A mess and don't know where to start

View previous topic View next topic Go down

A mess and don't know where to start

Post by Stormyme on 6th May 2011, 3:11 pm

I have been waiting for over a week for a reply from geekstogo and they have left me hanging with no response. Everything is shutting down or disappearing by the minute. Avast which was turning itself off every time I rebooted or opened firefox, has now stopped loading completely. My firewall is off and cant be found. System restore is gone as well. Actually I have partial Windows xp pro it looks like now. I can't get to windows update. My sound device keeps disappearing. Please help lol This started a few weeks ago with the Windows Security 2011 virus.~[Filtered]~


Last edited by Stormyme on 6th May 2011, 7:53 pm; edited 1 time in total (Reason for editing : trying to add OTL file)

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Stormyme on 6th May 2011, 7:54 pm

~[Filtered]~

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Stormyme on 6th May 2011, 7:56 pm

~[Filtered]~

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Belahzur on 6th May 2011, 8:17 pm

Hello.
Can you attach the logs?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Stormyme on 7th May 2011, 7:19 am

I get this error when I try. "Uploaded file is not valid."

I am open to any suggestion on how to get these files to you lol

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Belahzur on 7th May 2011, 2:01 pm

Can you upload the logs to mediafire.com and post the share URL here?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Stormyme on 7th May 2011, 7:47 pm

Very awesome , Smile I hope this works. Thank you so much!

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Stormyme on 7th May 2011, 9:03 pm

Just a note: I keep getting the "Generic Host Process for Win32 Services has encountered a problem and needs to close." When I click the get info link I get this:

C:\DOCUME~1\STORMY~1.000\LOCALS~1\Temp\WER50ec.dir00\svchost.exe.mdmp
C:\DOCUME~1\STORMY~1.000\LOCALS~1\Temp\WER50ec.dir00\appcompat.txt

In my process tab in task manager, I have an svchost.exe that is using 272,560 k in Mem usage. Isn't that rather large?

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Stormyme on 9th May 2011, 7:12 pm

were you able to see those files?

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Belahzur on 9th May 2011, 7:41 pm

Hello.
Yep, got them.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Stormyme on 21st May 2011, 5:04 am

First off let me apologize for the length of time on this reply, my internet was down a week for upgrades.

Second, Thank you so much for your help, here is the update:

I ran combofix, it found and fixed rootkit, but left me without internet. I have tried the reboot and repair, but it says can not find IP.
I am currently on another PC in my home. I have the Log file here.

ComboFix 11-05-19.02 - Stormy 05/20/2011 20:32:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2674 [GMT -7:00]
Running from: c:\documents and settings\Stormy.STORMYS2NDLIFE.000\My Documents\My Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Security Online *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\.#
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\Adobe\plugs
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\Adobe\shed
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\CB1723F9619B50A08C5B3F35855AFA19
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\CB1723F9619B50A08C5B3F35855AFA19\enemies-names.txt
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\CB1723F9619B50A08C5B3F35855AFA19\local.ini
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\adv.gif
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\Base64.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\ClickFreeBackup.exe
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\crafter-pguard5.skf
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\DvdId.cfg
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\FileList.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\FrenchResDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\gdiplus.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\GermanResDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\ItalianResDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\mb_email.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\mb_email2000.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\ShLog.txt
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\SkinCrafterDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\SpanishResDll.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\ClickFreeBackup\wiaaut.dll
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\inst.exe
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\TMInc
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\TMInc\game.cfg
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Application Data\TMInc\user1.sav
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\WINDOWS
c:\documents and settings\Stormy\Application Data\EHGrid.dll
c:\documents and settings\Stormy\Application Data\MBSEthernetPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSJPEGDecompressionPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSMainPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSRegistrationPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSUsernamePlugin.dll
c:\documents and settings\Stormy\Application Data\MBSWindowPlugin.dll
c:\documents and settings\Stormy\Application Data\MBSWinPlugin.dll
c:\documents and settings\Stormy\Application Data\noname.dll
c:\documents and settings\Stormy\Application Data\rbap450.dll
c:\documents and settings\Stormy\Application Data\RBSSLSocket450.dll
c:\program files\INSTALL.LOG
C:\s
c:\settings\desktop.ini
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\daemon.dll
c:\windows\ST6UNST.000
c:\windows\system32\_004776_.tmp.dll
c:\windows\system32\_004777_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004786_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004788_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
c:\windows\system32\_004790_.tmp.dll
c:\windows\system32\_004791_.tmp.dll
c:\windows\system32\_004792_.tmp.dll
c:\windows\system32\_004793_.tmp.dll
c:\windows\system32\_004794_.tmp.dll
c:\windows\system32\_004795_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004798_.tmp.dll
c:\windows\system32\_004799_.tmp.dll
c:\windows\system32\_004800_.tmp.dll
c:\windows\system32\_004801_.tmp.dll
c:\windows\system32\_004802_.tmp.dll
c:\windows\system32\_004803_.tmp.dll
c:\windows\system32\_004805_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004813_.tmp.dll
c:\windows\system32\_004814_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\_004818_.tmp.dll
c:\windows\system32\_004819_.tmp.dll
c:\windows\system32\_004821_.tmp.dll
c:\windows\system32\_004822_.tmp.dll
c:\windows\system32\_004823_.tmp.dll
c:\windows\system32\_004824_.tmp.dll
c:\windows\system32\_004825_.tmp.dll
c:\windows\system32\_004826_.tmp.dll
c:\windows\system32\_004827_.tmp.dll
c:\windows\system32\_004828_.tmp.dll
c:\windows\system32\_004829_.tmp.dll
c:\windows\system32\_004830_.tmp.dll
c:\windows\system32\_004831_.tmp.dll
c:\windows\system32\_004832_.tmp.dll
c:\windows\system32\_004833_.tmp.dll
c:\windows\system32\_004834_.tmp.dll
c:\windows\system32\_004835_.tmp.dll
c:\windows\system32\_004836_.tmp.dll
c:\windows\system32\_004838_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004840_.tmp.dll
c:\windows\system32\_004841_.tmp.dll
c:\windows\system32\_004842_.tmp.dll
c:\windows\system32\_004843_.tmp.dll
c:\windows\system32\_004844_.tmp.dll
c:\windows\system32\_004845_.tmp.dll
c:\windows\system32\_004846_.tmp.dll
c:\windows\system32\_004847_.tmp.dll
c:\windows\system32\_004848_.tmp.dll
c:\windows\system32\_004849_.tmp.dll
c:\windows\system32\_004850_.tmp.dll
c:\windows\system32\_004851_.tmp.dll
c:\windows\system32\_004852_.tmp.dll
c:\windows\system32\_004853_.tmp.dll
c:\windows\system32\_004854_.tmp.dll
c:\windows\system32\_004855_.tmp.dll
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004857_.tmp.dll
c:\windows\system32\_004858_.tmp.dll
c:\windows\system32\_004859_.tmp.dll
c:\windows\system32\_004860_.tmp.dll
c:\windows\system32\_004861_.tmp.dll
c:\windows\system32\_004862_.tmp.dll
c:\windows\system32\_004865_.tmp.dll
c:\windows\system32\_004866_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004868_.tmp.dll
c:\windows\system32\_004869_.tmp.dll
c:\windows\system32\_004870_.tmp.dll
c:\windows\system32\_004871_.tmp.dll
c:\windows\system32\_004872_.tmp.dll
c:\windows\system32\_004873_.tmp.dll
c:\windows\system32\_004875_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004879_.tmp.dll
c:\windows\system32\_004883_.tmp.dll
c:\windows\system32\_004884_.tmp.dll
c:\windows\system32\_004886_.tmp.dll
c:\windows\system32\_004889_.tmp.dll
c:\windows\system32\_004891_.tmp.dll
c:\windows\system32\_004892_.tmp.dll
c:\windows\system32\_004893_.tmp.dll
c:\windows\system32\_004894_.tmp.dll
c:\windows\system32\_004896_.tmp.dll
c:\windows\system32\_004897_.tmp.dll
c:\windows\system32\_004898_.tmp.dll
c:\windows\system32\_004899_.tmp.dll
c:\windows\system32\_004900_.tmp.dll
c:\windows\system32\_004901_.tmp.dll
c:\windows\system32\_004906_.tmp.dll
c:\windows\system32\_004908_.tmp.dll
c:\windows\system32\_004909_.tmp.dll
c:\windows\system32\_005064_.tmp.dll
c:\windows\system32\_005065_.tmp.dll
c:\windows\system32\_005066_.tmp.dll
c:\windows\system32\_005067_.tmp.dll
c:\windows\system32\_005070_.tmp.dll
c:\windows\system32\_005071_.tmp.dll
c:\windows\system32\_005072_.tmp.dll
c:\windows\system32\_005073_.tmp.dll
c:\windows\system32\_005074_.tmp.dll
c:\windows\system32\_005075_.tmp.dll
c:\windows\system32\_005076_.tmp.dll
c:\windows\system32\_005077_.tmp.dll
c:\windows\system32\_005078_.tmp.dll
c:\windows\system32\_005079_.tmp.dll
c:\windows\system32\_005080_.tmp.dll
c:\windows\system32\_005081_.tmp.dll
c:\windows\system32\_005082_.tmp.dll
c:\windows\system32\_005083_.tmp.dll
c:\windows\system32\_005084_.tmp.dll
c:\windows\system32\_005085_.tmp.dll
c:\windows\system32\_005086_.tmp.dll
c:\windows\system32\_005087_.tmp.dll
c:\windows\system32\_005088_.tmp.dll
c:\windows\system32\_005089_.tmp.dll
c:\windows\system32\_005090_.tmp.dll
c:\windows\system32\_005091_.tmp.dll
c:\windows\system32\_005092_.tmp.dll
c:\windows\system32\_005093_.tmp.dll
c:\windows\system32\_005094_.tmp.dll
c:\windows\system32\_005095_.tmp.dll
c:\windows\system32\_005096_.tmp.dll
c:\windows\system32\_005097_.tmp.dll
c:\windows\system32\_005098_.tmp.dll
c:\windows\system32\_005099_.tmp.dll
c:\windows\system32\_005100_.tmp.dll
c:\windows\system32\_005101_.tmp.dll
c:\windows\system32\_005102_.tmp.dll
c:\windows\system32\_005103_.tmp.dll
c:\windows\system32\_005104_.tmp.dll
c:\windows\system32\_005106_.tmp.dll
c:\windows\system32\_005107_.tmp.dll
c:\windows\system32\_005108_.tmp.dll
c:\windows\system32\_005109_.tmp.dll
c:\windows\system32\_005110_.tmp.dll
c:\windows\system32\_005111_.tmp.dll
c:\windows\system32\_005112_.tmp.dll
c:\windows\system32\_005113_.tmp.dll
c:\windows\system32\_005114_.tmp.dll
c:\windows\system32\_005115_.tmp.dll
c:\windows\system32\_005116_.tmp.dll
c:\windows\system32\_005117_.tmp.dll
c:\windows\system32\_005119_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005121_.tmp.dll
c:\windows\system32\_005122_.tmp.dll
c:\windows\system32\_005123_.tmp.dll
c:\windows\system32\_005124_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005126_.tmp.dll
c:\windows\system32\_005127_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005129_.tmp.dll
c:\windows\system32\_005130_.tmp.dll
c:\windows\system32\_005132_.tmp.dll
c:\windows\system32\_005133_.tmp.dll
c:\windows\system32\_005134_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005137_.tmp.dll
c:\windows\system32\_005139_.tmp.dll
c:\windows\system32\_005140_.tmp.dll
c:\windows\system32\_005141_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005144_.tmp.dll
c:\windows\system32\_005145_.tmp.dll
c:\windows\system32\_005147_.tmp.dll
c:\windows\system32\_005148_.tmp.dll
c:\windows\system32\_005149_.tmp.dll
c:\windows\system32\_005150_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\_005153_.tmp.dll
c:\windows\system32\_005154_.tmp.dll
c:\windows\system32\_005155_.tmp.dll
c:\windows\system32\_005156_.tmp.dll
c:\windows\system32\_005157_.tmp.dll
c:\windows\system32\_005158_.tmp.dll
c:\windows\system32\_005159_.tmp.dll
c:\windows\system32\_005160_.tmp.dll
c:\windows\system32\_005161_.tmp.dll
c:\windows\system32\_005162_.tmp.dll
c:\windows\system32\_005163_.tmp.dll
c:\windows\system32\_005165_.tmp.dll
c:\windows\system32\_005166_.tmp.dll
c:\windows\system32\_005167_.tmp.dll
c:\windows\system32\_005168_.tmp.dll
c:\windows\system32\_005170_.tmp.dll
c:\windows\system32\_005172_.tmp.dll
c:\windows\system32\_005173_.tmp.dll
c:\windows\system32\_005174_.tmp.dll
c:\windows\system32\_005175_.tmp.dll
c:\windows\system32\_005176_.tmp.dll
c:\windows\system32\_005177_.tmp.dll
c:\windows\system32\_005178_.tmp.dll
c:\windows\system32\_005180_.tmp.dll
c:\windows\system32\_005181_.tmp.dll
c:\windows\system32\_005182_.tmp.dll
c:\windows\system32\_005183_.tmp.dll
c:\windows\system32\_005184_.tmp.dll
c:\windows\system32\_005185_.tmp.dll
c:\windows\system32\_005186_.tmp.dll
c:\windows\system32\_005187_.tmp.dll
c:\windows\system32\_005189_.tmp.dll
c:\windows\system32\_005190_.tmp.dll
c:\windows\system32\_005192_.tmp.dll
c:\windows\system32\_005193_.tmp.dll
c:\windows\system32\_005195_.tmp.dll
c:\windows\system32\_005196_.tmp.dll
c:\windows\system32\_005200_.tmp.dll
c:\windows\system32\_005201_.tmp.dll
c:\windows\system32\_005203_.tmp.dll
c:\windows\system32\_005206_.tmp.dll
c:\windows\system32\_005208_.tmp.dll
c:\windows\system32\_005209_.tmp.dll
c:\windows\system32\_005210_.tmp.dll
c:\windows\system32\_005211_.tmp.dll
c:\windows\system32\_005214_.tmp.dll
c:\windows\system32\_005215_.tmp.dll
c:\windows\system32\_005216_.tmp.dll
c:\windows\system32\_005217_.tmp.dll
c:\windows\system32\_005218_.tmp.dll
c:\windows\system32\_005223_.tmp.dll
c:\windows\system32\_005225_.tmp.dll
c:\windows\system32\_005226_.tmp.dll
c:\windows\system32\_005390_.tmp.dll
c:\windows\system32\_005391_.tmp.dll
c:\windows\system32\_005392_.tmp.dll
c:\windows\system32\_005393_.tmp.dll
c:\windows\system32\_005400_.tmp.dll
c:\windows\system32\_005401_.tmp.dll
c:\windows\system32\_005402_.tmp.dll
c:\windows\system32\_005403_.tmp.dll
c:\windows\system32\_005404_.tmp.dll
c:\windows\system32\_005405_.tmp.dll
c:\windows\system32\_005406_.tmp.dll
c:\windows\system32\_005408_.tmp.dll
c:\windows\system32\_005409_.tmp.dll
c:\windows\system32\_005412_.tmp.dll
c:\windows\system32\_005413_.tmp.dll
c:\windows\system32\_005414_.tmp.dll
c:\windows\system32\_005415_.tmp.dll
c:\windows\system32\_005416_.tmp.dll
c:\windows\system32\_005417_.tmp.dll
c:\windows\system32\_005418_.tmp.dll
c:\windows\system32\_005420_.tmp.dll
c:\windows\system32\_005421_.tmp.dll
c:\windows\system32\_005422_.tmp.dll
c:\windows\system32\_005423_.tmp.dll
c:\windows\system32\_005424_.tmp.dll
c:\windows\system32\_005425_.tmp.dll
c:\windows\system32\_005426_.tmp.dll
c:\windows\system32\_005427_.tmp.dll
c:\windows\system32\_005428_.tmp.dll
c:\windows\system32\_005430_.tmp.dll
c:\windows\system32\_005431_.tmp.dll
c:\windows\system32\_005432_.tmp.dll
c:\windows\system32\_005433_.tmp.dll
c:\windows\system32\_005435_.tmp.dll
c:\windows\system32\_005436_.tmp.dll
c:\windows\system32\_005437_.tmp.dll
c:\windows\system32\_005438_.tmp.dll
c:\windows\system32\_005439_.tmp.dll
c:\windows\system32\_005440_.tmp.dll
c:\windows\system32\_005442_.tmp.dll
c:\windows\system32\_005444_.tmp.dll
c:\windows\system32\_005445_.tmp.dll
c:\windows\system32\_005446_.tmp.dll
c:\windows\system32\_005447_.tmp.dll
c:\windows\system32\_005449_.tmp.dll
c:\windows\system32\_005450_.tmp.dll
c:\windows\system32\_005451_.tmp.dll
c:\windows\system32\_005452_.tmp.dll
c:\windows\system32\_005453_.tmp.dll
c:\windows\system32\_005454_.tmp.dll
c:\windows\system32\_005455_.tmp.dll
c:\windows\system32\_005456_.tmp.dll
c:\windows\system32\_005457_.tmp.dll
c:\windows\system32\_005458_.tmp.dll
c:\windows\system32\_005459_.tmp.dll
c:\windows\system32\_005460_.tmp.dll
c:\windows\system32\_005461_.tmp.dll
c:\windows\system32\_005462_.tmp.dll
c:\windows\system32\_005463_.tmp.dll
c:\windows\system32\_005464_.tmp.dll
c:\windows\system32\_005465_.tmp.dll
c:\windows\system32\_005466_.tmp.dll
c:\windows\system32\_005467_.tmp.dll
c:\windows\system32\_005468_.tmp.dll
c:\windows\system32\_005469_.tmp.dll
c:\windows\system32\_005470_.tmp.dll
c:\windows\system32\_005471_.tmp.dll
c:\windows\system32\_005472_.tmp.dll
c:\windows\system32\_005473_.tmp.dll
c:\windows\system32\_005474_.tmp.dll
c:\windows\system32\_005475_.tmp.dll
c:\windows\system32\_005476_.tmp.dll
c:\windows\system32\_005477_.tmp.dll
c:\windows\system32\_005478_.tmp.dll
c:\windows\system32\_005480_.tmp.dll
c:\windows\system32\_005482_.tmp.dll
c:\windows\system32\_005483_.tmp.dll
c:\windows\system32\_005484_.tmp.dll
c:\windows\system32\_005485_.tmp.dll
c:\windows\system32\_005486_.tmp.dll
c:\windows\system32\_005488_.tmp.dll
c:\windows\system32\_005489_.tmp.dll
c:\windows\system32\_005492_.tmp.dll
c:\windows\system32\_005493_.tmp.dll
c:\windows\system32\_005495_.tmp.dll
c:\windows\system32\_005496_.tmp.dll
c:\windows\system32\_005497_.tmp.dll
c:\windows\system32\_005498_.tmp.dll
c:\windows\system32\_005499_.tmp.dll
c:\windows\system32\_005500_.tmp.dll
c:\windows\system32\_005501_.tmp.dll
c:\windows\system32\_005502_.tmp.dll
c:\windows\system32\_005503_.tmp.dll
c:\windows\system32\_005505_.tmp.dll
c:\windows\system32\_005506_.tmp.dll
c:\windows\system32\_005507_.tmp.dll
c:\windows\system32\_005508_.tmp.dll
c:\windows\system32\_005510_.tmp.dll
c:\windows\system32\_005511_.tmp.dll
c:\windows\system32\_005513_.tmp.dll
c:\windows\system32\_005514_.tmp.dll
c:\windows\system32\_005515_.tmp.dll
c:\windows\system32\_005516_.tmp.dll
c:\windows\system32\_005517_.tmp.dll
c:\windows\system32\_005518_.tmp.dll
c:\windows\system32\_005519_.tmp.dll
c:\windows\system32\_005521_.tmp.dll
c:\windows\system32\_005522_.tmp.dll
c:\windows\system32\_005523_.tmp.dll
c:\windows\system32\_005524_.tmp.dll
c:\windows\system32\_005525_.tmp.dll
c:\windows\system32\_005526_.tmp.dll
c:\windows\system32\_005527_.tmp.dll
c:\windows\system32\_005528_.tmp.dll
c:\windows\system32\_005530_.tmp.dll
c:\windows\system32\_005531_.tmp.dll
c:\windows\system32\_005532_.tmp.dll
c:\windows\system32\_005533_.tmp.dll
c:\windows\system32\_005536_.tmp.dll
c:\windows\system32\_005537_.tmp.dll
c:\windows\system32\_005541_.tmp.dll
c:\windows\system32\_005542_.tmp.dll
c:\windows\system32\_005544_.tmp.dll
c:\windows\system32\_005545_.tmp.dll
c:\windows\system32\_005547_.tmp.dll
c:\windows\system32\_005549_.tmp.dll
c:\windows\system32\_005550_.tmp.dll
c:\windows\system32\_005551_.tmp.dll
c:\windows\system32\_005552_.tmp.dll
c:\windows\system32\_005555_.tmp.dll
c:\windows\system32\_005556_.tmp.dll
c:\windows\system32\_005557_.tmp.dll
c:\windows\system32\_005558_.tmp.dll
c:\windows\system32\_005559_.tmp.dll
c:\windows\system32\_005564_.tmp.dll
c:\windows\system32\_005566_.tmp.dll
c:\windows\system32\_005567_.tmp.dll
c:\windows\system32\11034841.dll
c:\windows\system32\18467.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\mssfc.dll
c:\windows\system32\winlogon.bak
c:\windows\v10neformatic.dll
c:\windows\v10neformatic.ocx
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_TDSSSERV.SYS
-------\Service_AFPAnsi
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 20:20 . 2009-07-14 22:35 19720 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2011-05-04 11:10 . 2011-01-20 23:14 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-26 07:37 . 2011-03-26 07:30 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-03-26 06:31 . 2011-03-26 06:31 2 --shatr- c:\windows\winstart.bat
2011-02-28 15:09 . 2009-02-07 19:16 53248 ----a-w- c:\windows\system32\CSVer.dll
2008-12-20 09:41 . 2009-10-09 01:19 218112 ----a-w- c:\program files\HijackThis1991.exe
2008-07-08 10:35 . 2008-07-08 10:35 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 94280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
.
c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-4-12 1172992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cr1lk2ulc2t.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xay21jfwuu2.sys]
@="\??\c:\windows\system32\drivers\xay21jfwuu2.sys"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"C:0\\StormysStuff\\Space_Siege__Rip_550_mb_\\Fonekat.Net.Space.Siege.Rip\\Fonekat.Net.Space.Siege.Rip\\SpaceSiege.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\ijji\\ENGLISH\\AVA\\binaries\\AVA.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\ijjigame\\PurpleBean.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"C:0\\Program Files\\mIRC\\mirc.exe"=
"C:0\\RelicCOH.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Stormy.STORMYS2NDLIFE.000\\Local Settings\\Application Data\\BetOnSoft\\Grand Eagle\\Code\\win32\\vc80\\release\\GameHost\\GameClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\ijjiOptimizer.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56989:TCP"= 56989:TCP:*:Disabled:Pando Media Booster
"56989:UDP"= 56989:UDP:*:Disabled:Pando Media Booster
"58779:TCP"= 58779:TCP:Pando Media Booster
"58779:UDP"= 58779:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R0 d244bus;d244bus;c:\windows\system32\drivers\d244bus.sys [10/12/2008 6:15 AM 137216]
R0 d244prt;d244prt;c:\windows\system32\drivers\d244prt.sys [10/12/2008 6:15 AM 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/8/2011 5:35 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/8/2011 5:35 PM 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/8/2011 5:35 PM 19544]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/20/2011 4:14 PM 10448]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/7/2011 3:50 AM 632792]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [7/14/2009 3:35 PM 19720]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [9/15/2009 2:59 PM 38248]
S0 dqdjj;dqdjj;c:\windows\system32\drivers\wxcbasj.sys --> c:\windows\system32\drivers\wxcbasj.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/15/2009 6:01 AM 685816]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 6:07 PM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\STORMY~1.000\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\STORMY~1.000\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 DCamUSBBVI;SiPix StyleCam BlinkII Dual Mode Camera;c:\windows\system32\Drivers\biomini.sys --> c:\windows\system32\Drivers\biomini.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\STORMY~1.000\LOCALS~1\Temp\KXH1721.tmp --> c:\docume~1\STORMY~1.000\LOCALS~1\Temp\KXH1721.tmp [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 6:07 PM 136176]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [1/16/2010 11:54 AM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [1/16/2010 11:54 AM 13312]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [5/6/2011 1:20 PM 14856]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [11/19/2009 3:12 AM 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [11/19/2009 3:12 AM 218608]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2D.tmp --> c:\windows\system32\2D.tmp [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2/28/2006 5:00 AM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [3/26/2011 12:30 AM 24416]
S3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [10/14/2009 6:05 PM 88864]
S3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [10/14/2009 6:05 PM 39200]
S3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [10/14/2009 6:05 PM 80672]
S3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [10/14/2009 6:05 PM 41984]
S3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [10/14/2009 6:05 PM 24704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 SuperMounter;SuperMounter; [x]
S4 xay21jfwuu2.sys;xay21jfwuu2.sys;\??\c:\windows\system32\drivers\xay21jfwuu2.sys --> c:\windows\system32\drivers\xay21jfwuu2.sys [?]
S4 XDva136;XDva136;\??\c:\windows\system32\XDva136.sys --> c:\windows\system32\XDva136.sys [?]
S4 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S4 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc096a8c6d5ca4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 01:07]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 01:07]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2025429265-839522115-1004Core.job
- c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 09:49]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2025429265-839522115-1004UA.job
- c:\documents and settings\Stormy.STORMYS2NDLIFE.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 09:49]
.
2009-09-12 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Administrator.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
2009-09-12 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Stormy.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
2011-05-21 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-04-26 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-05-07 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-04-05 07:40]
.
2011-05-21 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-05-07 00:05]
.
2011-05-21 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-05-07 19:26]
.
2011-05-06 c:\windows\Tasks\User_Feed_Synchronization-{380FE606-3C88-4C8A-8D4F-D852D1A9C601}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
Trusted Zone: $talisma_url$
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: yahoo.com
DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-TaskTray - (no file)
HKU-Default-Run-SvrWsc - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-20 21:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\STORMY~1.000\LOCALS~1\Temp\KXH1721.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2D.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-2025429265-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
.
**************************************************************************
.
Completion time: 2011-05-20 21:34:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-21 04:33
.
Pre-Run: 275,106,123,776 bytes free
Post-Run: 276,710,096,896 bytes free
.
Current=15 Default=15 Failed=1 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - E717FBEF008ED23CC2C54FFBA869D802

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Stormyme on 21st May 2011, 5:20 am

Update

I have tried releasing and renewing my ip and get this

The RPC server is unavailable

So at this point I am leaving my PC alone until I hear from you Cheesy Grin (sparkly
I don't want to make it worse lol ;)

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Stormyme on 25th May 2011, 5:05 am

bump

Stormyme
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-04-21
Gender Gender : Female
OS OS : windows xp pro
Protection Protection : avast
Points Points : 20749
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A mess and don't know where to start

Post by Belahzur on 30th May 2011, 8:14 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\windows\winstart.bat

    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cr1lk2ulc2t.sys]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xay21jfwuu2.sys]

    Driver::
    dqdjj
    oreans32
    cpuz134
    xay21jfwuu2
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum