marcintes

Members
  • Content count

    30
  • Joined

  • Last visited

About marcintes

  • Rank
    New Member
  • Birthday 05/10/1991

Contact Methods

  • Website URL
    http://
  • ICQ
    0
  • Yahoo
    marcintes@yahoo.com

Profile Information

  • Location
    Philippines
  • Interests
    Everything related to computers.<br />Online Gaming.
  1. dllhost.exe keeps coming back on my taskmanager. i keep on ending its process. and after a few seconds its back again. is this a virus? im just curious. i need help
  2. thanks for the reply.. so its safe for me to delete it right? it really annoys me.
  3. anybody who knows something about this ClientRegistry.blob file?
  4. malwarebytes reports no detection of malware with this file. but it seems to be suspicious. is this a malware? i tried scanning my system but i reports nothing infected Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4322 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 7/18/2010 12:56:23 PM mbam-log-2010-07-18 (12-56-23).txt Scan type: Quick scan Objects scanned: 116027 Time elapsed: 2 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. heres also my Hijackthis log.. Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 9:15:26 AM, on 12/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://12sky2.gameclub.com/news/news_view.asp?idx=150 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 6738 bytes
  6. here's my combofix log... ComboFix 09-12-20.04 - marc 12/21/2009 15:31:43.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.63.1033.18.1022.598 [GMT 8:00] Running from: d:\downloads\KittyFix.exe AV: avast! antivirus 4.8.1368 [VPS 091220-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\TuneUp Utilities 2009\OneClick.exe c:\recycler\S-1-5-21-5448149015-7419105520-226563354-4790 ----- BITS: Possible infected sites ----- hxxp://download.yimg.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Service_RDPWD -------\Service_TDTCP ((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 ))))))))))))))))))))))))))))))) . 2009-12-21 04:37 . 2009-12-21 04:37 388096 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2009-12-21 04:37 . 2009-12-21 04:37 -------- d-----w- c:\program files\TrendMicro 2009-12-21 04:31 . 2009-12-21 06:58 -------- d-----w- c:\documents and settings\marc\Application Data\QuickScan 2009-12-21 01:51 . 2009-12-21 01:51 49152 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\NewShortcut1.exe 2009-12-21 01:51 . 2009-12-21 01:51 49152 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\ARPPRODUCTICON.exe 2009-12-19 09:03 . 2009-12-19 09:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire 2009-12-19 06:37 . 2009-12-19 06:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire 2009-12-19 06:33 . 2009-12-20 22:09 -------- d-----w- c:\documents and settings\marc\Application Data\Xfire 2009-12-19 06:33 . 2009-12-19 09:02 -------- d-s---w- c:\program files\Xfire 2009-12-18 09:42 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-12-18 09:42 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-12-18 09:42 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-12-18 09:42 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-12-18 09:42 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-12-18 09:42 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-12-18 09:42 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-12-18 09:42 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-12-18 09:42 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-12-18 09:42 . 2009-12-18 09:42 -------- d-----w- c:\program files\Alwil Software 2009-12-15 06:18 . 2009-12-15 06:18 -------- d-----w- c:\documents and settings\marc\Application Data\Malwarebytes 2009-12-15 06:18 . 2009-12-03 08:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-15 06:18 . 2009-12-15 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-15 06:18 . 2009-12-15 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-15 06:18 . 2009-12-03 08:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-14 10:03 . 2009-12-14 10:03 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-12-14 10:03 . 2009-11-16 11:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2009-12-14 10:03 . 2009-12-14 10:03 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-12-11 11:26 . 2009-08-04 13:57 425984 ----a-w- c:\documents and settings\marc\Application Data\Mozilla\Firefox\Profiles\qpd7yrpo.default\extensions\{d2d536a0-b6fc-11d5-9d10-0060b0fbd8ac}\platform\WINNT_x86-msvc\plugins\NPseallaunch.dll 2009-12-11 07:22 . 2009-12-11 07:22 65536 ----a-w- c:\windows\IFinst27.exe 2009-12-09 11:51 . 2009-12-09 11:51 -------- d-----w- C:\CFLog 2009-12-09 11:44 . 2009-12-09 11:44 -------- d-----w- c:\program files\GameClub 2009-12-09 11:44 . 2009-12-10 14:12 -------- d-----w- c:\program files\GameClub Launcher 2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll 2009-11-29 06:19 . 2009-12-12 12:46 -------- d-----w- c:\program files\GodsWar Online 2009-11-28 11:23 . 2009-11-28 11:23 -------- d-----w- c:\documents and settings\marc\keel 2009-11-28 10:56 . 2009-11-28 10:56 -------- d-----w- c:\documents and settings\marc\oni 2009-11-28 10:56 . 2009-11-28 10:56 8854 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{8F8E1379-8C91-4CDE-95CE-3C203669032E}\UNINST_Uninstall_G_8F8E13798C914CDE95CE3C203669032E.exe 2009-11-28 10:56 . 2009-11-28 10:56 4286 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{8F8E1379-8C91-4CDE-95CE-3C203669032E}\AMPED_Website.url1_8F8E13798C914CDE95CE3C203669032E.exe 2009-11-28 10:56 . 2009-11-28 10:56 4286 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{8F8E1379-8C91-4CDE-95CE-3C203669032E}\AMPED_Website.url_8F8E13798C914CDE95CE3C203669032E.exe 2009-11-28 10:56 . 2009-11-28 10:56 2238 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{8F8E1379-8C91-4CDE-95CE-3C203669032E}\GetAmped_Philippin_8F8E13798C914CDE95CE3C203669032E_1.exe 2009-11-28 10:56 . 2009-11-28 10:56 2238 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{8F8E1379-8C91-4CDE-95CE-3C203669032E}\GetAmped_Philippin_8F8E13798C914CDE95CE3C203669032E.exe 2009-11-28 10:56 . 2009-11-28 10:56 2238 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{8F8E1379-8C91-4CDE-95CE-3C203669032E}\ARPPRODUCTICON.exe 2009-11-28 10:56 . 2009-11-28 10:56 2238 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{8F8E1379-8C91-4CDE-95CE-3C203669032E}\amped_launcher.exe_8F8E13798C914CDE95CE3C203669032E_1.exe 2009-11-28 10:56 . 2009-11-28 10:56 2238 ----a-r- c:\documents and settings\marc\Application Data\Microsoft\Installer\{8F8E1379-8C91-4CDE-95CE-3C203669032E}\amped_launcher.exe_8F8E13798C914CDE95CE3C203669032E.exe 2009-11-28 10:55 . 2009-11-28 10:55 -------- d-----w- c:\program files\AMPED 2009-11-28 10:54 . 2009-11-28 10:54 -------- d-----w- c:\windows\Downloaded Installations 2009-11-28 06:21 . 2009-11-28 05:34 79256 ----a-w- c:\windows\system32\npOGPPlugin.dll 2009-11-28 05:32 . 2009-12-02 12:32 -------- d-----w- c:\program files\OGPlanet 2009-11-24 16:24 . 2008-04-13 21:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2009-11-24 16:24 . 2008-04-13 21:39 6144 ----a-w- c:\windows\system32\kbd106.dll 2009-11-21 08:59 . 2009-11-21 08:59 -------- d-----w- c:\documents and settings\marc\Local Settings\Application Data\WMA-MP3.com 2009-11-21 08:59 . 2009-11-28 17:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-21 07:33 . 2009-10-27 09:00 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-12-21 07:18 . 2009-11-20 11:23 -------- d-----w- c:\documents and settings\marc\Application Data\Free Download Manager 2009-12-12 15:07 . 2009-10-27 13:47 -------- d-----w- c:\documents and settings\marc\Application Data\Yahoo! 2009-12-08 10:45 . 2009-10-27 06:33 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-01 09:25 . 2009-10-27 06:23 -------- d-----w- c:\program files\e-Games 2009-11-29 05:44 . 2009-10-27 05:38 44112 ----a-w- c:\documents and settings\marc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-28 02:59 . 2009-11-24 14:02 40832 ----a-w- c:\windows\system32\drivers\Yonline.ahc 2009-11-21 06:26 . 2009-10-27 13:45 -------- d-----w- c:\program files\Yahoo! 2009-11-20 12:27 . 2009-11-20 12:27 -------- d-----w- c:\program files\Sun 2009-11-20 12:26 . 2009-11-15 03:05 -------- d-----w- c:\program files\Java 2009-11-20 11:23 . 2009-11-20 11:23 -------- d-----w- c:\program files\Free Download Manager 2009-11-20 11:23 . 2009-11-20 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG 2009-11-20 06:03 . 2009-11-20 06:03 -------- d-----w- c:\documents and settings\marc\Application Data\Helios 2009-11-20 02:31 . 2009-10-27 07:08 -------- d-----w- c:\documents and settings\marc\Application Data\uTorrent 2009-11-16 16:39 . 2009-11-16 16:39 -------- d-----w- c:\documents and settings\marc\Application Data\MSNInstaller 2009-11-15 11:32 . 2009-11-15 11:32 -------- d-----w- c:\documents and settings\marc\Application Data\Unity 2009-11-15 03:06 . 2009-11-15 03:06 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-15 03:05 . 2009-11-15 03:05 152576 ----a-w- c:\documents and settings\marc\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-14 09:44 . 2009-11-14 09:43 -------- d-----w- c:\program files\Bootfighter Windom XP sp-2.NET 2009-11-13 08:19 . 2009-11-13 08:19 -------- d-----w- c:\program files\Common Files\DirectX 2009-11-09 17:10 . 2009-11-09 10:50 -------- d-----w- c:\program files\Mobius 2009-11-06 04:12 . 2009-10-29 13:20 -------- d-----w- c:\program files\MYGAME 2009-10-29 13:38 . 2009-10-27 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-10-29 11:19 . 2009-10-27 05:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-10-27 13:47 . 2009-10-27 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-10-27 09:01 . 2009-10-27 09:01 -------- d-----w- c:\documents and settings\marc\Application Data\TuneUp Software 2009-10-27 09:00 . 2009-10-27 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-10-27 09:00 . 2009-10-27 09:00 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-10-27 07:09 . 2009-10-27 07:09 -------- d-----w- c:\program files\uTorrent 2009-10-27 06:32 . 2009-10-27 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-27 06:11 . 2009-10-27 06:11 -------- d-----w- c:\program files\Common Files\INCA Shared 2009-10-27 06:05 . 2009-10-27 06:05 0 ----a-w- c:\windows\nsreg.dat 2009-10-27 05:51 . 2009-10-27 05:51 -------- d-----w- c:\program files\Common Files\Cisco Systems 2009-10-27 05:50 . 2009-10-27 05:50 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-27 05:47 . 2009-10-27 05:47 -------- d-----w- c:\program files\Microsoft.NET 2009-10-27 05:47 . 2009-10-27 05:47 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-10-27 05:42 . 2009-10-27 05:39 78999 ----a-w- c:\windows\hpfins05.dat 2009-10-27 05:42 . 2009-10-27 05:42 -------- d-----w- c:\program files\Common Files\HP 2009-10-27 05:42 . 2009-10-27 05:39 -------- d-----w- c:\program files\HP 2009-10-27 05:41 . 2009-10-27 05:41 -------- d-----w- c:\program files\Hewlett-Packard 2009-10-27 05:41 . 2009-10-27 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2009-10-27 05:38 . 2009-10-27 05:38 -------- d-----w- c:\documents and settings\marc\Application Data\HP 2009-10-27 05:34 . 2009-10-27 05:34 -------- d-----w- c:\program files\VDOTool 2009-10-27 05:31 . 2009-10-27 05:31 -------- d-----w- c:\program files\Realtek 2009-10-27 05:31 . 2009-10-27 05:31 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-27 05:31 . 2009-10-27 05:31 315392 ----a-w- c:\windows\HideWin.exe 2009-10-27 05:31 . 2009-10-27 05:31 -------- d-----w- c:\program files\Common Files\InstallShield 2009-10-27 05:30 . 2009-10-27 05:30 -------- d-----w- c:\program files\Marvell 2009-10-27 05:29 . 2009-10-27 05:29 -------- d-----w- c:\documents and settings\marc\Application Data\InstallShield 2009-10-27 05:22 . 2009-10-27 05:22 -------- d-----w- c:\program files\microsoft frontpage 2009-10-27 05:19 . 2009-10-27 05:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-10-27 05:18 . 2009-10-27 05:18 -------- d-----w- c:\program files\Windows Media Connect 2 . ------- Sigcheck ------- [-] 2008-08-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8523776] "nwiz"="nwiz.exe" [2007-11-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\games\\Garena\\Garena.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\games\\FreeStyle\\FreeStyle.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\JCDK3.0.1_ConnectedEdition\\bin\\cjcre.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Free Download Manager\\fdmwi.exe"= "c:\\Program Files\\AMPED\\GetAmpedX Philippines\\amped_directx.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/18/2009 5:42 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/18/2009 5:42 PM 20560] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\marc\LOCALS~1\Temp\AFI94.tmp --> c:\docume~1\marc\LOCALS~1\Temp\AFI94.tmp [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?] S3 Yonline;Yonline;c:\windows\system32\drivers\Yonline.ahc [11/24/2009 10:02 PM 40832] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://12sky2.gameclub.com/news/news_view.asp?idx=150 IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\marc\Application Data\Mozilla\Firefox\Profiles\qpd7yrpo.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - plugin: c:\documents and settings\marc\Application Data\Mozilla\Firefox\Profiles\qpd7yrpo.default\extensions\{d2d536a0-b6fc-11d5-9d10-0060b0fbd8ac}\platform\WINNT_x86-msvc\plugins\NPseallaunch.dll FF - plugin: c:\documents and settings\marc\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\documents and settings\marc\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGPPlugin.dll FF - plugin: c:\windows\system32\npOGPPlugin.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.urlbar.autoFill - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-21 15:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\marc\LOCALS~1\Temp\AFI94.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Yonline] "ImagePath"="\??\c:\windows\system32\drivers\Yonline.ahc" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3200) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\System32\TUProgSt.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe . ************************************************************************** . Completion time: 2009-12-21 15:37:59 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-21 07:37 Pre-Run: 11,504,754,688 bytes free Post-Run: 11,448,270,848 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - B1D184598B90C21D4BD6EF7FFBE8ABAB
  7. um but iLL try posting there ^^
  8. i think the problem is with the server of my ISP. i called their company and they said that my line is having network problems. and they are currently fixing it. now im confident that my PC is clean. tnx for the reply.
  9. My current antivirus is Avast Home Edition my internet connection seems to be slow. and its having timeouts every 10-20seconds. i just wanna know if this has something to do with viruses or spywares? heres my malwarebytes log Malwarebytes' Anti-Malware 1.42 Database version: 3400 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 12/21/2009 1:20:45 PM mbam-log-2009-12-21 (13-20-45).txt Scan type: Full Scan (C:\|) Objects scanned: 139086 Time elapsed: 21 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) my GMER log... GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-21 13:46:01 Windows 5.1.2600 Service Pack 3 Running: 6di3qx7y.exe; Driver: C:\DOCUME~1\marc\LOCALS~1\Temp\kweyqaod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF2CF96B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF2CF9574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF2CF9A52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF2CF914C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF2CF964E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF2CF908C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF2CF90F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF2CF976E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF2CF972E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF2CF98AE] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.15 ----
  10. Malwarebytes' Anti-Malware 1.34 Database version: 1827 Windows 5.1.2600 Service Pack 3 3/9/2009 8:05:23 AM mbam-log-2009-03-09 (08-05-23).txt Scan type: Quick Scan Objects scanned: 59558 Time elapsed: 3 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I just scanned now. and there it is! problem solved! tnx a lot! is it okay to clear the objects in the quarantine?
  11. okay ill just update again 2mrw. for sure its there already. tnx for the help. hope this would be the end of the Rootkit infection
  12. are these the updates you said sir.. I just finished updating today. Here it is.. Date: 3/7/2009 Database Version: 1826 Fingerprints Loaded: 72630
  13. ummm sir.. If they are being deleted... No errors will occur with my PC? im just nervous about it.
  14. including also all other Trojans Sir? They will be removed?
  15. does it means i have to wait for the new updates of MBAM?