22:51 -------- d-----w- c:\users\Kenny\AppData\Roaming\Malwarebytes
2009-12-28 22:51 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 22:51 . 2009-12-28 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 22:51 . 2009-12-28 22:51 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 22:51 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 18:12 . 2009-12-28 18:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2009-12-27 16:46 . 2009-12-27 16:47 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-12-26 23:29 . 2009-12-26 23:29 -------- d-----w- c:\users\Kenny\AppData\Local\Microsoft Corporation
2009-12-26 17:42 . 2009-12-26 17:42 -------- d-----w- C:\$AVG
2009-12-26 17:42 . 2009-12-26 17:42 -------- d-----w- c:\program files\AVG
2009-12-26 17:42 . 2009-12-26 18:12 -------- d-----w- c:\programdata\avg9
2009-12-22 18:52 . 2009-12-22 18:52 -------- d-----w- c:\users\Kenny\AppData\Roaming\OpenOffice.org
2009-12-22 18:49 . 2009-12-22 18:49 -------- d-----w- c:\program files\JRE
2009-12-22 18:48 . 2009-12-22 18:49 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-19 19:49 . 2009-12-19 19:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-19 19:49 . 2009-12-19 19:49 138240 ----a-w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-19 19:49 . 2009-12-19 19:49 -------- d-----w- c:\users\Kenny\AppData\Roaming\SystemRequirementsLab
2009-12-19 03:03 . 2009-12-19 03:03 -------- d-----w- C:\ubuntu
2009-12-19 02:20 . 2009-12-19 02:39 -------- d-----w- c:\users\Kenny\AppData\Roaming\InfraRecorder
2009-12-19 02:18 . 2009-12-19 02:18 -------- d-----w- c:\program files\InfraRecorder
2009-12-19 00:34 . 2009-12-19 00:34 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-19 00:17 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-19 00:17 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-19 00:17 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-19 00:14 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-18 23:53 . 2009-12-18 23:53 -------- d-----w- c:\users\Kenny\AppData\Roaming\Registry Mechanic
2009-12-18 23:46 . 2004-08-04 16:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-12-18 23:39 . 2009-12-18 23:39 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-18 21:29 . 2009-12-18 21:29 -------- d-----w- c:\program files\Advanced Spyware Remover
2009-12-18 18:52 . 2009-12-18 18:52 -------- d-----w- c:\windows\system32\SDA
2009-12-18 18:52 . 2009-12-18 18:52 -------- d-----w- c:\program files\O2Micro
2009-12-18 18:50 . 2009-12-18 18:50 -------- d-----w- C:\drivers
2009-12-18 16:31 . 2009-12-18 16:31 126372 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 02:43 . 2009-12-16 02:43 -------- d-----w- c:\program files\OpenAL
2009-12-16 02:43 . 2009-12-16 02:43 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-16 02:43 . 2009-12-16 02:43 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-16 02:42 . 2009-12-16 02:44 -------- d-----w- c:\program files\AssaultCube_v1.0
2009-12-16 02:24 . 2009-12-16 23:23 -------- d-----w- c:\users\Kenny\AppData\Local\Deployment
2009-12-15 20:56 . 2009-12-15 20:57 -------- d-----w- c:\program files\3DRipperDX
2009-12-15 20:29 . 2009-12-15 20:29 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-15 20:19 . 2009-12-15 21:11 -------- d-----w- c:\program files\Sierra
2009-12-15 18:03 . 2009-12-15 18:03 -------- d-----w- c:\windows\system32\SAVES
2009-12-14 16:45 . 2009-12-27 20:55 -------- d-----w- C:\Games
2009-12-12 17:10 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-12-12 17:04 . 2009-12-12 17:09 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-12 17:03 . 2009-03-16 22:18 22360 ----a-w- c:\windows\system\X3DAudio1_6.dll
2009-12-12 17:01 . 2009-09-30 21:08 1892184 ----a-w- c:\windows\system\d3dx9_42.dll
2009-12-12 16:58 . 2007-02-21 10:11 68888 ----a-w- c:\windows\system\xinput1_3.dll
2009-12-12 16:53 . 2009-12-12 16:53 -------- d-----w- c:\users\Kenny\AppData\Roaming\Uniblue
2009-12-11 19:06 . 2009-12-11 19:06 -------- d-----w- c:\programdata\id Software
2009-12-11 18:09 . 2009-12-11 18:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-12-11 17:58 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-11 17:58 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-11 17:58 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-11 17:42 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-12-11 17:42 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-11 17:41 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-12-11 17:41 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-09 23:50 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 23:50 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 23:50 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 23:45 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 23:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 20:15 . 2009-12-09 20:15 -------- d-----w- c:\windows\Sun
2009-12-09 17:06 . 2009-12-27 20:47 -------- d-----w- c:\program files\Common Files\Steam
2009-12-09 16:56 . 2009-12-27 20:47 -------- d-----w- c:\program files\Cracked Steam
2009-12-08 15:06 . 2009-12-08 15:06 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-08 00:56 . 2009-12-29 23:37 -------- d-----w- c:\users\Kenny\AppData\Roaming\Xfire
2009-12-08 00:56 . 2009-12-18 01:13 -------- d-----w- c:\programdata\Xfire
2009-12-08 00:52 . 2009-12-08 03:38 -------- d-----w- c:\program files\Xfire
2009-12-01 21:05 . 2009-12-01 21:05 -------- d-----w- c:\users\Kenny\AppData\Local\Real
2009-12-01 21:04 . 2009-12-01 21:04 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-30 20:19 . 2009-11-30 20:19 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-11-30 20:17 . 2009-11-30 20:17 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe
2009-11-30 19:37 . 2009-11-30 19:37 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 17:53 . 2008-06-29 02:48 -------- d-----w- c:\users\Kenny\AppData\Roaming\WTablet
2009-12-29 01:40 . 2007-04-16 19:58 -------- d-----w- c:\program files\Google
2009-12-28 02:14 . 2007-10-09 21:59 -------- d-----w- c:\users\Kenny\AppData\Roaming\uTorrent
2009-12-27 22:21 . 2007-10-10 00:20 -------- d-----w- c:\users\Kenny\AppData\Roaming\foobar2000
2009-12-27 17:57 . 2007-09-18 19:37 -------- d-----w- c:\program files\QuickTime
2009-12-26 22:32 . 2007-09-18 03:19 6324 ----a-w- c:\users\Kenny\AppData\Local\d3d9caps.dat
2009-12-25 13:33 . 2009-02-06 01:48 -------- d-----w- c:\users\Kenny\AppData\Roaming\FrostWire
2009-12-22 19:57 . 2007-09-18 03:19 74176 ----a-w- c:\users\Kenny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-22 18:45 . 2007-09-29 22:13 -------- d-----w- c:\program files\Java
2009-12-19 01:42 . 2007-09-26 18:57 -------- d-----w- c:\program files\PeerGuardian2
2009-12-19 01:42 . 2009-11-01 19:59 -------- d-----w- c:\program files\Pando Networks
2009-12-19 01:38 . 2007-09-18 05:29 -------- d-----w- c:\program files\Bonjour
2009-12-19 01:21 . 2009-03-30 22:22 -------- d-----w- c:\program files\Microsoft
2009-12-19 01:10 . 2008-06-02 22:26 -------- d-----w- c:\programdata\Sony
2009-12-19 01:08 . 2007-09-30 02:27 -------- d-----w- c:\programdata\ScanSoft
2009-12-19 01:06 . 2007-11-29 01:51 -------- d-----w- c:\program files\Real
2009-12-19 01:00 . 2008-12-28 23:34 -------- d-----w- c:\program files\Unity
2009-12-19 00:45 . 2009-01-23 23:16 -------- d-----w- c:\program files\eMusic Download Manager
2009-12-19 00:45 . 2009-01-23 23:16 -------- d-----w- c:\users\Kenny\AppData\Roaming\eMusic
2009-12-19 00:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-18 18:54 . 2007-04-16 19:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 16:24 . 2009-02-06 01:47 -------- d-----w- c:\program files\FrostWire
2009-12-15 04:19 . 2008-08-08 04:20 -------- d-----w- c:\program files\Pariah
2009-12-12 07:12 . 2008-01-07 19:53 -------- d-----w- c:\program files\Gore Special Edition
2009-12-11 23:37 . 2007-11-04 20:48 -------- d-----w- c:\program files\Elaborate Bytes
2009-12-11 20:16 . 2009-11-17 00:11 -------- d-----w- c:\program files\SpeederXP
2009-12-11 17:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-06 23:34 . 2009-11-26 00:00 -------- d-sh--w- c:\users\Kenny\AppData\Roaming\lowsec
2009-12-01 21:05 . 2007-11-29 01:51 -------- d-----w- c:\program files\Common Files\Real
2009-11-28 02:12 . 2007-09-18 19:37 -------- d-----w- c:\programdata\Apple
2009-11-27 20:51 . 2007-09-18 19:38 -------- d-----w- c:\users\Kenny\AppData\Roaming\Apple Computer
2009-11-27 15:15 . 2009-11-27 15:12 -------- d-----w- c:\users\Kenny\AppData\Roaming\Mp3tag
2009-11-27 15:12 . 2009-11-27 15:12 -------- d-----w- c:\program files\Mp3tag
2009-11-25 15:25 . 2009-11-25 15:25 439816 ----a-w- c:\users\Kenny\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-24 15:18 . 2009-11-24 15:18 -------- d-----w- c:\program files\Ask.com
2009-11-21 06:40 . 2009-12-11 17:57 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-11 17:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-11 17:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-11 17:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 23:26 . 2009-11-20 23:24 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 23:26 . 2009-11-20 23:24 -------- d-----w- c:\program files\iTunes
2009-11-20 23:24 . 2009-11-20 23:24 -------- d-----w- c:\program files\iPod
2009-11-20 23:24 . 2007-09-18 19:37 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 23:14 . 2009-11-20 23:14 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-20 23:08 . 2008-04-13 21:37 -------- d-----w- c:\program files\Safari
2009-11-20 23:03 . 2009-11-20 23:03 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-16 19:43 . 2009-11-03 17:09 -------- d-----w- c:\users\Kenny\AppData\Roaming\Orbit
2009-11-14 22:58 . 2009-11-14 22:58 -------- d-sh--r- c:\users\Kenny\AppData\Roaming\taskmgr
2009-11-14 22:57 . 2009-11-14 22:58 82944 ----a-w- c:\users\Kenny\AppData\Roaming\taskmgr\taskmgr.exe
2009-11-03 17:09 . 2009-11-03 17:09 -------- d-----w- c:\users\Kenny\AppData\Roaming\GrabPro
2009-11-03 04:42 . 2009-11-05 02:05 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 01:09 . 2009-11-02 01:09 -------- d-----w- c:\programdata\Nexon
2009-11-02 01:09 . 2009-11-01 21:58 -------- d-----w- c:\programdata\NexonUS
2009-11-01 21:58 . 2009-11-01 21:58 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-01 21:58 . 2009-11-01 21:58 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-01 21:58 . 2009-11-01 21:58 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-01 21:58 . 2009-11-01 21:58 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-01 21:58 . 2009-11-01 21:58 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-01 21:58 . 2009-11-01 21:58 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-10-31 02:25 . 2009-10-28 14:49 -------- d-----w- c:\program files\GamersFirst
2009-10-29 09:17 . 2009-11-28 15:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 12:17 . 2009-03-30 01:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02 . 2009-12-19 00:14 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-12-19 00:14 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-12-19 00:14 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-12-19 00:14 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-12-19 00:14 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-12-19 00:14 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-12-19 00:14 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-12-19 00:14 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-12-19 00:14 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-12-19 00:14 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-12-19 00:14 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-12-19 00:14 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-12-19 00:14 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-12-19 00:14 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-12-19 00:14 33280 ----a-w- c:\windows\system32\WpdConns.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-28_17.06.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-06 21:35 . 2009-12-29 17:55 97302 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-29 17:55 83422 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-18 03:20 . 2009-12-29 17:55 18818 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4047919966-426220825-4163492893-1000_UserData.bin
+ 2009-12-28 17:47 . 2009-12-28 17:47 84507 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2007-09-18 00:40 . 2009-12-29 17:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-18 00:40 . 2009-12-28 15:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-18 00:40 . 2009-12-29 17:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-18 00:40 . 2009-12-28 15:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-18 00:40 . 2009-12-28 15:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-18 00:40 . 2009-12-29 17:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-06 20:07 . 2009-12-28 00:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-06 20:07 . 2009-12-29 03:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-06 20:07 . 2009-12-29 03:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-06 20:07 . 2009-12-28 00:51 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-06 20:07 . 2009-12-29 03:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-06 20:07 . 2009-12-28 00:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-28 18:12 . 2009-12-28 18:12 22528 c:\windows\Installer\350cd2.msi
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ARPPRODUCTICON.exe
+ 2007-09-30 17:37 . 2009-12-28 17:14 3926 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2007-09-30 17:37 . 2009-12-27 22:44 3926 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-12-29 17:53 . 2009-12-29 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-28 00:51 . 2009-12-28 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-28 00:51 . 2009-12-28 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-29 17:53 . 2009-12-29 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-26 16:36 . 2009-12-29 16:39 247040 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-11-03 00:24 . 2009-11-03 00:24 257440 c:\windows\System32\Macromed\Flash\FlashUtil10d.exe
+ 2009-12-28 18:14 . 2009-12-28 18:14 1258496 c:\windows\Installer\350cd9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 22:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"Unattend0000000001{2D70D39F-FE4B-4A7D-94F8-E863EEE3EA8C}"="c:\fujitsu\LogonCommands\gexc.exe" [2006-12-18 258048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-01 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e7,71,f9,15,dd,08,ca,01
R0 FBIOSDRV;FBIOSDRV;c:\windows\System32\drivers\FBIOSDRV.SYS [4/16/2007 11:15 AM 8960]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/18/2009 3:46 PM 583640]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [1/27/2007 3:49 AM 11776]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [4/16/2007 11:27 AM 5632]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2/4/2008 5:23 PM 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [1/21/2008 1:56 AM 41560]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\System32\drivers\wisdpen.sys [6/28/2008 6:47 PM 34736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 10:12 AM 135664]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [5/3/2008 12:54 AM 3872]
S3 FjGenIo;Fujitsu Generic I/O Driver;c:\windows\System32\drivers\FjGenIo.sys [9/19/2007 9:35 AM 7680]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [5/23/2008 10:48 PM 21504]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [11/2/2006 2:25 AM 30720]
S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\System32\drivers\USBAVCap.sys [4/16/2007 11:15 AM 785408]
S3 wtpfiltr;wtpfiltr;c:\windows\System32\drivers\wtpfiltr.sys [4/16/2007 11:11 AM 7680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2009-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 18:12]
2009-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 18:12]
2009-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047919966-426220825-4163492893-1000Core.job
- c:\users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 23:23]
2009-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4047919966-426220825-4163492893-1000UA.job
- c:\users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 23:23]
2009-12-28 c:\windows\Tasks\User_Feed_Synchronization-{B71D2D97-D49C-46E6-8824-6B4B2FF44829}.job
- c:\windows\system32\msfeedssync.exe [2009-12-11 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\mfnie50e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={672ADA99-1978-7449-B1A3-647B95766E79}&q=
FF - prefs.js: network.proxy.http - 192.168.2.1
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Kenny\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 15:48
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-12-29 15:51:51
ComboFix-quarantined-files.txt 2009-12-29 23:51
ComboFix2.txt 2009-12-28 23:54
ComboFix3.txt 2009-12-28 17:10
Pre-Run: 32,432,840,704 bytes free
Post-Run: 32,390,602,752 bytes free
- - End Of File - - 41B394DDAB901EF836FED263B7B14F9A
This now looks as a clean PC
To finish cleaning is necessary to uninstal Combofix
Start >> Run
ComboFix /Uninstall
Ok
Done, thank you for your help.
np