Syco C
join:2009-05-19
Nicholasville, KY
1 edit | Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES, etc.
Okay first off we noticed there was no sound, we went to check on our soundcard and it acted like it didnt exist
I went to device manager to see if there was a conflict and it says MMC.EXE is not a valid win32 application |
|
lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
clubs:  | ref: »Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES |
|
Syco C
join:2009-05-19
Nicholasville, KY | reply to Syco C
can u sons of bitches give me some help? days now my pc has been trashed, I was told this was a good site to get help and this is garbage.. I had more replies when this was posted in the WRONG place.. come on man.. help me the F out |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| said by Syco C  :can u sons of bitches give me some help? days now my pc has been trashed, I was told this was a good site to get help and this is garbage.. I had more replies when this was posted in the WRONG place.. come on man.. help me the F out Just waiting to see if you ran through these steps first?
»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance
we sons of bitches are sometimes female and sometimes take offense to insults.
Your symptoms are not the usual for infection, but we'll be happy to review your logs after you run through the requested steps, please? Let us know if any infections found (and what) from the pre-clean steps?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2009
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
Syco C
join:2009-05-19
Nicholasville, KY
| LOL will do :P thank u for the reply.. I will report back after following all the steps.. right now im running through another list which suggested superantispyware, malwarebytes, and then combofix
but, I can tell you this.. I just loaded in safe mode under administrator and it let me go to users, and device manager.. I made a new admin account and it still didnt work.. if one of the steps im doing now works, I will let ya know and report back |
|
Syco C
join:2009-05-19
Nicholasville, KY
| reply to CalamityJane
omg im about to shoot myself.. LOL I ran the combofix in safemode and it acted like it went through, I have the log Ill post at the end to be looked at.
well I restarted.. ISH is still not working.. I go to run it again.. and it started scanning and then pops up saying blah blah is not a valid win32 application..
I mean.. are u serious.. the malwarebytes removed one file.. the supertrashware deleted 39 cookies
I have used hostxpert and put the host file back to ms host file.. here is the log from trash combo fix in safe mode
ComboFix 09-05-21.01 - Owner 05/21/2009 23:51.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.805 [GMT -4:00]
Running from: C:\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
D:\Desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-22 03:42 . 2009-05-22 03:44 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-05-22 01:35 . 2009-05-22 01:36 2969300 ----a-r C:\ComboFix.exe
2009-05-22 01:26 . 2009-05-22 01:26 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-22 01:26 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-22 01:25 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 01:25 . 2009-05-22 01:25 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 01:25 . 2009-05-22 01:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-22 01:21 . 2009-05-22 01:23 117760 ----a-w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 01:19 . 2009-05-22 01:19 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-22 01:18 . 2009-05-22 01:18 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-22 01:18 . 2009-05-22 01:18 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-05-22 01:07 . 2009-05-22 01:07 57344 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-4998b368-n\Decora-SSE.dll
2009-05-22 01:07 . 2009-05-22 01:07 24064 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3405c4c5-n\Decora-D3D.dll
2009-05-22 00:56 . 2009-05-22 01:05 -------- d-----w c:\documents and settings\SYCO C\Local Settings\Application Data\Microsoft
2009-05-22 00:17 . 2004-05-13 05:29 128 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-05-20 22:59 . 2009-05-20 22:59 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\ESET
2009-05-20 22:26 . 2009-05-20 22:26 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-05 23:03 . 2009-05-05 23:03 57344 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-26558d44-n\Decora-SSE.dll
2009-05-05 23:03 . 2009-05-05 23:03 24064 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-6a3dd334-n\Decora-D3D.dll
2009-05-05 23:02 . 2009-05-05 23:02 315392 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2f5ca279-n\jogl.dll
2009-05-05 23:02 . 2009-05-05 23:02 20480 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2f5ca279-n\jogl_awt.dll
2009-05-05 23:02 . 2009-05-05 23:02 114688 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2f5ca279-n\jogl_cg.dll
2009-05-05 23:02 . 2009-05-05 23:02 20480 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-67bb9bf9-n\gluegen-rt.dll
2009-05-05 23:02 . 2009-05-05 23:02 348160 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-607cef66-n\msvcr71.dll
2009-05-05 23:02 . 2009-05-05 23:02 499712 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-607cef66-n\msvcp71.dll
2009-05-05 23:02 . 2009-05-05 23:02 499712 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-607cef66-n\jmc.dll
2009-05-05 23:02 . 2009-05-05 22:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-05 22:56 . 2009-05-05 22:56 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 03:38 . 2008-06-25 03:11 -------- d-----w c:\documents and settings\Owner\Application Data\SlimBrowser
2009-05-22 02:24 . 2008-12-10 08:00 148 ---ha-w c:\windows\winshell.dat
2009-05-22 02:24 . 2001-10-17 22:09 66 ----a-w c:\windows\anticrash.dat
2009-05-22 01:17 . 2008-12-02 17:40 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 01:09 . 2001-10-17 22:09 61 ----a-w c:\windows\hare.dat
2009-05-22 01:07 . 2009-05-22 01:07 315392 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7839e53a-n\jogl.dll
2009-05-22 01:07 . 2009-05-22 01:07 20480 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7839e53a-n\jogl_awt.dll
2009-05-22 01:07 . 2009-05-22 01:07 114688 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7839e53a-n\jogl_cg.dll
2009-05-22 01:07 . 2009-05-22 01:07 20480 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-4c1889e7-n\gluegen-rt.dll
2009-05-22 01:07 . 2009-05-22 01:07 499712 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-45a2be4b-n\msvcp71.dll
2009-05-22 01:07 . 2009-05-22 01:07 348160 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-45a2be4b-n\msvcr71.dll
2009-05-22 01:07 . 2009-05-22 01:07 499712 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-45a2be4b-n\jmc.dll
2009-05-22 01:02 . 2008-02-19 16:52 -------- d-----w c:\program files\Microsoft LifeCam
2009-05-22 01:02 . 2009-05-22 01:02 -------- d-----w c:\documents and settings\SYCO C\Application Data\Comodo
2009-05-22 01:00 . 2009-05-22 01:00 38736 ----a-w c:\documents and settings\SYCO C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 22:37 . 2008-10-18 05:44 -------- d-----w c:\program files\ESET
2009-05-20 22:27 . 2008-06-30 02:39 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-05-19 05:14 . 2008-07-20 16:24 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-19 05:14 . 2007-03-18 21:19 -------- d-----w c:\program files\SpywareBlaster
2009-05-19 03:52 . 2007-08-28 19:49 -------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-05-05 22:57 . 2004-05-13 03:14 -------- d-----w c:\program files\Java
2009-04-29 14:01 . 2009-04-15 15:34 -------- d-----w c:\program files\AskBarDis
2009-04-18 03:26 . 2009-01-08 03:47 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-04-18 03:24 . 2009-02-07 02:01 -------- d-----w c:\program files\TechSmith
2009-04-17 22:15 . 2009-04-17 22:15 156672 ----a-w c:\windows\system32\rmc_fixasf.exe
2009-04-17 22:15 . 2009-04-17 22:15 237568 ----a-w c:\windows\system32\rmc_rtspdl.dll
2009-04-17 22:14 . 2009-04-17 22:14 323584 ----a-w c:\windows\system32\AUDIOGENIE2.DLL
2009-04-15 15:34 . 2009-04-15 15:34 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-15 15:34 . 2009-04-15 15:34 -------- d-----w c:\program files\DVDVideoSoft
2009-04-07 18:56 . 2007-03-19 07:15 38736 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 18:47 . 2009-04-07 18:47 -------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-04-07 18:47 . 2008-03-09 00:55 -------- d-----w c:\program files\Common Files\Adobe
2009-04-02 04:27 . 2009-02-24 23:42 -------- d-----w c:\documents and settings\Owner\Application Data\Ahead
2009-03-26 21:04 . 2009-03-31 03:57 110592 ----a-w c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsr6ao7t.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-03-19 15:45 . 2009-03-19 15:45 93848 ----a-w c:\windows\system32\drivers\epfwtdir.sys
2009-03-19 15:44 . 2009-03-19 15:44 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-03-19 15:41 . 2009-03-19 15:41 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-06 14:22 . 2004-08-11 23:28 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-06-23 16:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 00:58 . 2001-10-13 18:11 78 ----a-w c:\windows\battery.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-05 148888]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-11-02 126976]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-05-13 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-11-02 155648]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-11 1481984]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-05-24 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-05-24 18944]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Battery Doubler.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Battery Doubler.lnk
backup=c:\windows\pss\Battery Doubler.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Dream\\Yahaven!\\Yahaven!.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/19/2009 11:45 AM 93848]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [12/11/2008 11:09 AM 79096]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/11/2008 11:09 AM 23672]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 11:44 AM 107256]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/19/2009 11:44 AM 731840]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-VTTimer - VTTimer.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Windows &Live Favorites - »favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: adobe.com\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsr6ao7t.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.letsbeef.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsr6ao7t.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2009-05-21 23:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~�*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-05-22 0:01
ComboFix-quarantined-files.txt 2009-05-22 04:00
Pre-Run: 5,356,564,480 bytes free
Post-Run: 6,306,299,904 bytes free
214 --- E O F --- 2009-05-22 00:06 |
|
Syco C
join:2009-05-19
Nicholasville, KY
| here is the log from normal startup.. that I thought crashed cause when I came in 3 boxes were up saying that "is not a valid win32 application" but here it is if it helps.. im going to bed.. tomorrow im goign to follow the guide u posted and post back with all the details of how that went.. this other process took all night, and I didnt get anything fixed.
appreciate the help |
|
Syco C
join:2009-05-19
Nicholasville, KY
| LOL my bad.. here it is
Start Time= Fri 05/22/2009 0:24:59.35
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-05-22 00:20:06 389120 ( A.... ) "C:\WINDOWS\system32\cmd.execf"
2009-05-22 00:06:36 64512 ( A..H. ) "C:\Documents and Settings\Owner\Application Data\dach100.dll"
2009-05-21 21:37:00 2969300 ( A...R ) "C:\ComboFix.exe"
2009-05-21 21:26:42 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Malwarebytes"
2009-05-21 21:25:22 ( .D... ) "C:\Program Files\Malwarebytes' Anti-Malware"
2009-05-21 21:18:20 ( .D... ) "C:\Program Files\SUPERAntiSpyware"
2009-05-21 21:18:20 ( .D... ) "C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com"
2009-05-20 20:37:04 130048 ( A.... ) "C:\WINDOWS\PEV.exe"
2009-05-05 18:57:52 148888 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2009-05-05 18:57:52 144792 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2009-05-05 18:57:52 144792 ( A.... ) "C:\WINDOWS\system32\java.exe"
2009-05-05 18:57:50 410984 ( A.... ) "C:\WINDOWS\system32\deploytk.dll"
2009-04-20 12:56:28 31232 ( A.... ) "C:\WINDOWS\NIRCMD.exe"
2009-04-17 18:15:12 156672 ( A.... ) "C:\WINDOWS\system32\rmc_fixasf.exe"
2009-04-17 18:15:10 237568 ( A.... ) "C:\WINDOWS\system32\rmc_rtspdl.dll"
2009-04-17 18:14:06 323584 ( A.... ) "C:\WINDOWS\system32\AUDIOGENIE2.DLL"
2009-04-15 11:34:56 ( .D... ) "C:\Program Files\AskBarDis"
2009-04-15 11:34:10 ( .D... ) "C:\Program Files\DVDVideoSoft"
2009-04-15 11:34:10 ( .D... ) "C:\Program Files\Common Files\DVDVideoSoft"
2009-04-07 14:47:54 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"
2009-04-06 10:57:24 24921544 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2009-03-21 10:06:58 989696 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2009-03-16 15:38:20 2528 ( A.... ) "C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc"
2009-03-06 10:22:18 284160 ( A.... ) "C:\WINDOWS\system32\pdh.dll"
2009-03-02 20:18:26 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"LTMSG"="LTMSG.exe 7"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe\" /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\COMODO\\Firewall\\cfp.exe\" -s"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"egui"="\"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows\CurrentVersion]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"LightScribe Control Panel"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Battery Doubler.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Battery Doubler.lnk"
"backup"="C:\\WINDOWS\\pss\\Battery Doubler.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\DACHSH~1\\BATTER~1\\BATTER~1.EXE "
"item"="Battery Doubler"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Completion time: Fri 05/22/2009 0:29:03.25
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | reply to Syco C
Since you are getting help elsewhere, we might as well lock this topic for now. No need for duplicate efforts and you should follow up with that board. This doesn't appear to be the result of an infection. |
|
