Possible garrys mod virus?

View previous topic View next topic Go down

Re: Possible garrys mod virus?

Post by Sneakyone on Sun Aug 14, 2011 12:17 am

Hi,

Actually, lets do some deeper checks to make sure. Be sure you change all of your passwords from a clean machine. Try and cancel that credit card as well because people who steal them have no heart when it comes to charging them when making purchases online.


Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.



I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Sun Aug 14, 2011 6:27 am

ComboFix 11-08-14.02 - memoirs 08/14/2011 3:11.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2752 [GMT -7:00]
Running from: c:\documents and settings\memoirs\desktop\commy.exe
Command switches used :: /stepdel
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Steam\steam.exe
.
---- Previous Run -------
.
c:\documents and settings\memoirs\Application Data\Local
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\.ddr
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\2.ddi
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\3.ddi
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\4.ddi
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\5.ddi
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\6.ddi
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Black.Swan.DVD.SCR.100thMonkey_ns.avi(2).ddr
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Black.Swan.DVD.SCR.100thMonkey_ns.avi(3).ddr
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Black.Swan.DVD.SCR.100thMonkey_ns.avi.ddr
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Black.Swan_2010_DVDSCR.XviD.AC3-Rx.avi.ddr
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Black.Swan.DVD.SCR.100thMonkey_ns.avi(2).ddp
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Black.Swan.DVD.SCR.100thMonkey_ns.avi(3).ddp
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Black.Swan.DVD.SCR.100thMonkey_ns.avi.ddp
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Black.Swan_2010_DVDSCR.XviD.AC3-Rx.avi.ddp
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi(2).ddp
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi.ddp
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\video.avi(2).ddr
c:\documents and settings\memoirs\Application Data\Local\Temp\DDM\Settings\video.avi.ddr
c:\documents and settings\memoirs\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-13 01:18 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{6F1EBDDF-1178-49AC-BAC6-6D4B14DCF1B4}\mpengine.dll
2011-08-12 08:35 . 2011-08-12 08:35 -------- d-----w- c:\documents and settings\memoirs\Application Data\.minecraft
2011-08-11 10:00 . 2011-08-11 10:00 -------- d-----w- C:\NVIDIA
2011-08-11 09:19 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 09:19 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-03 23:18 . 2011-08-03 23:18 -------- d-----w- c:\documents and settings\UpdatusUser
2011-08-03 23:18 . 2011-08-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-08-03 23:18 . 2011-08-03 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-08-03 23:18 . 2011-08-03 11:49 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 23:18 . 2011-08-11 10:20 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-03 23:18 . 2011-08-11 10:20 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-03 23:18 . 2011-08-11 10:02 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-03 23:17 . 2011-08-03 11:49 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 23:17 . 2011-08-03 11:49 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 23:17 . 2011-08-03 11:49 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 23:17 . 2011-08-03 11:49 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 23:17 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-07-16 01:26 . 2011-07-16 01:26 -------- d-----w- c:\documents and settings\abe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 23:38 . 2008-11-15 04:52 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-03 23:38 . 2010-07-11 23:01 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-03 23:38 . 2008-11-15 04:52 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-03 23:26 . 2008-11-15 04:52 280768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-03 11:49 . 2010-12-29 06:19 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-07-15 19:49 . 2009-05-10 06:25 313208 ----a-w- c:\windows\system32\TubeFinder.exe
2011-07-15 13:29 . 2004-08-03 23:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2009-06-07 17:24 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-08 14:02 . 2004-12-01 10:46 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-11-03 13:15 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-04 00:56 667136 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-04 00:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:18 . 2004-08-03 22:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 12:58 . 2004-08-03 22:59 369664 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 00:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 00:02 . 2008-11-30 03:20 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2011-06-16 00:02 . 2008-11-30 03:20 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-06-02 14:02 . 2004-08-03 23:17 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-29 16:11 . 2010-06-19 03:42 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2010-06-19 03:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 02:14 . 2010-06-13 14:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-16 04:17 . 2011-03-23 05:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe
[-] 2009-08-07 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-07 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2005-04-07 . 45757077A47C68A603A79B03A1A836AB . 1032192 . . [6.00.2900.2649] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB884883$\explorer.exe
.
[-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . AAC9DAE0E7C43BD26C43FC7436E2F1B0 . 832512 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2010-10-03 470544]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"RTHDCPL"="RTHDCPL.EXE" [2011-03-22 20053096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
c:\documents and settings\memoirs\Start Menu\Programs\Startup\
nvidiaInspector.lnk - c:\documents and settings\memoirs\Desktop\nvidia Inspector\nvidiaInspector.exe [2011-1-25 530432]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^memoirs^Start Menu^Programs^Startup^ImpulseNow.lnk]
path=c:\documents and settings\memoirs\Start Menu\Programs\Startup\ImpulseNow.lnk
backup=c:\windows\pss\ImpulseNow.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^memoirs^Start Menu^Programs^Startup^Shortcut to steamstart.lnk]
path=c:\documents and settings\memoirs\Start Menu\Programs\Startup\Shortcut to steamstart.lnk
backup=c:\windows\pss\Shortcut to steamstart.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
c:\pchelpforum\CF26829.cfxxe [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-24 04:25 136176 ----atw- c:\documents and settings\memoirs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-05-29 16:11 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
2010-09-30 18:47 93360 ------w- c:\program files\Olympus\ib\olycamdetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 20:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneBusEnum"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"MBAMService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.patch.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\pirates, vikings, and knights ii\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Microsoft Games\\Rome at War\\age2_x1\\age2_x1.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\fate of the world\\bin\\fotw.exe"=
"c:\\Program Files\\Ubisoft\\Dawn of Discovery\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dino d-day\\dinodday.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dino d-day\\srcds.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\garrysmod\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8380:TCP"= 8380:TCP:*:Disabled:League of Legends Launcher
"8380:UDP"= 8380:UDP:*:Disabled:League of Legends Launcher
"6892:TCP"= 6892:TCP:*:Disabled:League of Legends Launcher
"6892:UDP"= 6892:UDP:*:Disabled:League of Legends Launcher
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/3/2011 4:18 PM 2255464]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\memoirs\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\memoirs\LOCALS~1\Temp\ALSysIO.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/24/2010 6:30 PM 1691480]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 1:07 PM 25832]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/18/2010 8:42 PM 22712]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 1:57 PM 268528]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/18/2010 8:42 PM 366640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1454471165-839522115-1007Core.job
- c:\documents and settings\memoirs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 04:25]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1454471165-839522115-1007UA.job
- c:\documents and settings\memoirs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 04:25]
.
2011-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\documents and settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol 120\axcmd.exe
MSConfigStartUp-Steam - c:\program files\Steam\steam.exe
AddRemove-SimCity 3000 - c:\program files\Maxis\SimCity 3000\Uninst.isu
AddRemove-Steam App 130 - c:\program files\Steam\steam.exe
AddRemove-Steam App 17510 - c:\program files\Steam\steam.exe
AddRemove-Steam App 17570 - c:\program files\Steam\steam.exe
AddRemove-Steam App 17700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 20 - c:\program files\Steam\steam.exe
AddRemove-Steam App 215 - c:\program files\Steam\steam.exe
AddRemove-Steam App 218 - c:\program files\Steam\steam.exe
AddRemove-Steam App 220 - c:\program files\Steam\steam.exe
AddRemove-Steam App 22380 - c:\program files\Steam\steam.exe
AddRemove-Steam App 24400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 30 - c:\program files\Steam\steam.exe
AddRemove-Steam App 380 - c:\program files\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 41700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 420 - c:\program files\Steam\steam.exe
AddRemove-Steam App 43110 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 50 - c:\program files\Steam\steam.exe
AddRemove-Steam App 500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 550 - c:\program files\Steam\steam.exe
AddRemove-Steam App 57300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 60 - c:\program files\Steam\steam.exe
AddRemove-Steam App 620 - c:\program files\Steam\steam.exe
AddRemove-Steam App 67000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 70000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 80200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 8930 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-08-14 03:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-1454471165-839522115-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c9,8d,dc,fa,21,f9,1b,5d,d9,77,1f,99,cb,a7,cc,f7,05,88,12,3d,7b,77,b1,
4e,0b,7e,ca,eb,d7,0b,24,68,c3,b7,e7,08,0d,91,35,ce,4f,1a,41,32,00,2a,8d,16,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1123561945-1454471165-839522115-1007\Software\SecuROM\License information*]
"datasecu"=hex:c5,27,bd,de,1a,73,7c,f6,df,77,56,df,7a,35,ec,ef,53,a2,eb,9c,8c,
af,dc,3a,38,17,48,1f,5e,aa,34,f7,bc,6b,21,59,00,a8,84,2b,63,31,4c,77,1d,b8,\
"rkeysecu"=hex:d6,d6,4e,6f,9d,d6,91,1f,67,26,d8,e2,98,68,ce,07
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\nvLsp.dll
.
Completion time: 2011-08-14 03:23:34
ComboFix-quarantined-files.txt 2011-08-14 10:23
ComboFix2.txt 2010-07-07 19:52
.
Pre-Run: 31,268,020,224 bytes free
Post-Run: 31,287,857,152 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 917258D82BFDD1753C05AA2A832DB405

planetsngalaxies
Novice
Novice

Posts Posts : 33
Joined Joined : 2010-06-17
OS OS : Windows XP and Linux
Points Points : 24131
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Sneakyone on Sun Aug 14, 2011 11:52 pm

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    DeQuarantine::
    c:\qoobox\quarantine\c\program files\Steam\steam.exe.vir

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum