Some type of virus

View previous topic View next topic Go down

Some type of virus

Post by SA8TER21 on 25th April 2009, 9:21 pm

I know Iv been here before and you solved my problem. But for some reason I just randomly got a virus or something. I have no idea how I got it and its very weird. It gives me an error of when ever I try to open up one of my HDDs. I can get into them by right clicking and going to explore. But still it shouldnt do this.

Sorry for having to come back. Sad tearing I serously didnt do anything else other then gaming and going to my clan forums and youtube.

Heres a picture of the error



Here is my Hijackthis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:19 PM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\Fluffy\Desktop\Desktop icons\CoreTemp\Core Temp.exe
C:\Documents and Settings\Fluffy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Documents and Settings\Fluffy\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Core Temp] "C:\Documents and Settings\Fluffy\Desktop\Desktop icons\CoreTemp\Core Temp.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fluffy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Tango Patcher (Applications) Reloader.lnk = C:\WINDOWS\Tango Patcher (Applications)\Reloader.exe
O4 - Global Startup: Tango Patcher 2600 Reloader.lnk = C:\WINDOWS\Tango Patcher 2600\Reloader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5761 bytes

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by Belahzur on 25th April 2009, 9:41 pm

Log looks okay, what drive letter is the drive your trying to get into that shows that error?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 25th April 2009, 10:29 pm

Both my Hard Drives C: and E:

It happend after I crashed while recording with Fraps. It happend on restart.

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by Belahzur on 25th April 2009, 10:44 pm

Hello.
I'll fix that error after another scan, I want a deeper scan before I remove it.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 25th April 2009, 11:08 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Fluffy at 16:05:59.73 on Sat 04/25/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2210 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\Fluffy\Desktop\Desktop icons\CoreTemp\Core Temp.exe
C:\Documents and Settings\Fluffy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fluffy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [Core Temp] "c:\documents and settings\fluffy\desktop\desktop icons\coretemp\Core Temp.exe"
uRun: [Google Update] "c:\documents and settings\fluffy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [RTHDCPL] RTHDCPL.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tangop~1.lnk - c:\windows\tango patcher (applications)\Reloader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tangop~2.lnk - c:\windows\tango patcher 2600\Reloader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fluffy\applic~1\mozilla\firefox\profiles\833iny4z.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\fluffy\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\fluffy\locals~1\temp\alsysio.sys --> c:\docume~1\fluffy\locals~1\temp\ALSysIO.sys [?]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2009-4-7 38656]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-10-8 3584]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-9 1684736]

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 25th April 2009, 11:09 pm

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-04-25 13:55 --d----- c:\program files\Spybot - Search & Destroy
2009-04-25 13:55 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-25 13:26 765,952 a------- c:\windows\system32\xvidcore.dll
2009-04-25 13:26 77,824 a------- c:\windows\system32\xvid.ax
2009-04-25 13:26 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-04-25 13:26 --d----- c:\program files\Xvid
2009-04-24 21:08 --d----- c:\program files\Rockstar Games
2009-04-19 18:22 33 a------- c:\windows\GunZLauncher.INI
2009-04-19 18:21 --d----- c:\program files\GamingSync
2009-04-19 00:20 --d----- c:\program files\Braid
2009-04-18 17:42 --d----- c:\docume~1\fluffy\applic~1\Braid
2009-04-18 01:06 1,908 a------- c:\windows\diagwrn.xml
2009-04-18 01:06 1,908 a------- c:\windows\diagerr.xml
2009-04-17 23:32 --d----- C:\CrashReport
2009-04-17 23:18 --d----- c:\program files\Runes of Magic
2009-04-17 16:09 69 a------- c:\windows\NeroDigital.ini
2009-04-17 12:50 --d----- c:\docume~1\fluffy\applic~1\FOG Downloader
2009-04-17 11:01 --d----- c:\program files\Silent Hill Homecoming
2009-04-17 03:00 --d----- c:\program files\MSXML 4.0
2009-04-16 14:42 364,544 a------- c:\windows\system32\TwnLib4.dll
2009-04-16 14:41 1,568,768 a------- c:\windows\system32\imagX7.dll
2009-04-16 14:41 476,320 a------- c:\windows\system32\imagXpr7.dll
2009-04-16 14:41 471,040 a------- c:\windows\system32\imagXRA7.dll
2009-04-16 14:41 262,144 a------- c:\windows\system32\imagXR7.dll
2009-04-16 14:41 --d----- c:\program files\Nero
2009-04-16 14:41 --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-04-16 09:05 1,830,912 a------- c:\documents and settings\fluffy\EhSvc.dll
2009-04-16 09:04 95,232 a------- c:\documents and settings\fluffy\EGRNAPX2.dll
2009-04-16 09:04 --d----- c:\documents and settings\fluffy\HackShield
2009-04-16 09:04 178,273 a------- c:\documents and settings\fluffy\EGRNAP.dll
2009-04-16 09:02 303,104 a------- c:\documents and settings\fluffy\Win98sUpdateUtil.exe
2009-04-16 09:02 --d----- c:\documents and settings\fluffy\Resource
2009-04-16 09:01 1,019,904 a------- c:\documents and settings\fluffy\Launcher.exe
2009-04-16 04:17 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-04-16 04:17 4,682 a------- c:\windows\system32\npptNT2.sys
2009-04-16 04:17 --d----- c:\program files\common files\INCA Shared
2009-04-16 04:09 --d----- c:\program files\GALA-NET
2009-04-15 21:28 --d----- c:\docume~1\fluffy\applic~1\Spore
2009-04-15 18:13 289,280 ac------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 18:13 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 12:37 -cd-h--- c:\docume~1\alluse~1\applic~1\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-04-14 11:17 41,808 a------- c:\windows\system32\xfcodec.dll
2009-04-13 22:26 245,376 a------- c:\windows\system32\drivers\rt2500usb.sys
2009-04-13 22:26 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-04-13 22:26 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-04-13 22:26 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-04-13 22:26 17,992 a------- c:\windows\system32\drivers\bcm42rly.sys
2009-04-13 22:26 17,992 a------- c:\windows\system32\bcm42rly.sys
2009-04-11 16:37 --d----- c:\program files\Natural Mod
2009-04-11 15:38 --d----- c:\windows\system32\URTTEMP
2009-04-11 15:27 --d----- c:\windows\system32\appmgmt
2009-04-11 12:15 669,184 a------- c:\windows\system32\pbsvc.exe
2009-04-09 22:31 --d----- c:\windows\system32\NtmsData
2009-04-09 22:26 --ds---- c:\documents and settings\fluffy\UserData
2009-04-09 16:19 22,328 a------- c:\docume~1\fluffy\applic~1\PnkBstrK.sys
2009-04-09 16:18 319 a------- c:\windows\game.ini
2009-04-09 16:09 --d----- c:\program files\Activision
2009-04-09 15:41 --dsh--- c:\windows\ftpcache
2009-04-09 01:20 290,816 a------- c:\windows\vncutil.exe
2009-04-09 01:20 122,880 a------- c:\windows\RtkAudioService.exe
2009-04-09 01:20 36,352 a------- c:\windows\system32\RtkCoInstXP.dll
2009-04-09 01:20 1,389,056 a------- c:\windows\system32\drivers\Monfilt.sys
2009-04-09 01:20 1,684,736 a------- c:\windows\system32\drivers\Ambfilt.sys
2009-04-09 01:12 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-04-09 01:12 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-04-09 01:12 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-04-09 01:12 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-04-09 01:12 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-04-09 01:12 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-04-09 01:12 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-04-09 01:12 --d-h--- c:\windows\msdownld.tmp
2009-04-09 00:35 138,920 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 00:35 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-04-09 00:35 189,072 a------- c:\windows\system32\PnkBstrB.xtr
2009-04-09 00:35 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-04-09 00:32 --d----- C:\Game
2009-04-09 00:26 --d----- c:\docume~1\alluse~1\applic~1\BCR
2009-04-09 00:25 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-04-09 00:25 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-04-09 00:25 --d----- c:\program files\OpenAL
2009-04-09 00:25 102,400 a------- c:\windows\system\OpenAL32.dll
2009-04-09 00:23 --d----- c:\docume~1\fluffy\applic~1\Microsoft Games
2009-04-08 23:22 --d----- c:\docume~1\fluffy\applic~1\Ubisoft
2009-04-08 22:50 --d----- C:\ProgramData
2009-04-08 22:50 --d----- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-04-08 22:42 --d----- c:\program files\EA Games
2009-04-08 22:41 --d----- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-04-08 20:19 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-08 19:50 --d----- c:\windows\system32\xlive
2009-04-08 19:50 --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-04-08 19:49 23 a------- c:\windows\BlendSettings.ini
2009-04-08 18:44 --d----- c:\windows\Logs
2009-04-08 18:36 --d----- c:\program files\505games
2009-04-08 18:27 156 a------- c:\windows\Twunk001.MTX
2009-04-08 18:27 2 a------- c:\windows\Twain001.Mtx
2009-04-08 18:27 0 a------- c:\windows\Twunk002.MTX
2009-04-08 18:20 --d----- c:\program files\Sony
2009-04-08 18:19 --d----- c:\windows\SxsCaPendDel
2009-04-08 18:16 --d----- c:\windows\system32\XPSViewer
2009-04-08 18:16 14,048 -------- c:\windows\system32\spmsg2.dll
2009-04-08 18:04 --d----- c:\program files\Sony Setup
2009-04-08 17:49 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2009-04-08 17:49 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-04-08 16:58 --d----- c:\program files\ASIO4ALL v2
2009-04-08 16:36 225,280 a------- c:\windows\system32\rewire.dll
2009-04-08 16:36 --d----- c:\program files\VstPlugins
2009-04-08 16:36 1,294,336 a------- c:\windows\system32\vorbis.acm

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 25th April 2009, 11:09 pm

2009-04-08 16:35 --d----- c:\program files\Outsim
2009-04-08 16:34 --d----- c:\program files\Image-Line
2009-04-08 16:27 --d----- c:\program files\Bethesda Softworks
2009-04-08 08:17 3,497,832 a------- c:\windows\system\d3dx9_34.dll
2009-04-08 08:06 --d----- c:\program files\Easy Video Splitter
2009-04-08 08:04 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-04-08 08:04 1,421,216 a------- c:\windows\system32\WdfCoInstaller01001.dll
2009-04-08 08:04 61,984 a------- c:\windows\system32\drivers\xusb21.sys
2009-04-08 08:04 --d----- c:\program files\Microsoft Xbox 360 Accessories
2009-04-08 08:04 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-04-08 08:01 354,560 a------- c:\windows\system32\TuneUpDefragService.exe
2009-04-08 08:01 28,416 a------- c:\windows\system32\uxtuneup.dll
2009-04-08 08:00 --d----- c:\docume~1\fluffy\applic~1\TuneUp Software
2009-04-08 08:00 --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-04-08 08:00 --d----- c:\program files\TuneUp Utilities 2008
2009-04-08 07:13 --d----- c:\program files\Bonjour
2009-04-08 07:08 --d----- c:\program files\common files\Macrovision Shared
2009-04-08 07:05 --d----- c:\docume~1\fluffy\applic~1\DAEMON Tools Pro
2009-04-08 06:45 --d----- c:\program files\Eltima Software
2009-04-08 06:41 -cd----- c:\windows\Tango Patcher 2600
2009-04-08 06:40 -cd----- c:\windows\Tango Patcher (Applications)
2009-04-08 06:27 --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-04-08 06:26 --d----- c:\program files\DAEMON Tools Lite
2009-04-08 06:18 218,624 a------- c:\windows\system32\uxtheme.uxtender
2009-04-08 06:12 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-04-08 06:12 --d----- c:\docume~1\fluffy\applic~1\DAEMON Tools Lite
2009-04-07 22:01 --d----- C:\HammerAutosave
2009-04-07 21:33 --d----- c:\program files\Lame for Audacity
2009-04-07 21:23 --d----- c:\program files\Audacity
2009-04-07 21:06 --d----- c:\windows\pss
2009-04-07 21:06 268 a---h--- C:\sqmdata00.sqm
2009-04-07 21:06 244 a---h--- C:\sqmnoopt00.sqm
2009-04-07 20:53 --d----- c:\program files\Steam
2009-04-07 20:52 --d----- c:\docume~1\fluffy\applic~1\Xfire
2009-04-07 20:52 --d----- c:\program files\Xfire
2009-04-07 20:51 --d----- c:\documents and settings\fluffy\Contacts
2009-04-07 20:50 --d----- c:\program files\MSN Messenger
2009-04-07 20:49 --d----- c:\program files\VideoLAN
2009-04-07 20:48 --d----- c:\program files\NVIDIA Corporation
2009-04-07 20:44 --d----- c:\program files\NVIDIA nTune Performance Application
2009-04-07 20:39 --d----- c:\windows\ServicePackFiles
2009-04-07 20:35 19,569 a------- c:\windows\002869_.tmp
2009-04-07 20:35 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-07 20:34 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-07 20:34 2,317,312 ac------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-07 20:34 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-07 20:34 2,195,968 ac------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-07 20:34 3,104,256 ac------ c:\windows\system32\dllcache\mshtml.dll
2009-04-07 20:33 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-07 20:33 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-07 20:33 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-07 20:33 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-04-07 20:32 666,112 -c------ c:\windows\system32\dllcache\wininet.dll
2009-04-07 20:32 619,520 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-04-07 20:32 1,884,672 ac------ c:\windows\system32\dllcache\shdocvw.dll
2009-04-07 20:31 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-07 20:31 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-04-07 20:30 --d----- c:\windows\system32\PreInstall
2009-04-07 20:30 --d-h--- c:\windows\$hf_mig$
2009-04-07 20:29 --d----- c:\program files\DivX
2009-04-07 20:29 --d----- c:\program files\common files\DivX Shared
2009-04-07 20:28 1,203,922 ac------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-07 20:28 --d----- c:\program files\Windows Media Connect 2
2009-04-07 20:27 --d----- c:\windows\system32\LogFiles
2009-04-07 20:20 --d----- c:\program files\RocketDock
2009-04-07 20:15 --d----- c:\program files\common files\LogiShared
2009-04-07 20:14 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-04-07 20:14 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-07 20:13 1,419,024 a------- c:\windows\system32\WdfCoInstaller01005.dll
2009-04-07 20:13 56,080 a------- c:\windows\KHALMNPR.Exe
2009-04-07 20:13 36,112 a------- c:\windows\system32\drivers\LMouFilt.Sys
2009-04-07 20:13 34,832 a------- c:\windows\system32\drivers\LHidFilt.Sys
2009-04-07 20:13 20,496 a------- c:\windows\system32\drivers\L8042Kbd.sys
2009-04-07 20:13 163,840 a------- c:\windows\system32\kemutb.dll
2009-04-07 20:13 135,168 a------- c:\windows\system32\KemUtil.dll
2009-04-07 20:13 110,592 a------- c:\windows\system32\KemWnd.dll
2009-04-07 20:13 69,632 a------- c:\windows\system32\KemXML.dll
2009-04-07 20:13 --d----- c:\program files\common files\Logitech
2009-04-07 20:13 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-07 20:12 --d----- c:\windows\system32\AGEIA
2009-04-07 20:10 --d----- c:\program files\common files\Wise Installation Wizard
2009-04-07 20:09 453,152 a------- c:\windows\system32\nvudisp.exe
2009-04-07 20:09 215,383 a------- c:\windows\system32\nvapps.xml
2009-04-07 20:09 19,054 a------- c:\windows\system32\nvdisp.nvu
2009-04-07 20:09 --d----- c:\windows\nview
2009-04-07 20:09 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-04-07 20:09 --d----- C:\NVIDIA
2009-04-07 20:03 376 a------- c:\windows\ODBC.INI
2009-04-07 20:03 --d----- c:\program files\Microsoft ActiveSync
2009-04-07 20:01 --d----- c:\windows\ShellNew
2009-04-07 19:58 2,422 a------- c:\windows\system32\wpa.bak
2009-04-07 19:49 --d----- c:\windows\system32\SoftwareDistribution
2009-04-07 19:47 143,360 -----r-- c:\windows\system32\xRaidAPI.dll
2009-04-07 19:47 --d----- C:\RaidTool
2009-04-07 19:47 1,953,792 -----r-- c:\windows\system32\xRaidSetup.exe
2009-04-07 19:47 46,208 a----r-- c:\windows\system32\drivers\jraid.sys
2009-04-07 19:47 6,912 a----r-- c:\windows\system32\drivers\JGOGO.sys
2009-04-07 19:47 --d----- c:\windows\RaidTool
2009-04-07 19:47 38,656 a----r-- c:\windows\system32\drivers\atl01_xp.sys
2009-04-07 19:47 --d----- c:\windows\system32\Attansic
2009-04-07 19:47 --d----- c:\program files\Attansic
2009-04-07 19:46 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-04-07 19:46 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-04-07 19:46 --d----- c:\windows\system32\Lang
2009-04-07 19:45 49,152 -----r-- c:\windows\system32\ChCfg.exe
2009-04-07 19:45 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-04-07 19:45 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-04-07 19:45 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-04-07 19:45 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-04-07 19:45 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-04-07 19:45 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-04-07 19:45 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-04-07 19:45 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-04-07 19:45 --d----- c:\windows\system32\RTCOM
2009-04-07 19:45 60,160 ac------ c:\windows\system32\dllcache\drmk.sys
2009-04-07 19:45 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-04-07 19:44 --d----- c:\program files\Realtek
2009-04-07 19:43 --d----- c:\windows\ASUSInstAll
2009-04-07 19:38 --d----- c:\windows\system32\drivers\system32
2009-04-07 19:38 --d----- c:\windows\system32\drivers\INF
2009-04-07 19:37 --d----- c:\windows\system32\ReinstallBackups
2009-04-07 19:37 --d----- C:\Intel
2009-04-07 19:37 15,446 a------- c:\windows\Ascd_log.ini
2009-04-07 19:36 5,810 a----r-- c:\windows\system32\drivers\ASACPI.sys
2009-04-07 19:36 15,121 a------- c:\windows\Ascd_tmp.ini
2009-04-07 19:36 10,288 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-04-07 19:35 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-04-07 19:35 568 a---h--- c:\windows\nod32fixtemdono.reg
2009-04-07 19:34 --d----- c:\program files\ESET
2009-04-07 19:31 --ds---- c:\windows\system32\Microsoft
2009-04-07 19:30 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-07 19:28 30,208 ac------ c:\windows\system32\dllcache\sm87w.dll
2009-04-07 19:27 --dsh--- c:\documents and settings\all users\DRM
2009-04-07 19:26 --d-h--- c:\program files\WindowsUpdate
2009-04-07 19:26 --d----- c:\program files\common files\MSSoap
2009-04-07 19:25 --d----- c:\program files\Online Services
2009-04-07 19:25 --d----- c:\program files\Messenger
2009-04-07 19:25 --d----- c:\program files\MSN Gaming Zone
2009-04-07 19:24 --d----- c:\program files\Windows NT
2009-04-07 12:16 --d----- c:\program files\common files\ODBC
2009-04-07 12:15 --d----- c:\program files\common files\SpeechEngines
2009-04-07 12:15 --d--r-- c:\documents and settings\all users\Documents

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 25th April 2009, 11:09 pm

==================== Find3M ====================

2009-04-16 03:08 2,195,968 ac------ c:\windows\system32\ntkrnlpa.exe
2009-04-16 03:07 2,317,312 ac------ c:\windows\system32\ntoskrnl.exe
2009-04-08 06:18 218,624 a------- c:\windows\system32\uxtheme.dll
2009-04-07 20:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-07 19:32 155,995 a------- c:\windows\java\packages\O5VXFRF9.ZIP
2009-04-07 19:32 2,232 a------- c:\windows\java\packages\data\VHZH35NP.DAT
2009-04-07 19:32 2,678 a------- c:\windows\java\packages\data\E53FP3VZ.DAT
2009-04-07 19:32 2,678 a------- c:\windows\java\packages\data\MBDJVBF3.DAT
2009-04-07 19:32 2,678 a------- c:\windows\java\packages\data\M40YBHRB.DAT
2009-04-07 19:32 2,678 a------- c:\windows\java\packages\data\R737Z1BD.DAT
2009-04-07 19:32 2,678 a------- c:\windows\java\packages\data\4GZJHVFB.DAT
2009-04-07 19:25 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-30 17:13 5,063,168 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-03-27 11:22 17,567,744 a------- c:\windows\RTHDCPL.EXE
2009-03-17 13:58 540,672 a------- c:\windows\RtlExUpd.dll
2009-03-10 14:32 2,168,320 a------- c:\windows\MicCal.exe
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 11:14 57,344 a------- c:\windows\ALCMTR.EXE
2009-02-24 12:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-24 12:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-02-24 12:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 12:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 12:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 12:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 12:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 12:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-20 01:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 01:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2006-06-23 15:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 16:06:11.51 ===============

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by Belahzur on 25th April 2009, 11:28 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    ALSysIO

    :files
    C:\autorun.inf
    c:\windows\002869_.tmp
    C:\sqmdata*.sqm
    C:\sqmnoopt*.sqm
    E:\autorun.inf


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 25th April 2009, 11:43 pm

========== SERVICES/DRIVERS ==========
Service\Driver ALSysIO stopped successfully.
Service\Driver ALSysIO deleted successfully.
========== FILES ==========
File/Folder C:\autorun.inf not found.
c:\windows\002869_.tmp moved successfully.
C:\sqmdata00.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
File/Folder E:\autorun.inf not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04252009_164312

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by Belahzur on 25th April 2009, 11:58 pm

Hmm, no autorun.inf file.
Still getting that error?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 26th April 2009, 12:16 am

Yeah Im still getting it. Sad tearing

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by Belahzur on 26th April 2009, 12:23 am

I wonder if I got the type of autorun file wrong. 95% of the time, it's an autorun.inf, but if you want to be sneaky, files like autorun.pnf or autorun.ini work to the same effect.

Run this next OTMoveIt script.


  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\autorun.*
    E:\autorun.*


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 26th April 2009, 12:56 am

========== FILES ==========
File/Folder C:\autorun.* not found.
File/Folder E:\autorun.* not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04252009_175626

Sad tearing still none found

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by Belahzur on 26th April 2009, 1:00 am

Okay, lets go deeper.

I notice that you have Spybot's TeaTimer running. Please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise it will interfere with Combofix.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (ESET Nod32)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 26th April 2009, 1:34 am

kk I no more error. Big Grin

ComboFix 09-04-25.A3 - Fluffy 04/25/2009 18:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2439 [GMT -7:00]
Running from: c:\documents and settings\Fluffy\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-25 23:43 . 2009-04-25 23:43 -------- d-----w C:\_OTMoveIt
2009-04-25 20:55 . 2009-04-26 01:13 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-25 20:55 . 2009-04-25 20:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-25 20:26 . 2008-04-27 17:33 765952 ----a-w c:\windows\system32\xvidcore.dll
2009-04-25 20:26 . 2007-06-29 01:55 77824 ----a-w c:\windows\system32\xvid.ax
2009-04-25 20:26 . 2009-04-25 20:26 -------- d-----w c:\program files\Xvid
2009-04-25 20:26 . 2008-04-27 17:35 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-25 04:08 . 2009-04-25 04:08 -------- d-----w c:\program files\Rockstar Games
2009-04-20 01:22 . 2009-04-25 19:18 33 ----a-w c:\windows\GunZLauncher.INI
2009-04-20 01:21 . 2009-04-20 01:21 -------- d-----w c:\program files\GamingSync
2009-04-19 07:20 . 2009-04-19 07:20 -------- d-----w c:\program files\Braid
2009-04-19 00:42 . 2009-04-19 00:43 -------- d-----w c:\documents and settings\Fluffy\Application Data\Braid
2009-04-18 08:06 . 2009-04-18 08:08 1908 ----a-w c:\windows\diagwrn.xml
2009-04-18 08:06 . 2009-04-18 08:08 1908 ----a-w c:\windows\diagerr.xml
2009-04-18 06:32 . 2009-04-18 06:32 -------- d-----w C:\CrashReport
2009-04-18 06:18 . 2009-04-22 23:57 -------- d-----w c:\program files\Runes of Magic
2009-04-17 23:09 . 2009-04-25 20:53 69 ----a-w c:\windows\NeroDigital.ini
2009-04-17 19:50 . 2009-04-17 20:46 -------- d-----w c:\documents and settings\Fluffy\Application Data\FOG Downloader
2009-04-17 18:01 . 2009-04-17 18:06 -------- d-----w c:\program files\Silent Hill Homecoming
2009-04-17 10:00 . 2009-04-17 10:00 -------- d-----w c:\program files\MSXML 4.0
2009-04-17 01:19 . 2009-04-17 01:20 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\Google
2009-04-16 21:43 . 2009-04-16 21:43 -------- d-----w c:\documents and settings\Fluffy\Application Data\Ahead
2009-04-16 21:42 . 2004-07-09 16:43 364544 ----a-w c:\windows\system32\TwnLib4.dll
2009-04-16 21:41 . 2009-04-16 21:42 -------- d-----w c:\program files\Nero
2009-04-16 21:41 . 2009-04-16 21:41 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-04-16 21:41 . 2004-07-27 00:16 476320 ----a-w c:\windows\system32\imagXpr7.dll
2009-04-16 21:41 . 2004-07-27 00:16 471040 ----a-w c:\windows\system32\imagXRA7.dll
2009-04-16 21:41 . 2004-07-27 00:16 262144 ----a-w c:\windows\system32\imagXR7.dll
2009-04-16 21:41 . 2004-07-27 00:16 1568768 ----a-w c:\windows\system32\imagX7.dll
2009-04-16 21:41 . 2009-04-16 21:42 -------- d-----w c:\program files\Common Files\Ahead
2009-04-16 16:05 . 2009-04-16 16:05 1830912 ----a-w c:\documents and settings\Fluffy\EhSvc.dll
2009-04-16 16:04 . 2009-04-16 16:04 95232 ----a-w c:\documents and settings\Fluffy\EGRNAPX2.dll
2009-04-16 16:04 . 2009-04-16 16:05 -------- d-----w c:\documents and settings\Fluffy\HackShield
2009-04-16 16:04 . 2009-04-16 16:04 178273 ----a-w c:\documents and settings\Fluffy\EGRNAP.dll
2009-04-16 16:02 . 2009-04-16 16:02 303104 ----a-w c:\documents and settings\Fluffy\Win98sUpdateUtil.exe
2009-04-16 16:02 . 2009-04-16 16:02 -------- d-----w c:\documents and settings\Fluffy\Resource
2009-04-16 16:01 . 2009-04-16 16:01 1019904 ----a-w c:\documents and settings\Fluffy\Launcher.exe
2009-04-16 11:17 . 2005-01-04 00:43 4682 ----a-w c:\windows\system32\npptNT2.sys
2009-04-16 11:17 . 2003-07-20 09:17 5174 ----a-w c:\windows\system32\nppt9x.vxd
2009-04-16 11:17 . 2009-04-16 11:17 -------- d-----w c:\program files\Common Files\INCA Shared
2009-04-16 11:09 . 2009-04-16 11:09 -------- d-----w c:\program files\GALA-NET
2009-04-16 04:28 . 2009-04-16 04:29 -------- d-----w c:\documents and settings\Fluffy\Application Data\Spore
2009-04-16 03:58 . 2009-04-16 22:36 -------- d-----w c:\documents and settings\Fluffy\Application Data\U3
2009-04-16 01:14 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 01:14 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 01:14 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 01:14 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 01:14 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 01:14 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 01:14 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 01:14 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 01:14 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 01:13 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 01:13 . 2008-04-21 12:08 289280 -c--a-w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 19:37 . 2009-04-15 19:37 -------- dc-h--w c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-04-15 00:58 . 2009-04-15 00:58 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\Ubisoft
2009-04-14 18:29 . 2009-04-14 22:15 -------- d-----w c:\program files\Ubisoft
2009-04-14 18:17 . 2009-04-14 18:17 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-14 05:26 . 2005-10-18 02:50 245376 ----a-w c:\windows\system32\drivers\rt2500usb.sys
2009-04-14 05:26 . 2003-10-13 22:30 94208 ----a-w c:\windows\system32\GTW32N50.dll
2009-04-14 05:26 . 2003-09-26 06:28 31930 ----a-w c:\windows\system32\GTNDIS3.VXD
2009-04-14 05:26 . 2003-09-26 05:15 15872 ----a-w c:\windows\system32\GTNDIS5.sys
2009-04-14 05:26 . 2005-02-02 01:18 17992 ----a-w c:\windows\system32\drivers\bcm42rly.sys
2009-04-14 05:26 . 2005-02-02 01:18 17992 ----a-w c:\windows\system32\bcm42rly.sys
2009-04-12 23:49 . 2009-04-12 23:49 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\ApplicationHistory
2009-04-11 23:37 . 2009-04-11 23:37 -------- d-----w c:\program files\Natural Mod
2009-04-11 22:38 . 2009-04-11 22:38 -------- d-----w c:\windows\system32\URTTEMP
2009-04-11 19:15 . 2009-04-11 23:28 669184 ----a-w c:\windows\system32\pbsvc.exe
2009-04-11 17:32 . 2009-04-11 17:35 -------- d-----w c:\documents and settings\Fluffy\Application Data\Winamp
2009-04-11 17:32 . 2009-04-11 17:33 -------- d-----w c:\program files\Winamp
2009-04-11 02:52 . 2009-04-11 02:52 -------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2009-04-10 05:31 . 2009-04-10 05:31 -------- d-----w c:\windows\system32\NtmsData
2009-04-10 05:26 . 2009-04-10 05:26 -------- d-s---w c:\documents and settings\Fluffy\UserData
2009-04-10 05:08 . 2009-04-10 05:08 -------- d-----w c:\documents and settings\Fluffy\Application Data\vlc
2009-04-10 01:08 . 2009-04-10 01:14 -------- d-----w c:\documents and settings\Fluffy\Application Data\Bioshock
2009-04-10 00:20 . 2009-04-10 00:22 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\Rockstar Games
2009-04-09 23:19 . 2009-04-11 23:28 22328 ----a-w c:\documents and settings\Fluffy\Application Data\PnkBstrK.sys
2009-04-09 23:18 . 2009-04-09 23:18 319 ----a-w c:\windows\game.ini
2009-04-09 23:09 . 2009-04-09 23:09 -------- d-----w c:\program files\Activision
2009-04-09 22:41 . 2009-04-09 22:41 -------- d-sh--w c:\windows\ftpcache
2009-04-09 08:20 . 2008-10-24 00:42 290816 ----a-w c:\windows\vncutil.exe
2009-04-09 08:20 . 2009-03-17 21:07 122880 ----a-w c:\windows\RtkAudioService.exe
2009-04-09 08:20 . 2009-03-17 19:44 36352 ----a-w c:\windows\system32\RtkCoInstXP.dll
2009-04-09 08:20 . 2006-01-04 22:41 1389056 ----a-w c:\windows\system32\drivers\Monfilt.sys
2009-04-09 08:20 . 2008-08-06 03:10 1684736 ----a-w c:\windows\system32\drivers\Ambfilt.sys
2009-04-09 08:12 . 2009-03-09 22:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-09 08:12 . 2009-03-09 22:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-09 08:12 . 2009-03-09 22:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-09 08:12 . 2009-03-16 21:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-09 08:12 . 2009-03-16 21:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-09 08:12 . 2009-03-16 21:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-09 08:12 . 2009-03-16 21:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-09 08:12 . 2009-04-15 11:12 -------- d--h--w c:\windows\msdownld.tmp
2009-04-09 07:35 . 2009-04-14 19:58 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 07:35 . 2009-04-14 19:58 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-09 07:35 . 2009-04-14 19:59 189072 ----a-w c:\windows\system32\PnkBstrB.xtr
2009-04-09 07:35 . 2009-04-14 19:58 75064 ----a-w c:\windows\system32\PnkBstrA.exe

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 26th April 2009, 1:35 am

2009-04-09 07:35 . 2009-04-09 07:35 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\PunkBuster
2009-04-09 07:32 . 2009-04-09 08:13 -------- d-----w C:\Game
2009-04-09 07:31 . 2009-04-09 07:31 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\CAPCOM
2009-04-09 07:26 . 2009-04-09 07:26 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\BCR
2009-04-09 07:26 . 2009-04-09 07:26 -------- d-----w c:\documents and settings\All Users\Application Data\BCR
2009-04-09 07:25 . 2009-04-11 05:31 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-09 07:25 . 2009-04-11 05:31 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-09 07:25 . 2009-04-09 07:25 -------- d-----w c:\program files\OpenAL
2009-04-09 07:25 . 2004-12-06 02:38 102400 ----a-w c:\windows\system\OpenAL32.dll
2009-04-09 07:23 . 2009-04-09 07:23 -------- d-----w c:\documents and settings\Fluffy\Application Data\Microsoft Games
2009-04-09 06:22 . 2009-04-15 00:48 -------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-04-09 06:22 . 2009-04-09 06:22 -------- d-----w c:\documents and settings\Fluffy\Application Data\Ubisoft
2009-04-09 05:50 . 2009-04-09 05:50 -------- d-----w C:\ProgramData
2009-04-09 05:50 . 2009-04-09 05:50 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-09 05:49 . 2009-04-11 19:08 -------- d-----w c:\program files\Electronic Arts
2009-04-09 05:42 . 2009-04-09 05:42 -------- d-----w c:\program files\EA Games
2009-04-09 05:41 . 2009-04-09 05:41 -------- d-----w c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-04-09 05:18 . 2009-04-09 05:19 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\Fallout3
2009-04-09 05:17 . 2009-04-09 05:17 -------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2009-04-09 03:19 . 2009-04-09 03:19 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\Electronic Arts
2009-04-09 03:19 . 2009-04-09 03:19 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-09 02:52 . 2009-04-09 02:52 -------- d--h--r c:\documents and settings\Fluffy\Application Data\SecuROM
2009-04-09 02:50 . 2009-04-09 02:51 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-04-09 02:50 . 2009-04-09 02:50 -------- d-----w c:\windows\system32\xlive
2009-04-09 02:49 . 2009-04-16 21:23 23 ----a-w c:\windows\BlendSettings.ini
2009-04-09 02:48 . 2009-04-09 02:48 -------- d-----w c:\documents and settings\Fluffy\Local Settings\Application Data\Oblivion
2009-04-09 01:44 . 2009-04-09 01:44 -------- d-----w c:\windows\Logs
2009-04-09 01:36 . 2009-04-09 01:36 -------- d-----w c:\program files\505games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 00:33 . 2009-04-08 02:44 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 10:08 . 2004-08-03 22:59 2195968 -c--a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 10:07 . 2004-10-08 12:01 2317312 -c--a-w c:\windows\system32\ntoskrnl.exe
2009-04-14 05:39 . 2009-04-08 02:44 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 08:20 . 2009-04-08 02:44 -------- d-----w c:\program files\Realtek
2009-04-08 13:18 . 2004-10-08 12:01 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-08 03:43 . 2009-04-08 02:27 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-08 03:36 . 2004-10-08 12:01 250048 --sha-r C:\ntldr
2009-04-08 03:30 . 2009-04-08 03:29 -------- d-----w c:\program files\DivX
2009-04-08 03:29 . 2009-04-08 03:29 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-08 03:13 . 2009-04-08 03:13 -------- d-----w c:\program files\Common Files\Logitech
2009-04-08 03:13 . 2009-04-08 03:13 -------- d-----w c:\documents and settings\Fluffy\Application Data\InstallShield
2009-04-08 03:13 . 2009-04-08 03:13 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-08 02:47 . 2009-04-08 02:47 -------- d-----w c:\program files\Attansic
2009-04-08 02:45 . 2009-04-08 02:44 575 ----a-w C:\RHDSetup.log
2009-04-08 02:37 . 2009-04-08 02:37 -------- d-----w c:\program files\Intel
2009-04-08 02:34 . 2009-04-08 02:34 -------- d-----w c:\program files\ESET
2009-04-08 02:34 . 2009-04-08 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-08 02:32 . 2009-04-08 02:32 2232 ----a-w c:\windows\java\Packages\Data\VHZH35NP.DAT
2009-04-08 02:32 . 2009-04-08 02:32 155995 ----a-w c:\windows\java\Packages\O5VXFRF9.ZIP
2009-04-08 02:32 . 2009-04-08 02:32 2678 ----a-w c:\windows\java\Packages\Data\E53FP3VZ.DAT
2009-04-08 02:32 . 2009-04-08 02:32 2678 ----a-w c:\windows\java\Packages\Data\MBDJVBF3.DAT
2009-04-08 02:32 . 2009-04-08 02:32 2678 ----a-w c:\windows\java\Packages\Data\M40YBHRB.DAT
2009-04-08 02:32 . 2009-04-08 02:32 2678 ----a-w c:\windows\java\Packages\Data\R737Z1BD.DAT
2009-04-08 02:32 . 2009-04-08 02:32 2678 ----a-w c:\windows\java\Packages\Data\4GZJHVFB.DAT
2009-04-08 02:28 . 2009-04-08 02:28 -------- d-----w c:\program files\microsoft frontpage
2009-04-08 02:25 . 2009-04-08 02:25 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-31 00:13 . 2009-04-08 02:44 5063168 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-27 18:22 . 2009-04-08 02:44 17567744 ----a-w c:\windows\RTHDCPL.EXE
2009-03-17 20:58 . 2009-04-08 02:44 540672 ----a-w c:\windows\RtlExUpd.dll
2009-03-10 21:32 . 2009-04-08 02:44 2168320 ----a-w c:\windows\MicCal.exe
2009-03-06 14:22 . 2004-10-08 12:01 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-02 18:14 . 2009-04-08 02:44 57344 ----a-w c:\windows\ALCMTR.EXE
2009-02-24 19:35 . 2009-04-08 03:29 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2009-04-08 03:29 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-20 08:10 . 2004-10-08 12:01 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-10-08 12:01 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-10-08 12:01 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-10-08 12:01 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-10-08 12:01 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-10-08 12:01 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-10-08 12:01 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-10-08 12:01 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 10:39 . 2004-10-08 12:01 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-10-08 12:01 56832 ----a-w c:\windows\system32\secur32.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\ssldivx.dll
.

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 26th April 2009, 1:35 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"Core Temp"="c:\documents and settings\Fluffy\Desktop\Desktop icons\CoreTemp\Core Temp.exe" [2008-08-22 277008]
"Google Update"="c:\documents and settings\Fluffy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-17 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-7 692224]
Tango Patcher (Applications) Reloader.lnk - c:\windows\Tango Patcher (Applications)\Reloader.exe [2008-6-15 91901]
Tango Patcher 2600 Reloader.lnk - c:\windows\Tango Patcher 2600\Reloader.exe [2008-7-3 104519]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\steam\steam.exe" -silent
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
"G15Task"=c:\program files\Logitech\GamePanel Software\Applets\G15Task.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\sa8ter21\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\forception\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"e:\\Program Files\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\farcry2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Nurien\\Alpha v0.7\\Binaries\\Nurien.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\StepMania CVS\\Program\\StepMania.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"e:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\GamingSync\\LegacyGamers GunZ\\LG.exe"=
"c:\\Program Files\\Steam\\steamapps\\sa8ter21\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX9.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX10.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-10-08 3584]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S3 ALSysIO;ALSysIO; [x]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 26th April 2009, 1:35 am

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ALSYSIO

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccb92f3a-2953-11de-a8d7-001bfce477b8}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 16:59]

2009-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-220523388-839522115-1003.job
- c:\documents and settings\Fluffy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Fluffy\Application Data\Mozilla\Firefox\Profiles\833iny4z.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Fluffy\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-25 18:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-220523388-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,de,a9,a2,2e,dc,0b,25,99,64,9d,be,1a,2a,a8,6c,48,cb,6f,73,e7,43,2a,
c1,77,06,12,b7,4d,db,52,cd,01,4f,51,59,c7,0c,ab,30,88,08,39,db,c2,94,7a,6a,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1417001333-220523388-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:84,c2,84,8a,23,65,a2,28,10,4f,e6,e7,c2,43,fc,da,83,c0,88,a5,57,
8d,8f,cf,cf,59,8c,ac,91,a9,9e,56,c8,37,0f,d9,b3,c5,a6,29,93,10,20,16,cc,a0,\
"rkeysecu"=hex:37,56,83,d6,ff,0d,77,ec,21,b3,9b,7d,bb,45,09,08
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\SHDOCVW.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\RocketDock\PSAPI.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office10\msohev.dll
.
Completion time: 2009-04-26 18:31
ComboFix-quarantined-files.txt 2009-04-26 01:31

Pre-Run: 434,471,477,248 bytes free
Post-Run: 438,690,607,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

336 --- E O F --- 2009-04-22 07:50

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by Belahzur on 26th April 2009, 7:06 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 26th April 2009, 8:33 pm

Ok so thats done. Ummm how do I get rid of windows recovery console?

I really dont like it showing up on start up to choose what I want to boot into. I plan on dual booting with win 7 and really dont want to have to see it there. And what does it really do?

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 26th April 2009, 8:34 pm

Is it really nessisary to have Windows Recovery console?

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Some type of virus

Post by Belahzur on 26th April 2009, 8:36 pm

I would advice you to keep it, should anything go wrong in the future, the recovery console allows you to enter a special recovery mode which uses the command line, so we are able to replace missing/damaged files.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Some type of virus

Post by SA8TER21 on 26th April 2009, 9:09 pm

Ok I guess I will keep it then. Thank you for all the help. Big Grin

You are one awesome person. Smile

SA8TER21
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Windows 7 Ultimate 64bit
Points Points : 28977
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum