|
|
|
I have a Virus and need some help
|
|
|
bezekiel
Junior Member
|
25. April 2008 @ 17:26 |
Link to this message
|
My other thread got closed, so this is just a continuation.
Here is my hijackthis logfile. Echoreply helped me already, and i hope that person or anyone can help once again. Thanks..
Echoreply, i just ran hjt and this is the logfile that came up. I just copied and pasted it here...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:02 PM, on 4/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.metacrawl.ws
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alsfastball.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8b9684d9-7885-4b81-9aae-0b73d41a49da} - C:\WINDOWS\system32\clcsftpq.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: gooochi browser optimizer - {c772b7a4-5ba5-7690-5799-ee305aa66a54} - C:\WINDOWS\system32\{732e4169-817f-c089-7414-a77b7aa5bcde}.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{D7-70-09-90-DW}] C:\windows\system32\jqwnw64k.exe DWram
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [70bd703f] rundll32.exe "C:\WINDOWS\system32\jietdbkv.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zeker11.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.pure-energy.ca/tsweb/msrdp.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: ssqNDsro - ssqNDsro.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 11130 bytes
|
|
Advertisement
|
 |
|
|
Member
|
25. April 2008 @ 17:44 |
Link to this message
|
ok we will continue in this thread:
first we will use hjt, then get another download to run.
first hjt:
start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
O2 - BHO: gooochi browser optimizer - {c772b7a4-5ba5-7690-5799-ee305aa66a54} - C:\WINDOWS\system32\{732e4169-817f-c089-7414-a77b7aa5bcde}.dll
O4 - HKLM\..\Run: [{D7-70-09-90-DW}] C:\windows\system32\jqwnw64k.exe DWram
O4 - HKLM\..\Run: [70bd703f] rundll32.exe "C:\WINDOWS\system32\jietdbkv.dll",b
---------------------
next lets see what combofix can dig up:
Download combofix from one of these links and save it to Desktop:
http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
as a precaution, before using combofix:
1. * Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
* Click on this link below to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
* Remember to re enable the protection again afterwards before connecting to the net
link on how to disable different AV and antimalware apps
http://www.bleepingcomputer.com/forums/topic114351.html
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
* IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
* If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
------------------
post the combofix log please
echoreply
|
|
bezekiel
Junior Member
|
25. April 2008 @ 18:46 |
Link to this message
|
Here is my ComboFix Log File..
ComboFix 08-04-24.1 - Blair's settings 2008-04-25 19:47:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.138 [GMT -2.5:30]
Running from: C:\Documents and Settings\Blair's settings\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\'
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cpmrotate.dll
C:\WINDOWS\system32\gkdyvfvj.dll
C:\WINDOWS\system32\jQBLUvut.ini
C:\WINDOWS\system32\jQBLUvut.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\wetplnyw.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.
2008-04-24 23:10 . 2008-04-24 23:10 <DIR> d-------- C:\Documents and Settings\Blair's settings\Application Data\Malwarebytes
2008-04-24 23:08 . 2008-04-24 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 23:07 . 2008-04-24 23:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 18:23 . 2008-04-23 18:23 <DIR> d-------- C:\Documents and Settings\Blair's settings\Application Data\Comodo
2008-04-23 18:22 . 2008-04-23 18:22 <DIR> d-------- C:\Program Files\COMODO
2008-04-23 18:22 . 2008-04-23 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-04-23 18:22 . 2008-04-23 18:22 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-04-23 18:22 . 2008-04-23 18:22 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-04-23 18:22 . 2008-04-23 18:22 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-04-23 18:14 . 2008-04-23 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-23 18:09 . 2008-04-23 18:09 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-23 18:09 . 2008-04-23 18:11 <DIR> d-------- C:\Program Files\CCleaner
2008-04-23 18:07 . 2008-04-23 18:07 2,751,368 --a------ C:\Program Files\ccsetup206.exe
2008-04-23 15:32 . 2008-04-23 15:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 23:35 . 2008-04-25 17:18 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-22 23:23 . 2008-04-25 08:00 <DIR> d-------- C:\Documents and Settings\Blair's settings\Application Data\AVG7
2008-04-22 23:22 . 2008-04-22 23:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-22 23:22 . 2008-04-22 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 23:22 . 2008-04-22 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-22 23:15 . 2008-04-22 23:15 38,337,440 --a------ C:\Program Files\avg75free_524a1289.exe
2008-04-22 15:43 . 2008-04-22 22:59 1,541,613 --ahs---- C:\WINDOWS\system32\vkbdteij.ini
2008-04-21 11:22 . 2008-04-21 11:22 399,410 --a------ C:\WINDOWS\system32\g59.exe
2008-04-21 09:10 . 2008-04-22 15:42 1,541,201 --ahs---- C:\WINDOWS\system32\abcihrtu.ini
2008-04-21 09:04 . 2008-04-24 15:43 109,738 --a------ C:\WINDOWS\BM738e43a3.xml
2008-04-20 21:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-20 20:55 . 2008-04-20 20:55 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-04-20 20:52 . 2008-04-20 20:52 860 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-20 20:51 . 2008-04-23 03:21 <DIR> d-------- C:\WINDOWS\system32\xcsDd18
2008-04-20 20:51 . 2008-04-23 03:21 <DIR> d-------- C:\WINDOWS\system32\migNT
2008-04-20 20:51 . 2008-04-20 20:52 <DIR> d-------- C:\WINDOWS\system32\inf1
2008-04-20 20:51 . 2008-04-20 20:51 <DIR> d-------- C:\Temp\berDrv11
2008-04-20 20:51 . 2008-04-25 19:49 <DIR> d-------- C:\Temp
2008-04-20 20:51 . 2008-04-20 20:51 298,306 --a------ C:\WINDOWS\system32\gside.exe
2008-04-17 15:20 . 2008-04-17 15:20 <DIR> d-------- C:\Program Files\iTunes
2008-04-17 15:20 . 2008-04-17 15:20 <DIR> d-------- C:\Program Files\iPod
2008-04-17 15:15 . 2008-04-17 15:17 <DIR> d-------- C:\Program Files\QuickTime
2008-04-11 13:16 . 2008-04-25 08:30 334,848 --a------ C:\WINDOWS\system32\myss_sb.dll
2008-03-31 18:55 . 2008-03-31 18:55 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 18:55 . 2008-03-31 18:55 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 18:55 . 2008-03-31 18:55 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 18:55 . 2008-03-31 18:55 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 18:55 . 2008-03-31 18:55 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 18:55 . 2008-03-31 18:55 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 00:59 --------- d-----w C:\Documents and Settings\Blair's settings\Application Data\BitTorrent
2008-04-23 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-23 00:50 --------- d-----w C:\Documents and Settings\Blair's settings\Application Data\LimeWire
2008-04-21 00:20 --------- d-----w C:\Program Files\Java
2008-04-18 00:13 --------- d-----w C:\Program Files\DivX
2008-04-17 17:54 --------- d-----w C:\Program Files\Apple Software Update
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-07 20:39 2,400,784 ----a-w C:\Program Files\WLinstaller.exe
2008-01-29 14:32 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-02-23 23:30 18,432 ----a-w C:\Documents and Settings\Blair's settings\Application Data\internaldb41.dat
2007-02-22 23:58 374 ----a-w C:\Documents and Settings\Blair's settings\Application Data\internaldb6334.dat
2007-02-22 22:54 538 ----a-w C:\Documents and Settings\Blair's settings\Application Data\internaldb8467.dat
2006-12-01 13:14 36,464 ----a-w C:\Documents and Settings\Blair's settings\Application Data\GDIPFONTCACHEV1.DAT
2006-07-13 16:46 15,032,616 ----a-w C:\Program Files\DivXInstaller.exe
2006-07-13 15:30 24,070,456 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2006-07-12 12:33 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2007-12-10 01:54 56 --sh--r C:\WINDOWS\system32\6928444DAA.sys
2007-02-06 13:49 88 --sh--r C:\WINDOWS\system32\AA4D442869.sys
2007-12-10 01:54 5,538 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b9684d9-7885-4b81-9aae-0b73d41a49da}]
C:\WINDOWS\system32\clcsftpq.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:54 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 17:37 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 23:19 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 23:16 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 23:20 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 21:18 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 17:38 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 02:00 282624 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:49 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:35 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 13:14 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 13:14 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-24 17:09 169472]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-22 23:22 579584]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-23 18:22 1572608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-22 23:22 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-24 16:52:39 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNDsro]
ssqNDsro.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-23 18:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-23 18:22]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-04-17 17:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-29 17:56:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3600#CN39F3F3SY6B.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3600#CN39F3F3SY6B
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 20:03:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 56
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-25 20:09:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 22:39:06
Pre-Run: 20,791,513,088 bytes free
Post-Run: 21,635,604,480 bytes free
206 --- E O F --- 2008-04-09 01:54:41
|
Member
|
25. April 2008 @ 22:38 |
Link to this message
|
need to get some files checked out.
to help show all files, do this:
FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
see if you can locate these two in the system 32 dir:
C:\WINDOWS\system32
6928444DAA.sys
AA4D442869.sys
if so go to this website below, click the browse button to search for the files again, then click the send button to upload them, you can copy/paste the results in your reply.
website:
http://www.virustotal.com/
------------------------------
|
|
bezekiel
Junior Member
|
26. April 2008 @ 07:58 |
Link to this message
|
|
I cannot locate those two at all.
|
Member
|
26. April 2008 @ 08:51 |
Link to this message
|
ok, one more download to get.
download Gmer to desktop:
http://www.gmer.net/index.php
unzip it to a folder and click the icon to run the application. Select the Rootkit/Malware tab and click the scan button near the bottom.
after the scan select the copy button, open notepad and paste (edit>paste) the log in. name and save the txt file somewhere and post it in next reply.
|
|
bezekiel
Junior Member
|
28. April 2008 @ 22:24 |
Link to this message
|
I tried posting the gmer log file a few times the last few days, but the page would never load up. What should i do?
|
Member
|
29. April 2008 @ 16:16 |
Link to this message
|
hi,
did you try saving it first to your hard drive as a txt file in notepad. then try copying/pasting the saved .txt file.
back to combofix:
Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:
FILE::
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\clcsftpq.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vkbdteij.ini
C:\Temp\berDrv11
C:\WINDOWS\system32\6928444DAA.sys
C:\WINDOWS\system32\AA4D442869.sys
Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on the desktop:
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log and a new hjt log.
|
|
bezekiel
Junior Member
|
29. April 2008 @ 16:58 |
Link to this message
|
Here is my hjt logfile.. i can't seem to find my combofix logfile.. I dont think it popped up when combofix was done scanning..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24, on 2008-04-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alsfastball.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8b9684d9-7885-4b81-9aae-0b73d41a49da} - C:\WINDOWS\system32\clcsftpq.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zeker11.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.pure-energy.ca/tsweb/msrdp.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O20 - Winlogon Notify: ssqNDsro - ssqNDsro.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10712 bytes
|
Member
|
29. April 2008 @ 18:14 |
Link to this message
|
|
you looked here for the log?
C:\ComboFix.txt
|
|
bezekiel
Junior Member
|
29. April 2008 @ 20:13 |
Link to this message
|
ComboFix 08-04-24.1 - Blair's settings 2008-04-29 21:29:59.3 - NTFSx86
Running from: C:\Documents and Settings\Blair's settings\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Blair's settings\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Temp\berDrv11
C:\WINDOWS\system32\6928444DAA.sys
C:\WINDOWS\system32\AA4D442869.sys
C:\WINDOWS\system32\clcsftpq.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vkbdteij.ini
C:\WINDOWS\system32\winpfz33.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\6928444DAA.sys
C:\WINDOWS\system32\AA4D442869.sys
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vkbdteij.ini
C:\WINDOWS\system32\winpfz33.sys
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.
2008-04-26 12:06 . 2008-04-26 12:06 250 --a------ C:\WINDOWS\gmer.ini
2008-04-24 23:10 . 2008-04-24 23:10 <DIR> d-------- C:\Documents and Settings\Blair's settings\Application Data\Malwarebytes
2008-04-24 23:08 . 2008-04-24 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 23:07 . 2008-04-24 23:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 18:23 . 2008-04-23 18:23 <DIR> d-------- C:\Documents and Settings\Blair's settings\Application Data\Comodo
2008-04-23 18:22 . 2008-04-23 18:22 <DIR> d-------- C:\Program Files\COMODO
2008-04-23 18:22 . 2008-04-23 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-04-23 18:22 . 2008-04-23 18:22 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-04-23 18:22 . 2008-04-23 18:22 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-04-23 18:22 . 2008-04-23 18:22 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-04-23 18:14 . 2008-04-23 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-23 18:09 . 2008-04-23 18:09 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-23 18:09 . 2008-04-23 18:11 <DIR> d-------- C:\Program Files\CCleaner
2008-04-23 18:07 . 2008-04-23 18:07 2,751,368 --a------ C:\Program Files\ccsetup206.exe
2008-04-23 15:32 . 2008-04-23 15:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 23:35 . 2008-04-25 17:18 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-22 23:23 . 2008-04-29 08:00 <DIR> d-------- C:\Documents and Settings\Blair's settings\Application Data\AVG7
2008-04-22 23:22 . 2008-04-22 23:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-22 23:22 . 2008-04-22 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 23:22 . 2008-04-22 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-22 23:15 . 2008-04-22 23:15 38,337,440 --a------ C:\Program Files\avg75free_524a1289.exe
2008-04-21 11:22 . 2008-04-21 11:22 399,410 --a------ C:\WINDOWS\system32\g59.exe
2008-04-21 09:10 . 2008-04-22 15:42 1,541,201 --ahs---- C:\WINDOWS\system32\abcihrtu.ini
2008-04-21 09:04 . 2008-04-24 15:43 109,738 --a------ C:\WINDOWS\BM738e43a3.xml
2008-04-20 21:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-20 20:51 . 2008-04-23 03:21 <DIR> d-------- C:\WINDOWS\system32\xcsDd18
2008-04-20 20:51 . 2008-04-23 03:21 <DIR> d-------- C:\WINDOWS\system32\migNT
2008-04-20 20:51 . 2008-04-20 20:52 <DIR> d-------- C:\WINDOWS\system32\inf1
2008-04-20 20:51 . 2008-04-20 20:51 <DIR> d-------- C:\Temp\berDrv11
2008-04-20 20:51 . 2008-04-25 19:49 <DIR> d-------- C:\Temp
2008-04-20 20:51 . 2008-04-20 20:51 298,306 --a------ C:\WINDOWS\system32\gside.exe
2008-04-17 15:20 . 2008-04-17 15:20 <DIR> d-------- C:\Program Files\iTunes
2008-04-17 15:20 . 2008-04-17 15:20 <DIR> d-------- C:\Program Files\iPod
2008-04-17 15:15 . 2008-04-17 15:17 <DIR> d-------- C:\Program Files\QuickTime
2008-04-11 13:16 . 2008-04-25 08:30 334,848 --a------ C:\WINDOWS\system32\myss_sb.dll
2008-03-31 18:55 . 2008-03-31 18:55 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 18:55 . 2008-03-31 18:55 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 18:55 . 2008-03-31 18:55 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 18:55 . 2008-03-31 18:55 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 18:55 . 2008-03-31 18:55 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 18:55 . 2008-03-31 18:55 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 00:59 --------- d-----w C:\Documents and Settings\Blair's settings\Application Data\BitTorrent
2008-04-23 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-23 00:50 --------- d-----w C:\Documents and Settings\Blair's settings\Application Data\LimeWire
2008-04-21 00:20 --------- d-----w C:\Program Files\Java
2008-04-18 00:13 --------- d-----w C:\Program Files\DivX
2008-04-17 17:54 --------- d-----w C:\Program Files\Apple Software Update
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-07 20:39 2,400,784 ----a-w C:\Program Files\WLinstaller.exe
2008-01-29 14:32 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-02-23 23:30 18,432 ----a-w C:\Documents and Settings\Blair's settings\Application Data\internaldb41.dat
2007-02-22 23:58 374 ----a-w C:\Documents and Settings\Blair's settings\Application Data\internaldb6334.dat
2007-02-22 22:54 538 ----a-w C:\Documents and Settings\Blair's settings\Application Data\internaldb8467.dat
2006-12-01 13:14 36,464 ----a-w C:\Documents and Settings\Blair's settings\Application Data\GDIPFONTCACHEV1.DAT
2006-07-13 16:46 15,032,616 ----a-w C:\Program Files\DivXInstaller.exe
2006-07-13 15:30 24,070,456 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2006-07-12 12:33 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2007-12-10 01:54 5,538 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-25_20.07.52.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 22:30:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 11:42:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 14:35:13 819,200 ----a-w C:\WINDOWS\gmer.dll
+ 2008-03-03 22:59:06 761,856 ----a-r C:\WINDOWS\gmer.exe
+ 2008-04-26 14:35:17 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b9684d9-7885-4b81-9aae-0b73d41a49da}]
C:\WINDOWS\system32\clcsftpq.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:54 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 17:37 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 23:19 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 23:16 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 23:20 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 21:18 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 17:38 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 02:00 282624 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:49 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:35 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 13:14 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 13:14 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-24 17:09 169472]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-22 23:22 579584]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-23 18:22 1572608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-22 23:22 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-24 16:52:39 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNDsro]
ssqNDsro.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-23 18:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-23 18:22]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []
*Newly Created Service* - CATCHME
*Newly Created Service* - GMER
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 21:51:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-29 17:56:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3600#CN39F3F3SY6B.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3600#CN39F3F3SY6B
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 21:34:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
here is my combofix log... had to do the scan again for the logfile to come up
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-04-29 21:37:19
ComboFix-quarantined-files.txt 2008-04-30 00:06:25
ComboFix2.txt 2008-04-25 22:39:40
Pre-Run: 21,537,886,208 bytes free
Post-Run: 21,525,790,720 bytes free
201 --- E O F --- 2008-04-09 01:54:41
|
Member
|
29. April 2008 @ 23:15 |
Link to this message
|
ok good thanks for the info..
start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
O2 - BHO: (no name) - {8b9684d9-7885-4b81-9aae-0b73d41a49da} - C:\WINDOWS\system32\clcsftpq.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O20 - Winlogon Notify: ssqNDsro - ssqNDsro.dll (file missing)
---------------
we will use combofix again, so like last time;
Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:
FILE::
C:\WINDOWS\system32\g59.exe
C:\WINDOWS\system32\abcihrtu.ini
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\myss_sb.dll
FOLDER::
C:\WINDOWS\system32\xcsDd18
C:\WINDOWS\system32\migNT
C:\WINDOWS\system32\inf1
Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on the desktop:
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log
hows it looking on your end now?
|
|
bezekiel
Junior Member
|
30. April 2008 @ 00:13 |
Link to this message
|
Here is the logfile...
Its looking real good on my end. I appreciate everything
ComboFix 08-04-24.1 - Blair's settings 2008-04-30 1:26:43.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.140 [GMT -2.5:30]
Running from: C:\Documents and Settings\Blair's settings\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Blair's settings\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\abcihrtu.ini
C:\WINDOWS\system32\g59.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\myss_sb.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\abcihrtu.ini
C:\WINDOWS\system32\g59.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\inf1
C:\WINDOWS\system32\migNT
C:\WINDOWS\system32\myss_sb.dll
C:\WINDOWS\system32\xcsDd18
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.
2008-04-26 12:06 . 2008-04-26 12:06 250 --a------ C:\WINDOWS\gmer.ini
2008-04-24 23:10 . 2008-04-24 23:10 <DIR> d-------- C:\Documents and Settings\Blair's settings\Application Data\Malwarebytes
2008-04-24 23:08 . 2008-04-24 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 23:07 . 2008-04-24 23:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 18:23 . 2008-04-23 18:23 <DIR> d-------- C:\Documents and Settings\Blair's settings\Application Data\Comodo
2008-04-23 18:22 . 2008-04-23 18:22 <DIR> d-------- C:\Program Files\COMODO
2008-04-23 18:22 . 2008-04-23 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-04-23 18:22 . 2008-04-23 18:22 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-04-23 18:22 . 2008-04-23 18:22 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-04-23 18:22 . 2008-04-23 18:22 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-04-23 18:09 . 2008-04-29 22:44 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-23 18:09 . 2008-04-23 18:11 <DIR> d-------- C:\Program Files\CCleaner
2008-04-23 18:07 . 2008-04-23 18:07 2,751,368 --a------ C:\Program Files\ccsetup206.exe
2008-04-23 15:32 . 2008-04-23 15:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 23:35 . 2008-04-25 17:18 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-22 23:23 . 2008-04-29 08:00 <DIR> d-------- C:\Documents and Settings\Blair's settings\Application Data\AVG7
2008-04-22 23:22 . 2008-04-22 23:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-22 23:22 . 2008-04-22 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 23:22 . 2008-04-22 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-22 23:15 . 2008-04-22 23:15 38,337,440 --a------ C:\Program Files\avg75free_524a1289.exe
2008-04-21 09:04 . 2008-04-24 15:43 109,738 --a------ C:\WINDOWS\BM738e43a3.xml
2008-04-20 21:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-20 20:51 . 2008-04-20 20:51 <DIR> d-------- C:\Temp\berDrv11
2008-04-20 20:51 . 2008-04-25 19:49 <DIR> d-------- C:\Temp
2008-04-17 15:20 . 2008-04-17 15:20 <DIR> d-------- C:\Program Files\iTunes
2008-04-17 15:20 . 2008-04-17 15:20 <DIR> d-------- C:\Program Files\iPod
2008-04-17 15:15 . 2008-04-17 15:17 <DIR> d-------- C:\Program Files\QuickTime
2008-03-31 18:55 . 2008-03-31 18:55 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 18:55 . 2008-03-31 18:55 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 18:55 . 2008-03-31 18:55 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 18:55 . 2008-03-31 18:55 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 18:55 . 2008-03-31 18:55 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 18:55 . 2008-03-31 18:55 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-24 17:15 . 2008-03-24 17:15 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-03-21 18:00 . 2008-03-21 18:00 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 18:00 . 2008-03-21 18:00 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-03-21 18:00 . 2008-03-21 18:00 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-03-21 18:00 . 2008-03-21 18:00 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-03-21 18:00 . 2008-03-21 18:00 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 00:59 --------- d-----w C:\Documents and Settings\Blair's settings\Application Data\BitTorrent
2008-04-23 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-23 00:50 --------- d-----w C:\Documents and Settings\Blair's settings\Application Data\LimeWire
2008-04-21 00:20 --------- d-----w C:\Program Files\Java
2008-04-18 00:13 --------- d-----w C:\Program Files\DivX
2008-04-17 17:54 --------- d-----w C:\Program Files\Apple Software Update
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-07 20:39 2,400,784 ----a-w C:\Program Files\WLinstaller.exe
2008-01-29 14:32 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-02-23 23:30 18,432 ----a-w C:\Documents and Settings\Blair's settings\Application Data\internaldb41.dat
2007-02-22 23:58 374 ----a-w C:\Documents and Settings\Blair's settings\Application Data\internaldb6334.dat
2007-02-22 22:54 538 ----a-w C:\Documents and Settings\Blair's settings\Application Data\internaldb8467.dat
2006-12-01 13:14 36,464 ----a-w C:\Documents and Settings\Blair's settings\Application Data\GDIPFONTCACHEV1.DAT
2006-07-13 16:46 15,032,616 ----a-w C:\Program Files\DivXInstaller.exe
2006-07-13 15:30 24,070,456 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2006-07-12 12:33 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2007-12-10 01:54 5,538 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-25_20.07.52.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 22:30:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-30 01:39:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 14:35:13 819,200 ----a-w C:\WINDOWS\gmer.dll
+ 2008-03-03 22:59:06 761,856 ----a-r C:\WINDOWS\gmer.exe
+ 2008-04-26 14:35:17 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:54 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 17:37 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 23:19 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 23:16 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 23:20 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 21:18 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 17:38 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 02:00 282624 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:49 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:35 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 13:14 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 13:14 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-24 17:09 169472]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-22 23:22 579584]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-23 18:22 1572608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-22 23:22 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-24 16:52:39 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-23 18:22]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-23 18:22]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 21:51:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-29 17:56:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3600#CN39F3F3SY6B.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3600#CN39F3F3SY6B
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 01:32:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\Blair's settings\Local Settings\Application Data\Microsoft\Messenger\blairezekiel@hotmail.com\SharingMetadata\Working\database_8070_BD73_70BD_7090\$db_clean$ 0 bytes
scan completed successfully
hidden files: 57
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-04-30 1:36:45
ComboFix-quarantined-files.txt 2008-04-30 04:06:35
ComboFix2.txt 2008-04-30 00:07:20
ComboFix3.txt 2008-04-25 22:39:40
Pre-Run: 21,498,322,944 bytes free
Post-Run: 21,498,986,496 bytes free
193 --- E O F --- 2008-04-09 01:54:41
|
Member
|
30. April 2008 @ 17:29 |
Link to this message
|
|
ok good, please run malwarebytes once more after checking for any updates. post the log. like last time
|
|
bezekiel
Junior Member
|
1. May 2008 @ 12:51 |
Link to this message
|
|
Malwarebytes' Anti-Malware 1.11
Database version: 679
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 77736
Time elapsed: 1 hour(s), 42 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP549\A0076310.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
|
Member
|
1. May 2008 @ 17:56 |
Link to this message
|
ok good thanks for the info.
you can delete combofix like this;
start>run and type in combofix /u (click ok)
there is a space after the x and before the /
you can delete the gmer .exe
check your java version: how and why:
Vulnerabilities/exploits in versions of Sun Java may be responsible for some malware installs via your browser.
It is important to keep Sun Java up to date and also to remove older versions which may have vulnerabilites/exploits that can be taken advantage of to possibly introduce malware via your browser.
* 1. Uninstall old versions of Sun Java via Add/Remove Programs.
* 2. Click the Remove or Change/Remove button
* 3. Reboot your PC if prompted.
to check if you have the latest version of Java and to download the latest version:
http://www.java.com/en/download/installed.jsp
system restore:the how and why:
One of the features of Windows ME,XP and Vista is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
always check for updates before you use malwarebytes to do a scan.
atfcleaner;
go for keeping temps, cookies etc cleaned out;
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
happy surfing
|
|
Advertisement
|
|
|
|
caz0164
Newbie
|
2. May 2008 @ 05:22 |
Link to this message
|
|
hi does anybody know were i can get a free antivirus program i have trojens and others my computer is going so slow can someone help quick
c pearce
|
|
