Annoying virus.
- Thread starter dirtbikeryzz
- Start date
dirtbikeryzz
New Member
Ok i typed that in run and it poped up liek i was gonna run combofix as normal but then it said cd emulation drivers detected must disable, it then restarted my pc and combofix ran as normal didn't uninstall. I always just threw combofix in recycle bin to get rid of it.
dirtbikeryzz
New Member
Ok i deleted my combofix, downloaded and launched the new one, it didn't find anything but when i tried to come online it said registry marked for deletion, and no programs would work. I restarted my pc and programs worked but forgot the save the log. So i re ran combofix and it found something and restarted my comp, then i had to restart again because of the registry delete thing. lol sorry if that made no sense. It almost feels like combofix is infected at times.
log
ComboFix 09-12-05.03 - Buyer 12/05/2009 19:52.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.2220 [GMT -8:00]
Running from: c:\users\Buyer\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.
2009-12-06 03:59 . 2009-12-06 04:00 -------- d-----w- c:\users\Buyer\AppData\Local\temp
2009-12-06 03:59 . 2009-12-06 03:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-06 03:59 . 2009-12-06 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-06 03:50 . 2009-12-06 03:50 -------- d-----w- C:\32788R22FWJFW
2009-12-06 01:25 . 2009-12-06 01:25 -------- d-----w- c:\program files\DivX
2009-12-06 01:25 . 2009-12-06 01:25 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-12-04 04:44 . 2009-12-04 04:44 -------- d-----w- c:\program files\Trend Micro
2009-12-04 04:42 . 2009-12-04 04:42 4844295 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 04:42 . 2009-12-04 04:42 -------- d-----w- c:\users\Buyer\AppData\Roaming\Malwarebytes
2009-12-04 04:42 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-04 04:42 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 04:42 . 2009-12-04 04:42 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 04:42 . 2009-12-04 04:42 -------- d-----w- c:\programdata\Malwarebytes
2009-12-03 03:11 . 2009-12-03 03:11 320000 ----a-w- c:\windows\system32\CF7363.exe
2009-12-03 03:10 . 2009-12-03 03:10 320000 ----a-w- c:\windows\system32\CF15727.exe
2009-11-30 06:46 . 2009-11-30 06:46 -------- d-----w- c:\windows\system32\xlive
2009-11-30 06:45 . 2009-11-30 06:46 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-11-30 06:42 . 2009-11-30 06:42 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-11-30 00:01 . 2007-06-29 22:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2009-11-30 00:01 . 2009-11-30 00:01 -------- d-----w- c:\program files\AMD
2009-11-29 23:55 . 2009-11-29 23:55 -------- d-----w- c:\users\Buyer\AppData\Local\Downloaded Installations
2009-11-29 06:54 . 2009-11-29 06:55 -------- d-----w- c:\users\Buyer\AppData\Roaming\Ventrilo
2009-11-29 06:54 . 2009-11-29 06:54 4096 d-----w- c:\program files\Ventrilo
2009-11-28 10:08 . 2009-11-28 10:08 -------- d-----w- c:\users\Buyer\AppData\Roaming\InstallShield
2009-11-25 11:00 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:47 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-24 23:47 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 23:47 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-24 23:47 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 04:41 . 2009-11-22 04:41 12288 d-----w- c:\program files\Eusing Free Registry Cleaner
2009-11-21 22:12 . 2009-11-21 22:14 -------- d-----w- c:\users\Buyer\AppData\Local\ArmA
2009-11-21 10:00 . 2009-11-21 10:00 -------- d-----w- c:\users\Buyer\AppData\Roaming\gtk-2.0
2009-11-21 09:54 . 1998-10-03 03:00 327168 ----a-w- c:\windows\IsUninst.exe
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\windows\Sun
2009-11-19 00:54 . 2006-11-02 09:51 232040 ----a-w- c:\windows\system32\drivers\iastorv.sys
2009-11-18 04:35 . 2009-11-18 04:35 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-11-18 04:25 . 2009-11-18 04:34 -------- d-----w- C:\BDS
2009-11-18 04:19 . 2009-11-18 04:19 4096 d-----w- c:\program files\Folder Password Expert
2009-11-17 01:32 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-11-17 01:32 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-17 01:32 . 2009-09-05 01:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-17 01:32 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-17 01:32 . 2008-07-31 18:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-11-17 01:32 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-11-17 01:32 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-11-11 14:33 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 14:33 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-08 21:49 . 2009-11-08 21:49 -------- d-----w- c:\program files\Dreamcatcher
2009-11-07 07:20 . 2007-12-27 01:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-07 07:20 . 2007-12-27 01:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-06 04:17 . 2009-11-06 04:17 -------- d-----w- c:\users\Buyer\AppData\Roaming\The Creative Assembly
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 04:01 . 2009-11-06 03:02 8192 d-----w- c:\program files\Steam
2009-12-06 03:32 . 2009-09-26 22:39 16384 d-----w- c:\users\Buyer\AppData\Roaming\Azureus
2009-11-30 06:42 . 2009-09-23 04:25 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 06:22 . 2009-10-20 00:59 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-28 12:37 . 2009-10-17 18:14 4096 d-----w- c:\users\Buyer\AppData\Roaming\vlc
2009-11-28 10:17 . 2009-10-23 02:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 10:08 . 2009-10-19 05:10 8192 d-----w- c:\program files\Common Files\Adobe
2009-11-25 15:40 . 2009-10-01 23:52 8192 d-----w- c:\users\Buyer\AppData\Roaming\LimeWire
2009-11-25 03:10 . 2009-10-11 00:54 4096 d-----w- c:\users\Buyer\AppData\Roaming\Tropico3
2009-11-23 02:07 . 2009-11-06 03:03 -------- d-----w- c:\program files\Common Files\Steam
2009-11-21 21:56 . 2009-11-05 02:10 -------- d-----w- c:\program files\OpenAL
2009-11-21 09:34 . 2009-09-26 22:39 4096 d-----w- c:\program files\Vuze
2009-11-12 08:16 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-08 21:48 . 2009-10-08 01:45 -------- d-----w- c:\users\Buyer\AppData\Roaming\DAEMON Tools Lite
2009-11-05 02:10 . 2009-11-05 02:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-05 02:10 . 2009-11-05 02:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-03 04:42 . 2009-10-03 05:44 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 05:26 . 2009-09-11 04:49 48600 ----a-w- c:\users\Buyer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-19 05:26 . 2009-10-19 05:26 -------- d-----w- c:\programdata\FLEXnet
2009-10-19 05:22 . 2009-10-19 05:22 4096 d-----w- c:\program files\Adobe Media Player
2009-10-19 05:20 . 2009-10-19 05:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-17 18:14 . 2009-10-17 18:14 -------- d-----w- c:\program files\VideoLAN
2009-10-17 05:54 . 2009-09-26 22:40 175 ----a-w- c:\users\Buyer\AppData\Roaming\Azureus\restart.bat
2009-10-08 01:51 . 2009-10-08 01:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-10-08 01:49 . 2009-10-08 01:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-10-08 01:49 . 2009-10-08 01:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-10-08 01:45 . 2009-10-08 01:45 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-08 01:45 . 2009-10-08 01:45 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-10-08 01:43 . 2009-10-08 01:43 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-10-08 01:38 . 2009-10-08 01:38 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-08 01:38 . 2009-10-08 01:38 -------- d-----w- c:\users\Buyer\AppData\Roaming\DAEMON Tools Pro
2009-10-01 23:49 . 2009-10-01 23:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 04:26 . 2009-09-23 04:26 117760 ----a-w- c:\users\Buyer\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-14 09:50 . 2009-10-16 00:53 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 10:00 . 2009-09-12 10:00 268800 ----a-w- c:\windows\system32\es.dll
2009-09-12 08:11 . 2009-09-12 08:11 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2398.tmp.exe
2009-09-11 10:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-11 08:39 . 2009-09-11 08:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-11 08:39 . 2009-09-11 08:39 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-09-11 08:39 . 2009-09-11 08:39 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-09-11 08:39 . 2009-09-11 08:39 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-11 08:36 . 2009-09-11 08:36 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-11 08:36 . 2009-09-11 08:36 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-09-11 08:36 . 2009-09-11 08:36 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-09-11 08:33 . 2009-09-11 08:33 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-09-11 08:33 . 2009-09-11 08:33 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-09-11 08:33 . 2009-09-11 08:33 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-09-11 08:30 . 2009-09-11 08:30 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-09-11 08:30 . 2009-09-11 08:30 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-09-11 08:30 . 2009-09-11 08:30 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-09-11 08:30 . 2009-09-11 08:30 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-09-11 08:30 . 2009-09-11 08:30 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-09-11 08:29 . 2009-09-11 08:29 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-11 08:29 . 2009-09-11 08:29 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-09-11 08:28 . 2009-09-11 08:28 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 08:28 . 2009-09-11 08:28 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-11 08:28 . 2009-09-11 08:28 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 08:28 . 2009-09-11 08:28 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-11 08:28 . 2009-09-11 08:28 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 08:28 . 2009-09-11 08:28 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 08:26 . 2009-09-11 08:26 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-11 08:26 . 2009-09-11 08:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-11 08:26 . 2009-09-11 08:26 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-11 08:26 . 2009-09-11 08:26 24064 ----a-w- c:\windows\system32\lpk.dll
2009-09-11 08:26 . 2009-09-11 08:26 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-09-11 08:26 . 2009-09-11 08:26 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-11 08:25 . 2009-09-11 08:25 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-09-11 08:25 . 2009-09-11 08:25 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-09-11 08:23 . 2009-09-11 08:23 2855424 ----a-w- c:\windows\system32\mf.dll
2009-09-11 08:23 . 2009-09-11 08:23 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-11 08:23 . 2009-09-11 08:23 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-11 08:23 . 2009-09-11 08:23 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-11 08:23 . 2009-09-11 08:23 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-11 08:19 . 2009-09-11 08:19 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-11 08:18 . 2009-09-11 08:18 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-11 08:17 . 2009-09-11 08:17 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-09-11 08:15 . 2009-09-11 08:15 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-09-11 08:15 . 2009-09-11 08:15 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-09-11 08:13 . 2009-09-11 08:13 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-11 08:12 . 2009-09-11 08:12 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-09-11 08:11 . 2009-09-11 08:11 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-11 08:11 . 2009-09-11 08:11 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-11 08:10 . 2009-09-11 08:10 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-11 08:09 . 2009-09-11 08:09 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-11 08:09 . 2009-09-11 08:09 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-09-11 08:09 . 2009-09-11 08:09 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-09-11 08:08 . 2009-09-11 08:08 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-09-11 08:05 . 2009-09-11 08:05 414208 ----a-w- c:\windows\system32\msscp.dll
2009-09-11 08:00 . 2009-09-11 08:00 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-09-11 08:00 . 2009-09-11 08:00 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-09-11 08:00 . 2009-09-11 08:00 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-09-11 08:00 . 2009-09-11 08:00 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-09-11 08:00 . 2009-09-11 08:00 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-09-11 08:00 . 2009-09-11 08:00 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-09-11 08:00 . 2009-09-11 08:00 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-09-11 08:00 . 2009-09-11 08:00 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-09-11 08:00 . 2009-09-11 08:00 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-09-11 08:00 . 2009-09-11 08:00 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-09-11 07:56 . 2009-09-11 07:56 696832 ----a-w- c:\windows\system32\localspl.dll
2009-09-11 07:55 . 2009-09-11 07:55 88576 ----a-w- c:\windows\system32\avifil32.dll
2003-12-07 06:12 . 2003-12-07 06:12 121856 --sha-w- c:\windows\System32\fpplock.exe
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-12-04_04.55.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-11 10:15 . 2009-12-06 04:01 22448 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-06 04:01 47738 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-12-04 04:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-12-06 03:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-12-04 04:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-12-06 03:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 01:52 . 2009-12-04 05:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 01:52 . 2009-12-04 04:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 01:52 . 2009-12-04 04:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-27 01:52 . 2009-12-04 05:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-27 01:52 . 2009-12-04 04:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 01:52 . 2009-12-04 05:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-11 04:50 . 2009-12-06 04:01 5606 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4241927625-4090918812-4017936060-1000_UserData.bin
+ 2009-12-06 03:59 . 2009-12-06 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-04 04:46 . 2009-12-04 04:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-04 04:46 . 2009-12-04 04:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-06 03:59 . 2009-12-06 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-12-06 03:58 618410 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-04 04:53 618410 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-04 04:53 103818 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-12-06 03:58 103818 c:\windows\System32\perfc009.dat
- 2006-11-02 13:02 . 2009-12-04 04:46 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-12-06 03:59 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-09-11 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2009-11-06 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-09-11 1006264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 92704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280]
"Warning: do not remove it!"="fpplock.exe" [2003-12-07 121856]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 10:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 74480]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/26/2009 2:39 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/26/2009 2:39 PM 234888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/12/2009 12:08 AM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 7408]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 2:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 2:25 AM 251904]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\Buyer\AppData\Roaming\Mozilla\Firefox\Profiles\7ff39yq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 20:00
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll prosync1.sys >>UNKNOWN [0x851281F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x827e4d1f
\Driver\ACPI -> acpi.sys @ 0x8044d9d6
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\fpplock.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-12-05 20:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 04:03
ComboFix2.txt 2009-12-06 03:48
ComboFix3.txt 2009-12-04 04:57
Pre-Run: 146,995,777,536 bytes free
Post-Run: 146,962,554,880 bytes free
- - End Of File - - 3BB8973C17F1A06405352BEA8C36877D
log
ComboFix 09-12-05.03 - Buyer 12/05/2009 19:52.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.2220 [GMT -8:00]
Running from: c:\users\Buyer\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.
2009-12-06 03:59 . 2009-12-06 04:00 -------- d-----w- c:\users\Buyer\AppData\Local\temp
2009-12-06 03:59 . 2009-12-06 03:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-06 03:59 . 2009-12-06 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-06 03:50 . 2009-12-06 03:50 -------- d-----w- C:\32788R22FWJFW
2009-12-06 01:25 . 2009-12-06 01:25 -------- d-----w- c:\program files\DivX
2009-12-06 01:25 . 2009-12-06 01:25 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-12-04 04:44 . 2009-12-04 04:44 -------- d-----w- c:\program files\Trend Micro
2009-12-04 04:42 . 2009-12-04 04:42 4844295 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 04:42 . 2009-12-04 04:42 -------- d-----w- c:\users\Buyer\AppData\Roaming\Malwarebytes
2009-12-04 04:42 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-04 04:42 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 04:42 . 2009-12-04 04:42 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 04:42 . 2009-12-04 04:42 -------- d-----w- c:\programdata\Malwarebytes
2009-12-03 03:11 . 2009-12-03 03:11 320000 ----a-w- c:\windows\system32\CF7363.exe
2009-12-03 03:10 . 2009-12-03 03:10 320000 ----a-w- c:\windows\system32\CF15727.exe
2009-11-30 06:46 . 2009-11-30 06:46 -------- d-----w- c:\windows\system32\xlive
2009-11-30 06:45 . 2009-11-30 06:46 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-11-30 06:42 . 2009-11-30 06:42 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-11-30 00:01 . 2007-06-29 22:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2009-11-30 00:01 . 2009-11-30 00:01 -------- d-----w- c:\program files\AMD
2009-11-29 23:55 . 2009-11-29 23:55 -------- d-----w- c:\users\Buyer\AppData\Local\Downloaded Installations
2009-11-29 06:54 . 2009-11-29 06:55 -------- d-----w- c:\users\Buyer\AppData\Roaming\Ventrilo
2009-11-29 06:54 . 2009-11-29 06:54 4096 d-----w- c:\program files\Ventrilo
2009-11-28 10:08 . 2009-11-28 10:08 -------- d-----w- c:\users\Buyer\AppData\Roaming\InstallShield
2009-11-25 11:00 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:47 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-24 23:47 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 23:47 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-24 23:47 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 04:41 . 2009-11-22 04:41 12288 d-----w- c:\program files\Eusing Free Registry Cleaner
2009-11-21 22:12 . 2009-11-21 22:14 -------- d-----w- c:\users\Buyer\AppData\Local\ArmA
2009-11-21 10:00 . 2009-11-21 10:00 -------- d-----w- c:\users\Buyer\AppData\Roaming\gtk-2.0
2009-11-21 09:54 . 1998-10-03 03:00 327168 ----a-w- c:\windows\IsUninst.exe
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-19 21:41 . 2009-11-19 21:41 138240 ----a-w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\users\Buyer\AppData\Roaming\SystemRequirementsLab
2009-11-19 21:41 . 2009-11-19 21:41 -------- d-----w- c:\windows\Sun
2009-11-19 00:54 . 2006-11-02 09:51 232040 ----a-w- c:\windows\system32\drivers\iastorv.sys
2009-11-18 04:35 . 2009-11-18 04:35 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-11-18 04:25 . 2009-11-18 04:34 -------- d-----w- C:\BDS
2009-11-18 04:19 . 2009-11-18 04:19 4096 d-----w- c:\program files\Folder Password Expert
2009-11-17 01:32 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-11-17 01:32 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-17 01:32 . 2009-09-05 01:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-17 01:32 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-17 01:32 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-17 01:32 . 2008-07-31 18:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-11-17 01:32 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-11-17 01:32 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-11-11 14:33 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 14:33 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-08 21:49 . 2009-11-08 21:49 -------- d-----w- c:\program files\Dreamcatcher
2009-11-07 07:20 . 2007-12-27 01:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-07 07:20 . 2007-12-27 01:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-06 04:17 . 2009-11-06 04:17 -------- d-----w- c:\users\Buyer\AppData\Roaming\The Creative Assembly
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 04:01 . 2009-11-06 03:02 8192 d-----w- c:\program files\Steam
2009-12-06 03:32 . 2009-09-26 22:39 16384 d-----w- c:\users\Buyer\AppData\Roaming\Azureus
2009-11-30 06:42 . 2009-09-23 04:25 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 06:22 . 2009-10-20 00:59 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-28 12:37 . 2009-10-17 18:14 4096 d-----w- c:\users\Buyer\AppData\Roaming\vlc
2009-11-28 10:17 . 2009-10-23 02:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 10:08 . 2009-10-19 05:10 8192 d-----w- c:\program files\Common Files\Adobe
2009-11-25 15:40 . 2009-10-01 23:52 8192 d-----w- c:\users\Buyer\AppData\Roaming\LimeWire
2009-11-25 03:10 . 2009-10-11 00:54 4096 d-----w- c:\users\Buyer\AppData\Roaming\Tropico3
2009-11-23 02:07 . 2009-11-06 03:03 -------- d-----w- c:\program files\Common Files\Steam
2009-11-21 21:56 . 2009-11-05 02:10 -------- d-----w- c:\program files\OpenAL
2009-11-21 09:34 . 2009-09-26 22:39 4096 d-----w- c:\program files\Vuze
2009-11-12 08:16 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-08 21:48 . 2009-10-08 01:45 -------- d-----w- c:\users\Buyer\AppData\Roaming\DAEMON Tools Lite
2009-11-05 02:10 . 2009-11-05 02:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-05 02:10 . 2009-11-05 02:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-03 04:42 . 2009-10-03 05:44 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 05:26 . 2009-09-11 04:49 48600 ----a-w- c:\users\Buyer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-19 05:26 . 2009-10-19 05:26 -------- d-----w- c:\programdata\FLEXnet
2009-10-19 05:22 . 2009-10-19 05:22 4096 d-----w- c:\program files\Adobe Media Player
2009-10-19 05:20 . 2009-10-19 05:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-17 18:14 . 2009-10-17 18:14 -------- d-----w- c:\program files\VideoLAN
2009-10-17 05:54 . 2009-09-26 22:40 175 ----a-w- c:\users\Buyer\AppData\Roaming\Azureus\restart.bat
2009-10-08 01:51 . 2009-10-08 01:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-10-08 01:49 . 2009-10-08 01:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-10-08 01:49 . 2009-10-08 01:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-10-08 01:45 . 2009-10-08 01:45 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-08 01:45 . 2009-10-08 01:45 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-10-08 01:43 . 2009-10-08 01:43 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-10-08 01:38 . 2009-10-08 01:38 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-08 01:38 . 2009-10-08 01:38 -------- d-----w- c:\users\Buyer\AppData\Roaming\DAEMON Tools Pro
2009-10-01 23:49 . 2009-10-01 23:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 04:26 . 2009-09-23 04:26 117760 ----a-w- c:\users\Buyer\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-14 09:50 . 2009-10-16 00:53 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 10:00 . 2009-09-12 10:00 268800 ----a-w- c:\windows\system32\es.dll
2009-09-12 08:11 . 2009-09-12 08:11 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2398.tmp.exe
2009-09-11 10:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-11 08:39 . 2009-09-11 08:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-11 08:39 . 2009-09-11 08:39 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-09-11 08:39 . 2009-09-11 08:39 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-09-11 08:39 . 2009-09-11 08:39 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-11 08:36 . 2009-09-11 08:36 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-11 08:36 . 2009-09-11 08:36 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-09-11 08:36 . 2009-09-11 08:36 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-09-11 08:33 . 2009-09-11 08:33 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-09-11 08:33 . 2009-09-11 08:33 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-09-11 08:33 . 2009-09-11 08:33 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-09-11 08:30 . 2009-09-11 08:30 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-09-11 08:30 . 2009-09-11 08:30 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-09-11 08:30 . 2009-09-11 08:30 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-09-11 08:30 . 2009-09-11 08:30 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-09-11 08:30 . 2009-09-11 08:30 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-09-11 08:29 . 2009-09-11 08:29 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-11 08:29 . 2009-09-11 08:29 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-09-11 08:28 . 2009-09-11 08:28 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 08:28 . 2009-09-11 08:28 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-11 08:28 . 2009-09-11 08:28 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 08:28 . 2009-09-11 08:28 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-11 08:28 . 2009-09-11 08:28 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 08:28 . 2009-09-11 08:28 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 08:26 . 2009-09-11 08:26 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-11 08:26 . 2009-09-11 08:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-11 08:26 . 2009-09-11 08:26 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-11 08:26 . 2009-09-11 08:26 24064 ----a-w- c:\windows\system32\lpk.dll
2009-09-11 08:26 . 2009-09-11 08:26 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-09-11 08:26 . 2009-09-11 08:26 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-11 08:25 . 2009-09-11 08:25 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-09-11 08:25 . 2009-09-11 08:25 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-09-11 08:23 . 2009-09-11 08:23 2855424 ----a-w- c:\windows\system32\mf.dll
2009-09-11 08:23 . 2009-09-11 08:23 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-11 08:23 . 2009-09-11 08:23 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-11 08:23 . 2009-09-11 08:23 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-11 08:23 . 2009-09-11 08:23 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-11 08:19 . 2009-09-11 08:19 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-11 08:18 . 2009-09-11 08:18 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-11 08:17 . 2009-09-11 08:17 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-09-11 08:15 . 2009-09-11 08:15 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-09-11 08:15 . 2009-09-11 08:15 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-09-11 08:13 . 2009-09-11 08:13 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-11 08:12 . 2009-09-11 08:12 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-09-11 08:11 . 2009-09-11 08:11 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-11 08:11 . 2009-09-11 08:11 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-11 08:10 . 2009-09-11 08:10 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-11 08:09 . 2009-09-11 08:09 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-11 08:09 . 2009-09-11 08:09 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-09-11 08:09 . 2009-09-11 08:09 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-09-11 08:08 . 2009-09-11 08:08 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-09-11 08:05 . 2009-09-11 08:05 414208 ----a-w- c:\windows\system32\msscp.dll
2009-09-11 08:00 . 2009-09-11 08:00 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-09-11 08:00 . 2009-09-11 08:00 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-09-11 08:00 . 2009-09-11 08:00 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-09-11 08:00 . 2009-09-11 08:00 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-09-11 08:00 . 2009-09-11 08:00 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-09-11 08:00 . 2009-09-11 08:00 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-09-11 08:00 . 2009-09-11 08:00 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-09-11 08:00 . 2009-09-11 08:00 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-09-11 08:00 . 2009-09-11 08:00 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-09-11 08:00 . 2009-09-11 08:00 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-09-11 07:56 . 2009-09-11 07:56 696832 ----a-w- c:\windows\system32\localspl.dll
2009-09-11 07:55 . 2009-09-11 07:55 88576 ----a-w- c:\windows\system32\avifil32.dll
2003-12-07 06:12 . 2003-12-07 06:12 121856 --sha-w- c:\windows\System32\fpplock.exe
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-12-04_04.55.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-11 10:15 . 2009-12-06 04:01 22448 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-06 04:01 47738 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-12-04 04:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-12-06 03:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-12-04 04:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-12-06 03:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 01:52 . 2009-12-04 05:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 01:52 . 2009-12-04 04:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 01:52 . 2009-12-04 04:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-27 01:52 . 2009-12-04 05:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-27 01:52 . 2009-12-04 04:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 01:52 . 2009-12-04 05:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-11 04:50 . 2009-12-06 04:01 5606 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4241927625-4090918812-4017936060-1000_UserData.bin
+ 2009-12-06 03:59 . 2009-12-06 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-04 04:46 . 2009-12-04 04:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-04 04:46 . 2009-12-04 04:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-06 03:59 . 2009-12-06 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-12-06 03:58 618410 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-04 04:53 618410 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-04 04:53 103818 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-12-06 03:58 103818 c:\windows\System32\perfc009.dat
- 2006-11-02 13:02 . 2009-12-04 04:46 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-12-06 03:59 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-09-11 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2009-11-06 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-09-11 1006264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 92704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280]
"Warning: do not remove it!"="fpplock.exe" [2003-12-07 121856]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 10:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 74480]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/26/2009 2:39 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/26/2009 2:39 PM 234888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/12/2009 12:08 AM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 7408]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 2:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 2:25 AM 251904]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\Buyer\AppData\Roaming\Mozilla\Firefox\Profiles\7ff39yq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 20:00
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll prosync1.sys >>UNKNOWN [0x851281F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x827e4d1f
\Driver\ACPI -> acpi.sys @ 0x8044d9d6
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\fpplock.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-12-05 20:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 04:03
ComboFix2.txt 2009-12-06 03:48
ComboFix3.txt 2009-12-04 04:57
Pre-Run: 146,995,777,536 bytes free
Post-Run: 146,962,554,880 bytes free
- - End Of File - - 3BB8973C17F1A06405352BEA8C36877D
dirtbikeryzz
New Member
No more help? 
Now it feels like my nets running really weird, youtube videos randomly refuse to load.
Now it feels like my nets running really weird, youtube videos randomly refuse to load.
Last edited:
Download Security Check from here or here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.
I'm gonna also recommend to do online virus scan by going to either housecall or panda.
http://us.trendmicro.com/us/housecall/
http://www.pandasecurity.com/homeusers/solutions/activescan/
Post back with the results.
Also recommending to go into add/remove progams and uninstall any software that says viewpoint in it. And recommending to uninstall any "ask" software such as the ask toolbar.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.
I'm gonna also recommend to do online virus scan by going to either housecall or panda.
http://us.trendmicro.com/us/housecall/
http://www.pandasecurity.com/homeusers/solutions/activescan/
Post back with the results.
Also recommending to go into add/remove progams and uninstall any software that says viewpoint in it. And recommending to uninstall any "ask" software such as the ask toolbar.
Last edited:
Respital
Active Member
Just to add to John's post that you can also run a scan with Kaspersky;
Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
- Click on "My Computer" and then put the kettle on!
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
dirtbikeryzz
New Member
Results of screen317's Security Check version 0.99.1
Windows Vista (UAC is disabled!)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
Eusing Free Registry Cleaner
Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
`````````End of Log```````````
Windows Vista (UAC is disabled!)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
Eusing Free Registry Cleaner
Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
`````````End of Log```````````
dirtbikeryzz
New Member
I'm running this active scan 2.0 I'll do more tomorrow. It seems like every thing new i run finds something but after i run it once it never find anything again. That's happen with superantispyware, malwarebytes, and combofix. Just throwing that out there.