Jump to content

inferno

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Reputation

0 Neutral
  1. my computer has seemed to pick-up alot of issues from the software u have told me to download and scan. esp - combofix. im writing this from a different computer because the other one has network issues now. and also start-up issues of certain programs.
  2. No i have not upgraded. ive had windows 7 for a long time.. but after i used Combofix this happend. And why is there no lock on users folder?
  3. Theres a lock symbol on "Users" ->> "NAME" and comes on and off. Is this something to be aware of, as on other computers ive used it doesnt come on and off. I know its related to sharing. but someone may be accessing my computer from another network? or can you explain why it comes on and off. picture: http://www.ghacks.net/wp-content/uploads/2...n_windows_7.png <==== "Example of the lock" Also there are now many new folders that have appeared in the C: Drive. $INPLACE._~TR [Lock] $WINDOWS.~Q [Lock] 372888fjwjfj Config.msi [Lock] MSOCache[lock] (can someone explain these folders and why they have just appeared now?}
  4. dont worry.. i fixed it. would you like a log of MBAM?
  5. computer does not start anymore... boots up then nothing happens.
  6. after the "combofix" scan ... many files were created in C:.. Also now "user"->"ryan" folder has lost its "lock" symbol.
  7. yeah its fine. combo fix must have destroyed the malware.
  8. ComboFix 10-10-19.04 - Ryan 20/10/2010 22:28:33.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2046.1239 [GMT 1:00] Running from: c:\users\Ryan\Documents\Downloads\ComboFix.exe Command switches used :: c:\users\Ryan\Documents\Downloads\CFScript.txt.txt .
  9. 2010-10-20 21:26 . 2010-10-20 21:27 -------- d-----w- C:\32788R22FWJFW 2010-10-20 16:45 . 2010-10-20 16:45 -------- d-----w- c:\programdata\InstallShield 2010-10-19 20:02 . 2010-10-20 22:57 -------- d-----w- c:\users\Ryan\AppData\Local\temp 2010-10-19 13:08 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3460F4D-EC3F-4233-9C8C-ACC3A821F503}\mpengine.dll 2010-10-18 11:35 . 2010-10-20 04:17 -------- d-----w- c:\program files\IObit 2010-10-17 12:06 . 2010-10-18 01:13 -------- d-----w- c:\program files\Microsoft Silverlight 2010-10-16 18:13 . 2010-10-16 18:13 -------- d-----w- c:\program files\Common Files\Java 2010-10-16 18:13 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-16 17:15 . 2010-10-16 17:18 -------- d-----w- c:\program files\Trend Micro 2010-10-16 16:57 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-16 16:57 . 2010-10-16 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-16 16:57 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-15 17:32 . 2010-10-15 17:32 -------- d-----w- c:\users\Ryan\AppData\Roaming\InstallShield 2010-10-15 17:28 . 2010-10-15 17:28 -------- d-----w- c:\program files\VS Revo Group 2010-10-14 22:01 . 2010-10-20 21:15 -------- d-----w- c:\users\Ryan\Tracing 2010-10-13 20:16 . 2010-10-13 20:19 -------- d-----w- c:\programdata\Microsoft Help 2010-10-12 20:33 . 2010-10-12 20:33 -------- d-----w- c:\users\Ryan\AppData\Roaming\Registry Mechanic 2010-10-04 15:34 . 2010-10-04 15:34 -------- d-----w- c:\users\Ryan\AppData\Roaming\ComodoGroup 2010-09-30 18:13 . 2010-09-30 18:13 -------- d-----w- c:\users\Ryan\AppData\Roaming\GlarySoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-25 328056] "Google Update"="c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-06 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-20 352976] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-03-12 30576] R3 Normandy;Normandy SR2; [x] R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys [x] R3 utm2njmw;AVZ Kernel Driver;c:\windows\system32\Drivers\utm2njmw.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400] S0 32399332;32399332 Boot Guard Driver;c:\windows\system32\DRIVERS\32399332.sys [2009-10-22 37392] S1 32399331;32399331;c:\windows\system32\DRIVERS\32399331.sys [2009-09-25 128016] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104] S1 setup_9.0.0.722_20.09.2010_20-24drv;setup_9.0.0.722_20.09.2010_20-24drv;c:\windows\system32\DRIVERS\3239933.sys [2009-10-09 311312] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952] S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-08-07 464384] S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-04-24 13225] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] --- Other Services/Drivers In Memory --- *Deregistered* - AvgTdiX [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-10-20 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-10-18 20:33] 2010-10-18 c:\windows\Tasks\AWC Update.job - c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-10-18 14:24] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784122892-2047263423-100900271-1000Core.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 00:54] 2010-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784122892-2047263423-100900271-1000UA.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 00:54] . . ------- Supplementary Scan ------- . IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll TCP: {3BBB0094-4A8F-4180-8A65-BC04BC292F8C} = 156.154.70.22,156.154.71.22 TCP: {83998E10-144D-4798-82C4-65EB48F28477} = 156.154.70.22,156.154.71.22 . - - - - ORPHANS REMOVED - - - - SafeBoot-MCODS AddRemove-{50897E53-4A8B-4C0C-81C0-DCFA6893C753} - c:\users\Ryan\AppData\Local\{9EED6215-0EA2-4F03-9B52-E6A11207F1F0}\Hide The IP 2009.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe . ************************************************************************** . Completion time: 2010-10-21 00:01:02 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-20 23:01 Pre-Run: 929,242,681,344 bytes free Post-Run: 928,385,802,240 bytes free - - End Of File - - 298B9F951F370B788B6E909F06D6E467
  10. Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report >
  11. Yeah.. was just gonna try that.
  12. Thanks For The Replies. Advanced the logs are attached: AutoRuns.rar Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.