PDA

View Full Version : Please help asap spybot team super virus on computer plz



xdcmasterx
2009-07-15, 23:56
OMG IM SO SCARED I JUST FIXED MY COMPUTER FROM THE GOOGLE HIJACKED.. I WAS SURFING THE WEB BOOM A SUDDEN FILE ON MY DESKTOP WAS CREATED " selfdel.bat " or something my computer restarted i cant even use mbam cant even use my antivirus all turned off now a fake windows message keeps popping up plz spybot team super virus help
WTF I CANT EVEN MAKE A HIJACK LOG NOW PLZ OMG

xdcmasterx
2009-07-16, 00:10
Forgot post this : COMBO FIX WORKS! log :

ComboFix 09-07-14.08 - Owner 07/15/2009 16:57.2.2 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\Installer\11a167a.msi
c:\windows\ld12.exe
c:\windows\system32\braviax.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\drivers\beep.sys
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-15 21:01 . 2008-04-14 09:42 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-15 21:01 . 2008-04-14 09:42 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-15 20:47 . 2009-07-15 20:53 238642 ----a-w- c:\windows\system32\wisdstr.exe
2009-07-15 20:45 . 2009-07-15 20:45 24576 -c--a-w- C:\fhlyeby.exe
2009-07-15 20:45 . 2009-07-15 20:45 11264 -c--a-w- C:\benfuse.exe
2009-07-15 17:29 . 2009-07-15 17:29 -------- d-----w- c:\program files\ZD Soft
2009-07-14 17:58 . 2009-07-15 17:31 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-07-14 15:31 . 2009-07-14 15:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Graboid_Inc
2009-07-14 15:31 . 2009-07-14 15:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Graboid
2009-07-14 15:31 . 2009-07-14 15:32 -------- d-----w- c:\documents and settings\Owner\Application Data\MozillaControl
2009-07-14 15:30 . 2009-07-14 15:31 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-07-14 15:30 . 2009-07-14 15:30 -------- d-----w- c:\program files\VideoLAN
2009-07-14 15:30 . 2009-07-14 15:31 -------- d-----w- c:\program files\Graboid
2009-07-13 17:17 . 2009-07-13 17:17 -------- d-----w- c:\windows\vbSkinner
2009-07-11 23:55 . 2009-07-11 23:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-11 23:55 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 23:55 . 2009-07-11 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 23:55 . 2009-07-11 23:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 23:55 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 01:20 . 2009-07-06 02:29 -------- d-----w- c:\program files\PCSX2 BETA
2009-07-03 21:35 . 2009-07-03 21:35 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-03 21:35 . 2009-07-03 21:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-03 21:30 . 2009-07-03 21:30 -------- d-----w- c:\program files\DVD Decrypter
2009-07-03 19:22 . 2009-07-03 19:22 -------- d-----w- c:\program files\GoldWave
2009-06-29 20:15 . 2009-06-29 20:15 12862 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-06-29 17:20 . 2009-06-29 17:20 -------- d-----w- c:\program files\Trend Micro
2009-06-29 16:02 . 2009-06-29 16:02 -------- d-----w- c:\program files\Driver-Soft
2009-06-29 15:09 . 2009-06-29 15:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-06-29 14:53 . 2009-06-29 14:53 -------- d-----w- c:\windows\system32\VIRepair
2009-06-29 14:34 . 2008-11-26 16:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-29 14:34 . 2008-11-26 16:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-29 14:34 . 2008-11-26 16:15 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-29 14:34 . 2008-11-26 16:18 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-29 14:34 . 2008-11-26 16:18 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-29 14:34 . 2008-11-26 16:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-29 14:34 . 2008-11-26 16:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-29 14:34 . 2008-11-26 16:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-29 14:34 . 2008-11-26 16:21 1236208 -c--a-w- c:\windows\system32\aswBoot.exe
2009-06-29 14:21 . 2009-06-29 14:21 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-06-28 14:43 . 2009-06-28 14:43 -------- dc----w- C:\Temp
2009-06-27 21:08 . 2009-06-27 21:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-06-27 20:37 . 2009-06-27 20:37 -------- d-----w- c:\program files\Valve
2009-06-27 19:34 . 2009-06-27 19:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Cyber-D's AutoDelete
2009-06-27 16:24 . 2009-07-15 20:12 -------- dc----w- C:\Fraps
2009-06-24 18:57 . 2009-06-24 18:57 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-24 18:57 . 2009-06-24 18:57 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-24 18:57 . 2009-06-24 18:57 -------- d-----w- c:\program files\OpenAL
2009-06-24 00:32 . 2008-12-20 18:02 20992 ----a-w- c:\windows\system32\psych.dll
2009-06-23 23:05 . 2009-06-23 23:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Fallout3
2009-06-23 23:03 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-23 23:03 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-23 23:03 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-23 23:03 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-23 23:03 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-23 23:03 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-23 23:03 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-22 06:46 . 2009-06-22 06:46 9984 ----a-w- c:\windows\system32\drivers\scncap.sys
2009-06-22 06:46 . 2009-06-22 06:46 13184 ----a-w- c:\windows\system32\scncap.dll
2009-06-22 00:40 . 2009-06-22 00:40 -------- d-----w- c:\program files\Viewpoint
2009-06-21 03:51 . 2009-06-21 03:51 -------- d-----w- c:\program files\HyCam2
2009-06-20 20:19 . 2009-06-20 20:19 -------- d-----w- c:\program files\ViSplore
2009-06-20 20:19 . 2009-06-20 20:19 -------- d-----w- c:\program files\TrueTransparency
2009-06-20 20:19 . 2009-06-20 20:19 -------- d-----w- c:\program files\WinFlip
2009-06-20 20:19 . 2009-06-20 20:19 -------- d-----w- c:\program files\Vista Rainbar
2009-06-20 20:16 . 2009-03-23 21:39 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2009-06-20 16:05 . 2009-06-20 16:05 -------- d-----w- c:\program files\LittleFighter2
2009-06-19 19:19 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 21:05 . 2009-04-20 21:40 -------- d-----w- c:\program files\Steam
2009-07-15 20:43 . 2008-12-31 01:44 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-07-15 20:12 . 2008-12-31 04:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-14 17:05 . 2008-12-31 01:25 -------- d-----w- c:\program files\SpeedFan
2009-07-14 14:45 . 2009-03-22 20:56 -------- d-----w- c:\program files\Warcraft III
2009-06-29 19:44 . 2004-08-04 12:00 2864 -c--a-w- c:\windows\system32\winsock.dll
2009-06-29 16:57 . 2009-01-01 00:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-29 00:19 . 2008-12-31 07:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-29 00:19 . 2009-02-16 03:24 -------- d-----w- c:\program files\ASUS
2009-06-29 00:19 . 2008-05-17 22:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 19:40 . 2009-04-17 14:28 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-06-27 19:36 . 2009-05-31 23:44 -------- d-----w- c:\program files\Cheat Engine
2009-06-24 23:49 . 2009-05-16 20:12 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-06-24 23:49 . 2009-01-02 03:08 131072 -c--a-w- c:\windows\system32\SpoonUninstall.exe
2009-06-24 20:59 . 2009-01-03 23:48 -------- d--h--w- c:\documents and settings\Owner\Application Data\ijjigame
2009-06-24 20:55 . 2009-04-20 22:14 -------- dc----w- c:\documents and settings\All Users\Application Data\IJJIGame
2009-06-24 20:55 . 2009-06-24 20:55 -------- d-----w- c:\program files\NHN USA
2009-06-22 02:47 . 2009-03-29 23:59 1465520 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-22 02:08 . 2009-03-03 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-06-22 00:42 . 2009-01-02 23:48 -------- d-----w- c:\program files\AIM6
2009-06-22 00:40 . 2009-01-02 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-22 00:38 . 2009-06-22 00:38 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-20 02:12 . 2009-05-19 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\kikin
2009-06-20 02:05 . 2009-06-04 00:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-20 01:44 . 2009-05-19 21:58 -------- d-----w- c:\program files\kikin
2009-06-19 19:15 . 2009-04-02 00:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 01:14 . 2008-12-30 22:34 137888 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-19 01:14 . 2008-12-30 22:33 189288 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2009-02-09 18:18 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2008-12-30 19:22 457248 -c--a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2008-07-09 11:02 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2008-07-09 11:02 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2008-07-09 11:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2008-07-09 11:02 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2008-07-09 11:02 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 10:03 . 2008-05-17 20:08 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 10:03 . 2008-05-17 20:06 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-06 21:58 . 2009-06-06 21:58 -------- d-----w- c:\program files\ImgBurn
2009-06-04 23:04 . 2009-06-04 00:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2009-06-04 20:39 . 2008-12-30 19:21 457248 -c--a-w- c:\windows\system32\NVUNINST.EXE
2009-06-03 21:48 . 2009-06-24 20:55 779720 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PurpleBean.exe
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 22:02 . 2009-02-15 00:37 5085184 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-05-31 19:44 . 2009-05-31 19:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Crayon Physics Deluxe
2009-05-31 18:53 . 2009-03-28 19:06 -------- dc----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-05-31 18:53 . 2008-12-31 01:43 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-05-30 23:12 . 2009-05-30 23:12 196608 ----a-w- c:\windows\system32\XPva00.dll
2009-05-27 22:08 . 2009-06-24 20:55 591320 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\ExLauncher.exe
2009-05-27 00:10 . 2009-05-27 00:10 -------- d-----w- c:\program files\Alwil Software
2009-05-26 21:31 . 2009-06-24 20:55 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-26 01:19 . 2009-05-26 01:19 -------- d-----w- c:\program files\Microsoft
2009-05-26 01:19 . 2009-05-26 01:18 -------- d-----w- c:\program files\Windows Live
2009-05-26 01:18 . 2009-05-26 01:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-26 01:14 . 2009-05-26 01:14 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 16:24 . 2009-01-11 21:45 33824 -c--a-w- c:\windows\system32\drivers\oreans32.sys
2009-05-25 16:21 . 2008-12-30 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-21 18:01 . 2009-02-15 00:37 17881600 ----a-w- c:\windows\RTHDCPL.EXE
2009-05-19 18:51 . 2009-04-02 00:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2009-05-19 05:36 . 2009-06-22 00:38 97072 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-22 00:38 2884832 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-22 00:38 28 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-22 00:38 25 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-22 00:38 1484856 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-22 00:38 142040 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-22 00:38 30512 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-22 00:38 111920 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-14 19:21 . 2009-02-15 00:37 36864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-05-13 00:48 . 2009-06-24 20:55 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-09 05:14 . 2009-03-28 19:18 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 05:14 . 2009-03-28 19:18 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 22:10 . 2009-05-05 22:09 34 -c--a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-05-05 22:06 . 2009-05-05 22:06 0 -c--a-w- c:\windows\popcreg.dat
2009-05-05 21:30 . 2009-05-05 21:06 25 -c--a-w- c:\windows\popcinfot.dat
2009-05-02 15:06 . 2009-04-24 00:23 1090560 -c--a-w- c:\documents and settings\Owner\Desktopkernel32.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-04-28 19:09 . 2009-03-22 22:49 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-22 21:33 . 2009-04-22 21:33 155648 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\XSystem.dll
2009-04-22 21:33 . 2009-04-22 21:33 77824 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\XStream.dll
2009-04-22 21:33 . 2009-04-22 21:33 53248 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\XPlatform.dll
2009-04-22 21:33 . 2009-04-22 21:33 229376 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\XInNetwork.dll
2009-04-22 21:33 . 2009-04-22 21:33 577536 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\PiXel.dll
2009-04-22 21:33 . 2009-04-22 21:33 475136 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\NeoBit.dll
2009-04-20 22:17 . 2009-01-03 23:49 383645136 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\U_GBOUND_setup.exe
2009-04-20 22:15 . 2009-04-20 22:17 480688 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\ijjistarter2FxB.exe
2009-04-20 22:14 . 2009-04-20 22:14 52105 -c--a-w- c:\documents and settings\All Users\Application Data\IJJIGame\uninst.exe
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 21:23 . 2009-02-15 00:37 540672 ----a-w- c:\windows\RtlExUpd.dll
2008-04-14 09:42 . 2009-04-10 23:29 1695232 -csha-w- c:\windows\FlyakiteOSX\Backup\msmsgs.exe
2008-04-14 09:42 . 2008-04-14 09:42 1695232 -csha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.

------- Sigcheck -------

[-] 2008-04-14 09:42 998912 D89B25A01991B8EEE6D62A158692952E c:\windows\explorer.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 09:42 998912 D89B25A01991B8EEE6D62A158692952E c:\windows\FlyakiteOSX\Backup\explorer.exe
[-] 2008-04-14 09:42 998912 D89B25A01991B8EEE6D62A158692952E c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe


[-] 2009-07-15 20:45 28672 AEB3DCB7A766333C3753AB1493151DAD c:\windows\system32\dllcache\beep.sys
[7] 2004-08-04 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys

[7] 2004-08-04 12:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2008-04-14 09:41 657408 257359B2FA0E544FD750951DBBADCB31 c:\windows\FlyakiteOSX\Backup\comctl32.dll
[-] 2008-04-14 09:41 657408 257359B2FA0E544FD750951DBBADCB31 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2005-08-31 22:49 925184 A93B7C3B08B9AC15B4DCDC96A50E4C2C c:\windows\SoftwareDistribution\Download\0ad26524c298df9a41026d3b49a38936\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-03-17 05:04 925184 551E967F1E08EE6E205FCB5ADCB0DFC5 c:\windows\SoftwareDistribution\Download\cb2769f3b1daf367a31ed046299a3790\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 15:53 925184 11B508E0D26622D2BD25B60033245F6A c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 09:41 657408 257359B2FA0E544FD750951DBBADCB31 c:\windows\system32\comctl32.dll
[7] 2004-08-04 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 12:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2008-04-14 09:42 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-12_23.14.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 21:04 . 2009-07-15 21:04 16384 c:\windows\Temp\Perflib_Perfdata_dc.dat
- 2008-05-17 22:23 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2008-05-17 22:23 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2006-01-17 19:50 . 2006-01-17 19:50 61952 c:\windows\system32\execryptorvb.dll
+ 2004-08-04 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-04-20 21:40 . 2009-07-13 03:53 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2009-04-20 21:40 . 2009-04-20 21:40 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2009-02-17 03:14 . 2009-07-15 20:51 3140 c:\windows\system32\Restore\rstrlog.dat
+ 2003-01-26 23:48 . 2003-01-26 23:48 147456 c:\windows\system32\vbzip11.dll
+ 2004-08-04 08:56 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
- 2004-08-04 12:00 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
+ 2004-08-04 12:00 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 08:56 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
- 2004-08-04 12:00 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-14 23:48 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\steam\steam.exe" [2009-07-13 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-17 91432]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-05-21 17881600]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-10 18:54 210224 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Super Turbo Tango Patcher Reloader.lnk]
backup=c:\windows\pss\Super Turbo Tango Patcher Reloader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WeGame.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WeGame.lnk
backup=c:\windows\pss\WeGame.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"szserver"=2 (0x2)
"npggsvc"=3 (0x3)
"xmlprov"=3 (0x3)
"WudfSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"VSS"=3 (0x3)
"usprserv"=3 (0x3)
"UPS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"rpcapd"=3 (0x3)
"RichVideo"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\source sdk base\\hl2.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\dark messiah might and magic multi-player\\runme.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59133:TCP"= 59133:TCP:Pando Media Booster
"59133:UDP"= 59133:UDP:Pando Media Booster
"58050:TCP"= 58050:TCP:Pando Media Booster
"58050:UDP"= 58050:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/8/2009 1:34 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/29/2009 10:34 AM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2009 10:34 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/21/2009 8:40 PM 24652]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [12/31/2008 3:09 AM 38400]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/14/2009 8:37 PM 1684736]
S3 cpuz128;cpuz128;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: {{CCDCA331-90B7-4A71-8C8D-E06D955FA854} - c:\program files\FreshDevices\FreshDownload\fd.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Trusted Zone: reimage.com\cdnrep
DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} - hxxp://cdnrep.reimage.com/reix1225.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 17:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43CC247E-8249-B337-C0BD-EAA2513E05E8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abfjmdkkmjcgjcnbcpniheohnmomafdlhg"=hex:61,62,6c,6a,6a,67,68,65,6c,62,6a,61,
6a,68,69,6f,6d,6c,66,6c,6a,6d,67,69,66,6c,6d,6a,70,66,63,62,67,66,00,77
"bbfjmdkkmjcgjcnbcpghecjmhifkmolmchof"=hex:61,62,63,6b,68,64,6c,67,6f,63,62,62,
67,70,68,69,6b,68,62,61,66,62,6f,69,6c,6e,61,6a,6d,68,70,67,67,70,00,77

[HKEY_USERS\S-1-5-21-448539723-1409082233-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,64,68,e4,ec,47,cc,1e,3c,65,33,c6,52,30,a9,09,89,6e,bc,23,bf,df,a2,
d7,99,ce,27,07,56,d9,8c,6b,5a,5d,8d,b6,48,04,b4,0b,76,58,b2,96,c0,87,a3,a8,\
"??"=hex:6f,ac,06,37,9a,7b,ec,c8,58,2f,41,b9,fb,27,f6,01

[HKEY_USERS\S-1-5-21-448539723-1409082233-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4c,e6,3c,2d,d7,4f,73,02,ed,cd,73,74,3f,cf,2c,23,b8,30,84,7d,d7,
7a,bd,62,f2,c6,94,d3,5a,8f,c8,c7,55,46,c1,2c,81,95,82,0a,4a,73,52,d1,18,0b,\
"rkeysecu"=hex:24,6e,be,34,d3,65,0f,de,3b,3a,ab,fa,5a,c2,a3,a2
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\taskmgr.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-07-15 17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 21:08
ComboFix2.txt 2009-07-12 23:18

Pre-Run: 22,973,239,296 bytes free
Post-Run: 23,077,863,424 bytes free

419 --- E O F --- 2009-07-15 17:18

xdcmasterx
2009-07-16, 00:24
Further information sorry didnt put in one post anyway : i used spybot detected many viruses and stuff deleted them and still i cant start my anti-virus or mbam

pskelley
2009-07-18, 11:16
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You must have read and followed the "Before you Post" instructions.

Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.
selfdel.bat <<< see this: http://www.bitdefender.com/VIRUS-1000434-en--Trojan.PWS.Agent.SGD.html
http://www.google.com/search?hl=en&q=infected+websites&btnG=Google+Search

If you still need help, please see if you can post a HijackThis log to get us started.

Thanks

tashi
2009-07-20, 18:26
Hello xdcmasterx,

http://forums.spybot.info/showpost.php?p=322371&postcount=10


when i am older ( im 10 ) lol

Original topic:http://forums.spybot.info/showthread.php?t=49750

COPPA is in effect at this site and all users under the age of 13 need to register with parental permission. :)

Best regards.