Jump to content

HappyTree04

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Remove -- Date : 09/07/2012 23:18:43 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD16 00AAJS-00PSA SCSI Disk Device +++++ --- User --- [MBR] 8fdebe2fca2bc9e07a8f23047a1e5af2 [bSP] b3aad4fe3b9de60b603917d6e42b4d65 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163846935 | Size: 72614 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  2. RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 09/07/2012 22:34:16 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] DCService.exe -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD16 00AAJS-00PSA SCSI Disk Device +++++ --- User --- [MBR] 8fdebe2fca2bc9e07a8f23047a1e5af2 [bSP] b3aad4fe3b9de60b603917d6e42b4d65 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163846935 | Size: 72614 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  3. Clearly confirm for me: Did you run RKILL ? Yes i run it Did you run TFC ? Yes No, stinger & drWeb Cure-it are only at the sites I listed. You are not writing clearly. When was this pc reformated ?? Where did you buy this system ? My brother got this from his friend I cannot believe it was sold without an antivirus ~
  4. No the problem only started when my pc got reformat . okay i will try it thanks sir for help !
  5. I have to ask, How long has your computer been without an installed antivirus program? Since the windows XP installed How long have you had this computer? 2009 Do you by any chance have access to a clean computer ? (obviously, one different from this ) No sorry Do you have a new unused flash-USB-thumb-drive ? Yes i have What browser are you using? Explain in painful detail how you can not download?I use Chrome . I can download avast but when i try to install it it always crash my pc then restart it then after that the avast installer is gone . Do you get to the site ? yes/ no i cant go to mccafee and dr web curelt Do you get to Save ? yes/no i can save the dr . web curelt but it wont start downloading always 0.00% As this system has been without an antivirus program, I believe we will eventually get to the conclusion that you should wipe the system clean and start over from scratch. What brand is this computer ? I dont know what brand is my computer ( noobs here >.<) Do you have the Windows XP CD I dont have Do you have a recent backup of this system (offline, on external drive or CD or DVD) from before this infection ?? I dont have (which by the way, it looks like you have had for a few months !! )
  6. When i try to download Antivirus , the virus always remove it and dont install it . I cant load or download the mccafee stinger and Dr. web curelt ? i dont know why ?
  7. Ohh sorry sorry okay here .. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.07.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANONYMOUS [administrator] Protection: Enabled 9/7/2012 7:57:37 PM mbam-log-2012-09-07 (19-57-37).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 192139 Time elapsed: 10 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\urcff.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{01E4AB69-E7F7-493E-A42E-C6542972D34E}\RP17\A0015529.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{01E4AB69-E7F7-493E-A42E-C6542972D34E}\RP17\A0015638.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{01E4AB69-E7F7-493E-A42E-C6542972D34E}\RP17\A0015791.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\hpkh.pif (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  8. Hey thanks for reply and help . Here is the Scan log of my computer Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.07.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANONYMOUS [administrator] Protection: Enabled 9/7/2012 7:39:31 PM mbam-log-2012-09-07 (19-48-29).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191610 Time elapsed: 8 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\urcff.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{01E4AB69-E7F7-493E-A42E-C6542972D34E}\RP17\A0015529.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{01E4AB69-E7F7-493E-A42E-C6542972D34E}\RP17\A0015638.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{01E4AB69-E7F7-493E-A42E-C6542972D34E}\RP17\A0015791.exe (Trojan.Agent) -> No action taken. D:\hpkh.pif (Trojan.Agent) -> No action taken. (end)
  9. Hello plss help me . i cant remove this virus that cause my programs corrupt and slow and makes firewall and windows update disabled Here is the DDS LOG . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 10:42:31 on 2012-09-05 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1221 [GMT 8:00] . . ============== Running Processes =============== . C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Sun Broadband Wireless\Sun Broadband Wireless.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Advanced SystemCare Browser Protection: {ba0c978d-d909-49b6-afe2-8bde245dc7e6} - c:\progra~1\iobit\advanc~1\brower~1\ASCPLU~1.DLL uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [nwiz] nwiz.exe /installquiet mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-system: EnableLUA = 0 (0x0) IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe TCP: DhcpNameServer = 202.138.128.50 202.138.128.54 TCP: Interfaces\{3D944068-B018-452F-9F38-9157AC010FA8} : DhcpNameServer = 202.138.128.50 202.138.128.54 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: schannel.dll, credssp.dll, digest.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\m839ur2s.default\ FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-9-16 13616] R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-9-16 5632] R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-9-16 13616] R0 nvlegacy;nvlegacy;c:\windows\system32\drivers\nvlegacy.sys [2011-9-16 100736] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-8-31 109768] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-9-3 1026432] R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2010-5-8 229376] R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2012-9-4 140976] R3 amsint32;amsint32;\??\c:\windows\system32\drivers\gesmf.sys --> c:\windows\system32\drivers\gesmf.sys [?] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-9-2 117504] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-9-2 70656] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-3 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-5 40776] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-3 655944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-9-3 1691480] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-9-2 101504] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-3 35144] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-3 114144] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-9-4 14416] . =============== Created Last 30 ================ . 2012-09-05 01:41:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-04 01:58:37 98816 ----a-w- c:\windows\sed.exe 2012-09-04 01:58:37 518144 ----a-w- c:\windows\SWREG.exe 2012-09-04 01:58:37 256000 ----a-w- c:\windows\PEV.exe 2012-09-04 01:58:37 208896 ----a-w- c:\windows\MBR.exe 2012-09-04 01:58:34 -------- d-s---w- C:\ComboFix 2012-09-04 00:51:05 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2012-09-04 00:51:03 -------- d-----w- c:\program files\ffdshow 2012-09-03 09:45:25 -------- d-----w- c:\documents and settings\owner\application data\IObit 2012-09-03 09:45:25 -------- d-----w- c:\documents and settings\owner\AppData 2012-09-03 09:45:25 -------- d-----w- c:\documents and settings\all users\application data\IObit 2012-09-03 09:45:21 -------- d-----w- c:\program files\IObit 2012-09-03 06:56:07 -------- d-----w- c:\program files\CCleaner 2012-09-03 06:55:52 -------- d-----w- c:\program files\Defraggler 2012-09-03 06:49:55 -------- d-----w- c:\program files\Speccy 2012-09-03 06:18:29 99328 ----a-w- C:\urcff.exe 2012-09-03 05:33:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-09-03 02:47:18 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes 2012-09-03 02:47:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-09-03 02:47:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-03 02:47:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-03 00:49:51 -------- d-----w- c:\windows\system32\appmgmt 2012-09-03 00:31:50 -------- d-----w- c:\windows\system32\Lang 2012-09-03 00:29:55 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2012-09-03 00:29:55 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll 2012-09-03 00:29:55 1706640 ----a-r- c:\windows\RtlExUpd.dll 2012-09-03 00:29:54 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll 2012-09-03 00:29:54 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll 2012-09-03 00:29:54 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe 2012-09-03 00:29:54 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll 2012-09-03 00:29:54 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll 2012-09-03 00:29:53 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll 2012-09-03 00:27:02 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2012-09-03 00:26:08 -------- d-----w- c:\windows\system32\ReinstallBackups 2012-09-03 00:26:05 215656 ----a-r- c:\windows\system32\NVCOSMB.DLL 2012-09-03 00:22:35 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZip 2012-09-02 08:34:07 -------- d--h--w- c:\windows\PIF 2012-09-02 02:44:00 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll . ==================== Find3M ==================== . 2012-08-02 00:23:14 109768 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2012-06-12 10:10:44 6138512 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys . ============= FINISH: 10:42:46.75 =============== The Scan log Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.03.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANONYMOUS [administrator] Protection: Disabled 9/5/2012 9:42:05 AM mbam-log-2012-09-05 (10-36-21).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217333 Time elapsed: 54 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\urcff.exe (Trojan.Agent) -> No action taken. D:\hpkh.pif (Trojan.Agent) -> No action taken. (end) I hope someone can help me to fix my problem
  10. Hello can you help me ? there is some virus that i cant remove to my computer . over 82 virus and can you plss tell me what is this kxnca that i cant remove even i delete it ? is that a virus ? here is the scan log .. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.10.06 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 Administrator :: RUDY-F350538FCB [administrator] 6/11/2012 1:44:52 AM mbam-log-2012-06-11 (07-49-41).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205387 Time elapsed: 1 hour(s), 3 minute(s), 42 second(s) Memory Processes Detected: 1 C:\kxnca.exe (Trojan.Agent) -> 1640 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 79 C:\kxnca.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0067877.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0068683.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0069682.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0070685.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0071686.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0072686.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0074683.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0075687.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0075890.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0076081.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0076889.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0077890.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0078886.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0079890.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0080890.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0081890.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0082890.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0083890.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0084891.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0085886.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0086890.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0086955.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0087176.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP19\A0088177.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP20\A0089346.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP23\A0094378.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP23\A0094614.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP24\A0094824.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP25\A0094914.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP26\A0095608.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP28\A0096023.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP28\A0096637.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP28\A0096847.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP29\A0096898.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP30\A0099847.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP30\A0101882.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP31\A0102097.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP31\A0103186.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP31\A0103419.exe (Trojan.Agent) -> No action taken. E:\hpkh.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0072690.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0075894.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0067881.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0068690.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0069686.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0070691.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0071690.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0074687.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP17\A0075691.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0076085.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0076895.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0077894.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0078891.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0079894.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0080894.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0081894.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0082894.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0083894.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0084895.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0085890.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0086894.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0086959.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP18\A0087182.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP20\A0090182.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP23\A0094382.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP23\A0094618.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP24\A0094828.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP25\A0094918.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP25\A0095584.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP26\A0095612.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP28\A0096029.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP28\A0096641.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP28\A0096851.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP29\A0096902.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP30\A0099851.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP30\A0101886.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP31\A0102101.pif (Trojan.Agent) -> No action taken. E:\System Volume Information\_restore{0E859716-9A13-4C09-A9AD-A0A8CBAD36E5}\RP31\A0103191.pif (Trojan.Agent) -> No action taken. (end) and here is the dds log this is the dds log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.2180 Run by Administrator at 20:55:00 on 2012-05-30 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1789.1409 [GMT -7:00] . . ============== Running Processes =============== . C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ntvdm.exe . ============== Pseudo HJT Report =============== . BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-system: EnableLUA = 0 (0x0) IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 124.106.5.2 124.106.7.2 192.168.2.1 TCP: Interfaces\{1AA50465-186B-441F-A80A-46FF0719120B} : DhcpNameServer = 124.106.5.2 124.106.7.2 192.168.2.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ls3doxp6.default\ FF - plugin: c:\documents and settings\administrator\application data\kalydo\kalydoplayer\bin1\npkalydo.dll FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrl.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\windows media player\npdrmv2.dll FF - plugin: c:\program files\windows media player\npdsplay.dll FF - plugin: c:\program files\windows media player\npwmsdrm.dll FF - plugin: c:\program files\yahoo!\shared\npYState.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-1-26 108448] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-5-15 913752] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-26 654408] R3 amsint32;amsint32;\??\c:\windows\system32\drivers\tenon.sys --> c:\windows\system32\drivers\tenon.sys [?] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2012-4-25 63088] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-26 22344] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 240264] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-17 257696] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 199608] . =============== Created Last 30 ================ . 2012-05-31 03:54:49 -------- d--h--w- c:\windows\PIF 2012-05-30 17:49:05 -------- d-----w- c:\progra~1\CCleaner 2012-05-30 16:46:37 -------- d-----w- c:\docume~1\admini~1\applic~1\Blender Foundation 2012-05-30 16:46:05 -------- d-----w- c:\docume~1\admini~1\.thumbnails 2012-05-30 06:26:06 99328 ----a-w- C:\kxnca.exe 2012-05-28 22:26:12 -------- d-----w- c:\progra~1\Blender Foundation 2012-05-18 03:15:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-18 03:15:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-18 02:56:35 -------- d-----w- c:\progra~1\CDisplay 2012-05-17 15:11:31 -------- d-s---w- c:\docume~1\admini~1\UserData 2012-05-15 05:36:12 -------- d-----w- c:\progra~1\CDisplayEx 2012-05-14 23:35:56 -------- d-----w- c:\docume~1\admini~1\local settings\application data\Identities 2012-05-12 04:21:20 -------- d-----w- c:\docume~1\admini~1\applic~1\Kalydo 2012-05-11 23:03:22 -------- d-----w- c:\docume~1\admini~1\applic~1\CDisplayEx 2012-05-11 20:51:37 -------- d-----w- c:\progra~1\uTorrent 2012-05-11 20:51:07 -------- d-----w- c:\docume~1\admini~1\applic~1\uTorrent 2012-05-01 09:11:22 -------- d-----w- c:\docume~1\alluse~1\application data\SYSTEMAX Software Development 2012-05-01 09:11:22 -------- d-----w- c:\docume~1\admini~1\applic~1\SYSTEMAX Software Development . ==================== Find3M ==================== . 2012-04-26 15:02:13 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-26 15:02:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-23 11:26:26 108448 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 20:56:00.57 ===============
  11. Hello my computer is running slow lately and when i ran my malwarebytes it gives me more than 20 virus and i cant remove it this is the dds log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.2180 Run by Administrator at 20:55:00 on 2012-05-30 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1789.1409 [GMT -7:00] . . ============== Running Processes =============== . C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ntvdm.exe . ============== Pseudo HJT Report =============== . BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-system: EnableLUA = 0 (0x0) IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 124.106.5.2 124.106.7.2 192.168.2.1 TCP: Interfaces\{1AA50465-186B-441F-A80A-46FF0719120B} : DhcpNameServer = 124.106.5.2 124.106.7.2 192.168.2.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ls3doxp6.default\ FF - plugin: c:\documents and settings\administrator\application data\kalydo\kalydoplayer\bin1\npkalydo.dll FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrl.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\windows media player\npdrmv2.dll FF - plugin: c:\program files\windows media player\npdsplay.dll FF - plugin: c:\program files\windows media player\npwmsdrm.dll FF - plugin: c:\program files\yahoo!\shared\npYState.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-1-26 108448] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-5-15 913752] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-26 654408] R3 amsint32;amsint32;\??\c:\windows\system32\drivers\tenon.sys --> c:\windows\system32\drivers\tenon.sys [?] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2012-4-25 63088] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-26 22344] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 240264] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-17 257696] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 199608] . =============== Created Last 30 ================ . 2012-05-31 03:54:49 -------- d--h--w- c:\windows\PIF 2012-05-30 17:49:05 -------- d-----w- c:\progra~1\CCleaner 2012-05-30 16:46:37 -------- d-----w- c:\docume~1\admini~1\applic~1\Blender Foundation 2012-05-30 16:46:05 -------- d-----w- c:\docume~1\admini~1\.thumbnails 2012-05-30 06:26:06 99328 ----a-w- C:\kxnca.exe 2012-05-28 22:26:12 -------- d-----w- c:\progra~1\Blender Foundation 2012-05-18 03:15:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-18 03:15:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-18 02:56:35 -------- d-----w- c:\progra~1\CDisplay 2012-05-17 15:11:31 -------- d-s---w- c:\docume~1\admini~1\UserData 2012-05-15 05:36:12 -------- d-----w- c:\progra~1\CDisplayEx 2012-05-14 23:35:56 -------- d-----w- c:\docume~1\admini~1\local settings\application data\Identities 2012-05-12 04:21:20 -------- d-----w- c:\docume~1\admini~1\applic~1\Kalydo 2012-05-11 23:03:22 -------- d-----w- c:\docume~1\admini~1\applic~1\CDisplayEx 2012-05-11 20:51:37 -------- d-----w- c:\progra~1\uTorrent 2012-05-11 20:51:07 -------- d-----w- c:\docume~1\admini~1\applic~1\uTorrent 2012-05-01 09:11:22 -------- d-----w- c:\docume~1\alluse~1\application data\SYSTEMAX Software Development 2012-05-01 09:11:22 -------- d-----w- c:\docume~1\admini~1\applic~1\SYSTEMAX Software Development . ==================== Find3M ==================== . 2012-04-26 15:02:13 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-26 15:02:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-23 11:26:26 108448 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 20:56:00.57 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.