SydLexia.com Forum Index
"Stay awhile. Stay... FOREVER!"

  [Edit Profile]  [Search]  [Memberlist]  [Usergroups]  [FAQ]  [Register]
[Who's Online]  [Log in to check your private messages]  [Log in]
Computer problems

SydLexia.com Forum Index » General Discussion

Reply to topic
Author Message
Syd Lexia
Site Admin
Title: Pop Culture Junkie
Joined: Jul 30 2005
Location: Wakefield, MA
PostPosted: Nov 20 2009 10:01 pm Reply with quote Back to top

So I don't know what I did, but my computer is slightly fucked up. It's running slow, and whatever I have is fucking with my antivirus stuff. When I try to update Malwarebytes, it hangs indefinitely. If I try and run it, I get "system resource" errors until it crashes. Same deal with Spybot. I ran ComboFix, and that removed some stuff, but it hasn't fixed the problems. Here are the ComboFix results:

ComboFix 09-11-20.02 - Stalin 11/20/2009 20:01.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.180 [GMT -5:00]
Running from: F:\KimboFixx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msacm32.drv
c:\windows\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 01:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-21 01:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-17 11:32 . 2009-11-20 06:44 104960 ----a-w- c:\documents and settings\Stalin\Application Data\Macromedia\Common\dff7e0381.dll
2009-11-15 22:07 . 2009-11-15 22:07 36480 ----a-w- c:\windows\system32\drivers\srenum.sys
2009-11-15 22:07 . 2009-11-15 22:07 77824 ----a-w- c:\windows\system32\drvsign.exe
2009-11-15 22:07 . 2009-11-15 22:07 20480 ----a-w- c:\windows\system32\ndisrd.sys
2009-11-15 22:07 . 2009-11-15 22:07 13824 ----a-w- c:\windows\system32\snetcfg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 00:59 . 2009-11-17 11:32 18432 ----a-w- c:\documents and settings\Stalin\Application Data\Macromedia\Common\dff7e03819.exe
2009-11-21 00:18 . 2009-11-20 23:42 18432 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Common\dff7e03819.exe
2009-11-21 00:09 . 2008-10-26 03:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 23:51 . 2009-11-20 23:51 104960 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Common\dff7e0381.dll
2009-11-20 10:09 . 2009-11-20 10:09 389120 ----a-w- c:\windows\system32\CF19824.exe
2009-11-20 04:31 . 2008-10-26 03:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 05:01 . 2004-12-27 00:37 1033728 ------w- c:\windows\explorer.exe
2009-11-06 14:20 . 2009-04-09 12:29 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-06 13:00 . 2005-01-11 16:19 -------- d-----w- c:\program files\mIRC
2009-11-01 00:54 . 2003-01-10 04:57 -------- d-----w- c:\program files\DivX
2009-11-01 00:53 . 2009-03-15 21:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-23 14:45 . 2006-07-29 17:24 -------- d-----w- c:\documents and settings\Stalin\Application Data\Apple Computer
2009-10-12 10:27 . 2009-10-12 10:25 -------- d-----w- c:\program files\iTunes
2009-10-12 10:27 . 2009-10-12 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-12 10:26 . 2009-10-12 10:26 -------- d-----w- c:\program files\iPod
2009-10-12 10:26 . 2008-05-28 00:24 -------- d-----w- c:\program files\Common Files\Apple
2009-10-12 10:22 . 2006-03-26 07:02 -------- d-----w- c:\program files\QuickTime
2009-10-12 10:15 . 2009-10-12 10:15 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-07 03:14 . 2009-10-07 03:14 34816 ----a-w- c:\windows\system32\drivers\rootrepeal2.sys
2009-09-29 20:18 . 2007-03-29 15:05 -------- d--h--w- c:\documents and settings\Stalin\Application Data\Move Networks
2009-09-29 18:04 . 2009-09-29 18:04 127872 ----a-w- c:\documents and settings\Stalin\Application Data\Move Networks\uninstall.exe
2009-09-29 18:04 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Stalin\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-29 18:04 . 2009-09-29 18:04 1686272 ----a-w- c:\documents and settings\Stalin\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-21 04:43 . 2006-12-26 07:25 3532 ----a-w- C:\drmHeader.bin
2009-09-17 17:48 . 2009-04-10 10:49 134824 ----a-w- c:\documents and settings\Stalin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 23:06 . 2008-12-04 15:30 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-10 19:54 . 2008-10-26 03:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-10-26 03:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 23:42 . 2009-03-13 12:27 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-05-28 00:24 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 21:52 . 2009-08-26 21:52 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-26 20:04 . 2009-07-26 20:04 3 ----a-w- c:\program files\option.txt
2009-06-16 16:51 . 2009-06-16 16:51 184 ----a-w- c:\program files\enbkeucr.txt
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
1998-02-10 22:34 . 2003-04-27 23:28 128000 ----a-w- c:\program files\UNWISE.EXE
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-01 11:01 . 2009-07-01 11:01 2 --shatr- c:\windows\winstart.bat
2005-03-03 14:32 . 2005-03-03 14:32 8 --sh--r- c:\windows\SYSTEM32\2DCF67683C.sys
2006-02-03 20:27 . 2006-02-03 20:27 8 --sh--r- c:\windows\SYSTEM32\3DFC85E35C.sys
2005-01-03 17:46 . 2005-01-03 17:46 8 --sh--r- c:\windows\SYSTEM32\582BB65567.sys
2004-12-21 03:07 . 2004-12-20 22:10 56 --sh--r- c:\windows\SYSTEM32\592EAD6BBC.sys
2007-08-05 00:21 . 2007-08-05 00:07 88 --sh--r- c:\windows\SYSTEM32\5CE385FC3D.sys
2008-07-29 09:48 . 2006-03-15 21:32 5486 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2009-11-20_10.41.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 22:45 . 2001-08-17 18:51 3328 c:\windows\SYSTEM32\DLLCACHE\pciide.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAB"="c:\documents and settings\Stalin\Application Data\Macromedia\Common\dff7e03819.exe" [2009-11-21 18432]
"rundll32.exe"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
backup=c:\windows\pss\America Online Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stalin^Start Menu^Programs^Startup^AdDestroyer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stalin^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stalin^Start Menu^Programs^Startup^Pagoo.lnk]
backup=c:\windows\pss\Pagoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stalin^Start Menu^Programs^Startup^Virtual Bouncer.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)
"PDFCreatorMessages"=2 (0x2)
"iPodService"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"_IOMEGA_ACTIVE_DISK_SERVICE_"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"idsvc"=3 (0x3)
"scardsvrscardsvr"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"WANMiniportService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0zzz\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\RPEX\\RPEXUpdate.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"7178:TCP"= 7178:TCP:Update
"4001:TCP"= 4001:TCP:Windows Live Messenger
"5509:TCP"= 5509:TCP:Adobe Acrobat
"6975:TCP"= 6975:TCP:Automatic Updates

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [4/4/2009 8:18 PM 64160]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [7/28/2003 3:50 PM 17792]
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [4/9/2009 7:29 AM 721904]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\SYSTEM32\DRIVERS\rt2870.sys [12/14/2007 5:04 PM 551680]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 srenum;srenum;c:\windows\SYSTEM32\DRIVERS\srenum.sys [11/15/2009 5:07 PM 36480]
S3 rootrepeal2;rootrepeal2;c:\windows\SYSTEM32\DRIVERS\rootrepeal2.sys [10/6/2009 10:14 PM 34816]
S3 USBFVNETA;Wireless USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\vnetusba.sys [12/3/2001 6:40 PM 69504]
S3 USBFVNETA_XP;Instant Wireless USB Network Adapter ver.2.0 Driver;c:\windows\SYSTEM32\DRIVERS\vnetusbxp.sys [1/2/2002 12:02 AM 69248]
S3 wlluc51;Wireless LAN USB Driver;c:\windows\SYSTEM32\DRIVERS\wlluc51.sys [1/17/2002 8:43 AM 175104]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uiztjzcf
.
Contents of the 'Scheduled Tasks' folder

2009-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-11-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-11-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{4821F9CD-5027-44C5-B37A-F965D8E68069}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Furl It - http://www.furl.net/resources/rightClick.jsp
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Open with WordPerfect - h:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: StumbleUpon: &Blog This - StumbleUponIEBar.dll/blogimage
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Stalin\Application Data\Mozilla\Firefox\Profiles\default.5ze\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.livejournal.com/editjournal.bml
FF - plugin: c:\documents and settings\Stalin\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iomdisk.sys hal.dll atapi.sys spjo.sys >>UNKNOWN [0x83391938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857af28
\Driver\ACPI -> ACPI.sys @ 0xf83d4cb8
\Driver\atapi -> atapi.sys @ 0xf838fb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF838FB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Iomega Activity Disk2]
"ImagePath"=""""
.
Completion time: 2009-11-20 20:37
ComboFix-quarantined-files.txt 2009-11-21 01:36
ComboFix2.txt 2009-11-20 23:31
ComboFix3.txt 2009-11-20 10:54
ComboFix4.txt 2009-10-07 09:27

Pre-Run: 10,620,133,376 bytes free
Post-Run: 10,576,625,664 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 9A40053C84138B74EA9BB9D68A6F1060



Find Syd Lexia on: Twitter - Facebook - Tumblr - MySpace - == LIKE SYDLEXIA.COM ON FACEBOOK ==
 
View user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
Hacker
Banned
Joined: Sep 13 2008
PostPosted: Nov 20 2009 10:04 pm Reply with quote Back to top

If you can't wait for GP's expertise then do this

1.restart your computer
2.press f8 until you get to a menu
3.scroll over and press enter on safe mode
4.click the now visible administrator account
5.Run malwarebytes and other antivirus stuff from there



 
View user's profileSend private message
Doddsino
Joined: Oct 01 2009
PostPosted: Nov 20 2009 10:13 pm Reply with quote Back to top

I'm having the same fucking problems...it took 3 minutes to close one fucking window and there are errors every time I do so. Norton automatically started up and seems to be running in circles.
View user's profileSend private message
GPFontaine
Joined: Dec 06 2007
Location: Connecticut
PostPosted: Nov 20 2009 10:13 pm Reply with quote Back to top

Dear god Syd... wtf did you do? I'm gonna take some time to read through that. In the future have your problems occur during the week instead of on my weekends ;-P



 
View user's profileSend private messageVisit poster's website
GPFontaine
Joined: Dec 06 2007
Location: Connecticut
PostPosted: Nov 20 2009 10:23 pm Reply with quote Back to top

Syd,

Step 0:
Run CHKDSK C: /r

Lets make sure you don't have hard disk corruption.

Step 1:
http://history.sydlexia.com/index.php?title=How_to_remove_a_virus

Don't post the log, the "Report" file at the end will tell you if you have viruses (it is fucking huge so open it in Wordpad, not notepad)

Step 2:
If you can, I would like you to download, install and run SuperAntiSpyware
http://superantispyware.com/superantispyware.html

The free version is fine.

I want you to run a full scan and then at the end save the log and post it. put it in CODE brackets.

Step 3:
Try to get ccleaner, install and run it.

Step 4: Try to uninstall malwarebytes and then try to reinstall it, run it and post the log.

Lets see how this works for ya.



 
View user's profileSend private messageVisit poster's website
sidewaydriver
2010 SLF Tag Champ
Title: ( &#865;� &#8
Joined: May 11 2008
PostPosted: Nov 20 2009 11:31 pm Reply with quote Back to top

System32, you must delete it.


Shake it, Quake it, Space Kaboom.
 
View user's profileSend private message
Hacker
Banned
Joined: Sep 13 2008
PostPosted: Nov 20 2009 11:59 pm Reply with quote Back to top

Image



 
View user's profileSend private message
Ermac
Title: Thread Killer
Joined: Aug 04 2008
Location: Outworld
PostPosted: Nov 21 2009 12:01 am Reply with quote Back to top

if you want a version of XP that runs fast...

Try and find: TinyXP Rev09 eXPerience

if all else fails use fire


Image
 
View user's profileSend private messageAIM Address
FNJ
2010 SLF Tag Champ
Joined: Jun 07 2006
PostPosted: Nov 21 2009 02:11 am Reply with quote Back to top

Syd Lexia wrote:
So I don't know what I did, but my computer is slightly fucked up. It's running slow, and whatever I have is fucking with my antivirus stuff. When I try to update Malwarebytes, it hangs indefinitely. If I try and run it, I get "system resource" errors until it crashes. Same deal with Spybot. I ran ComboFix, and that removed some stuff, but it hasn't fixed the problems. Here are the ComboFix results:

ComboFix 09-11-20.02 - Stalin 11/20/2009 20:01.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.180 [GMT -5:00]
Running from: F:\KimboFixx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msacm32.drv
c:\windows\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 01:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-21 01:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-17 11:32 . 2009-11-20 06:44 104960 ----a-w- c:\documents and settings\Stalin\Application Data\Macromedia\Common\dff7e0381.dll
2009-11-15 22:07 . 2009-11-15 22:07 36480 ----a-w- c:\windows\system32\drivers\srenum.sys
2009-11-15 22:07 . 2009-11-15 22:07 77824 ----a-w- c:\windows\system32\drvsign.exe
2009-11-15 22:07 . 2009-11-15 22:07 20480 ----a-w- c:\windows\system32\ndisrd.sys
2009-11-15 22:07 . 2009-11-15 22:07 13824 ----a-w- c:\windows\system32\snetcfg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 00:59 . 2009-11-17 11:32 18432 ----a-w- c:\documents and settings\Stalin\Application Data\Macromedia\Common\dff7e03819.exe
2009-11-21 00:18 . 2009-11-20 23:42 18432 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Common\dff7e03819.exe
2009-11-21 00:09 . 2008-10-26 03:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 23:51 . 2009-11-20 23:51 104960 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Common\dff7e0381.dll
2009-11-20 10:09 . 2009-11-20 10:09 389120 ----a-w- c:\windows\system32\CF19824.exe
2009-11-20 04:31 . 2008-10-26 03:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 05:01 . 2004-12-27 00:37 1033728 ------w- c:\windows\explorer.exe
2009-11-06 14:20 . 2009-04-09 12:29 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-06 13:00 . 2005-01-11 16:19 -------- d-----w- c:\program files\mIRC
2009-11-01 00:54 . 2003-01-10 04:57 -------- d-----w- c:\program files\DivX
2009-11-01 00:53 . 2009-03-15 21:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-23 14:45 . 2006-07-29 17:24 -------- d-----w- c:\documents and settings\Stalin\Application Data\Apple Computer
2009-10-12 10:27 . 2009-10-12 10:25 -------- d-----w- c:\program files\iTunes
2009-10-12 10:27 . 2009-10-12 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-12 10:26 . 2009-10-12 10:26 -------- d-----w- c:\program files\iPod
2009-10-12 10:26 . 2008-05-28 00:24 -------- d-----w- c:\program files\Common Files\Apple
2009-10-12 10:22 . 2006-03-26 07:02 -------- d-----w- c:\program files\QuickTime
2009-10-12 10:15 . 2009-10-12 10:15 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-07 03:14 . 2009-10-07 03:14 34816 ----a-w- c:\windows\system32\drivers\rootrepeal2.sys
2009-09-29 20:18 . 2007-03-29 15:05 -------- d--h--w- c:\documents and settings\Stalin\Application Data\Move Networks
2009-09-29 18:04 . 2009-09-29 18:04 127872 ----a-w- c:\documents and settings\Stalin\Application Data\Move Networks\uninstall.exe
2009-09-29 18:04 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Stalin\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-29 18:04 . 2009-09-29 18:04 1686272 ----a-w- c:\documents and settings\Stalin\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll

C-C-C-COMBO BREAKER!!!

2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-21 04:43 . 2006-12-26 07:25 3532 ----a-w- C:\drmHeader.bin
2009-09-17 17:48 . 2009-04-10 10:49 134824 ----a-w- c:\documents and settings\Stalin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 23:06 . 2008-12-04 15:30 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-10 19:54 . 2008-10-26 03:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-10-26 03:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 23:42 . 2009-03-13 12:27 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-05-28 00:24 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 21:52 . 2009-08-26 21:52 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-26 20:04 . 2009-07-26 20:04 3 ----a-w- c:\program files\option.txt
2009-06-16 16:51 . 2009-06-16 16:51 184 ----a-w- c:\program files\enbkeucr.txt
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
1998-02-10 22:34 . 2003-04-27 23:28 128000 ----a-w- c:\program files\UNWISE.EXE
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-01 11:01 . 2009-07-01 11:01 2 --shatr- c:\windows\winstart.bat
2005-03-03 14:32 . 2005-03-03 14:32 8 --sh--r- c:\windows\SYSTEM32\2DCF67683C.sys
2006-02-03 20:27 . 2006-02-03 20:27 8 --sh--r- c:\windows\SYSTEM32\3DFC85E35C.sys
2005-01-03 17:46 . 2005-01-03 17:46 8 --sh--r- c:\windows\SYSTEM32\582BB65567.sys
2004-12-21 03:07 . 2004-12-20 22:10 56 --sh--r- c:\windows\SYSTEM32\592EAD6BBC.sys
2007-08-05 00:21 . 2007-08-05 00:07 88 --sh--r- c:\windows\SYSTEM32\5CE385FC3D.sys
2008-07-29 09:48 . 2006-03-15 21:32 5486 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2009-11-20_10.41.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 22:45 . 2001-08-17 18:51 3328 c:\windows\SYSTEM32\DLLCACHE\pciide.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAB"="c:\documents and settings\Stalin\Application Data\Macromedia\Common\dff7e03819.exe" [2009-11-21 18432]
"rundll32.exe"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
backup=c:\windows\pss\America Online Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stalin^Start Menu^Programs^Startup^AdDestroyer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stalin^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stalin^Start Menu^Programs^Startup^Pagoo.lnk]
backup=c:\windows\pss\Pagoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stalin^Start Menu^Programs^Startup^Virtual Bouncer.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)
"PDFCreatorMessages"=2 (0x2)
"iPodService"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"_IOMEGA_ACTIVE_DISK_SERVICE_"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"idsvc"=3 (0x3)
"scardsvrscardsvr"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"WANMiniportService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0zzz\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\RPEX\\RPEXUpdate.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"7178:TCP"= 7178:TCP:Update
"4001:TCP"= 4001:TCP:Windows Live Messenger
"5509:TCP"= 5509:TCP:Adobe Acrobat
"6975:TCP"= 6975:TCP:Automatic Updates

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [4/4/2009 8:18 PM 64160]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [7/28/2003 3:50 PM 17792]
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [4/9/2009 7:29 AM 721904]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\SYSTEM32\DRIVERS\rt2870.sys [12/14/2007 5:04 PM 551680]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 srenum;srenum;c:\windows\SYSTEM32\DRIVERS\srenum.sys [11/15/2009 5:07 PM 36480]
S3 rootrepeal2;rootrepeal2;c:\windows\SYSTEM32\DRIVERS\rootrepeal2.sys [10/6/2009 10:14 PM 34816]
S3 USBFVNETA;Wireless USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\vnetusba.sys [12/3/2001 6:40 PM 69504]
S3 USBFVNETA_XP;Instant Wireless USB Network Adapter ver.2.0 Driver;c:\windows\SYSTEM32\DRIVERS\vnetusbxp.sys [1/2/2002 12:02 AM 69248]
S3 wlluc51;Wireless LAN USB Driver;c:\windows\SYSTEM32\DRIVERS\wlluc51.sys [1/17/2002 8:43 AM 175104]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uiztjzcf
.
Contents of the 'Scheduled Tasks' folder

2009-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-11-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-11-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{4821F9CD-5027-44C5-B37A-F965D8E68069}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Furl It - http://www.furl.net/resources/rightClick.jsp
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Open with WordPerfect - h:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: StumbleUpon: &Blog This - StumbleUponIEBar.dll/blogimage
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Stalin\Application Data\Mozilla\Firefox\Profiles\default.5ze\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.livejournal.com/editjournal.bml
FF - plugin: c:\documents and settings\Stalin\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iomdisk.sys hal.dll atapi.sys spjo.sys >>UNKNOWN [0x83391938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857af28
\Driver\ACPI -> ACPI.sys @ 0xf83d4cb8
\Driver\atapi -> atapi.sys @ 0xf838fb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF838FB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF838FB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Iomega Activity Disk2]
"ImagePath"=""""
.
Completion time: 2009-11-20 20:37
ComboFix-quarantined-files.txt 2009-11-21 01:36
ComboFix2.txt 2009-11-20 23:31
ComboFix3.txt 2009-11-20 10:54
ComboFix4.txt 2009-10-07 09:27

Pre-Run: 10,620,133,376 bytes free
Post-Run: 10,576,625,664 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 9A40053C84138B74EA9BB9D68A6F1060



I see what the problem is. The problem is Combofix. I colored it blue so you can see it. ^


Image
 
View user's profileSend private message
Blackout
Title: Captain Oblivious
Joined: Sep 01 2007
Location: That Rainy State
PostPosted: Nov 21 2009 03:11 am Reply with quote Back to top

(I'm a fucking jackass.) Laughing



 
View user's profileSend private messageAIM AddressYahoo MessengerMSN Messenger
RegalSoul
Banned
Joined: Oct 09 2009
PostPosted: Nov 21 2009 06:51 am Reply with quote Back to top

Well I would

uninstall all virus programs
check for any unwanted startup programs
remove them from the startup list
downgrade to windows 98/ME/ or even 95
Punch William (Bill) Gates in the face for tricking you into buying a crappy operating system.
View user's profileSend private message
username
Title: owner of a lonely heart
Joined: Jul 06 2007
Location: phoenix, az usa
PostPosted: Nov 21 2009 12:35 pm Reply with quote Back to top

its your flux capacitor.

on a related note, i think my vid card died. the fan wont turn when i turn on my comp, and i get nothing on the monitor. normally when i turn it on, i would get the 3 little birds on the corner, and i would get the green power light to turn on. now i get nothing on the monitor.

so, either my monitor died, or my vid card died. or everything died and i have a zombie comp. this sucks. i was going to finish the incredible machine


Klimbatize wrote:
I'll eat a turkey sandwich while blowing my load

 
View user's profileSend private messageAIM AddressYahoo MessengerMSN Messenger
Syd Lexia
Site Admin
Title: Pop Culture Junkie
Joined: Jul 30 2005
Location: Wakefield, MA
PostPosted: Nov 21 2009 12:42 pm Reply with quote Back to top

I went into Safe Mode and used Task Manager to shut down ever single visible user-run process (including Explorer) and ran ComboFix again. Then I tried updating and running Malwarebytes again and it worked, removing three or four bad things. I am not sure if I am at 100%, but I am a functional level, so I'll save the new logs and such for the weekdays.



Find Syd Lexia on: Twitter - Facebook - Tumblr - MySpace - == LIKE SYDLEXIA.COM ON FACEBOOK ==
 
View user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
Doddsino
Joined: Oct 01 2009
PostPosted: Nov 22 2009 01:05 am Reply with quote Back to top

Yeah, I have a fucking problem. I clicked on that wristband thread and about 100 videos fucking popped up and completely slowed the shit out of my computer. I'm not usually the type to call someone out, but fucking ban that piece of shit.
View user's profileSend private message
Ermac
Title: Thread Killer
Joined: Aug 04 2008
Location: Outworld
PostPosted: Nov 22 2009 04:24 am Reply with quote Back to top

Syd Lexia wrote:
I went into Safe Mode and used Task Manager to shut down ever single visible user-run process (including Explorer) and ran ComboFix again. Then I tried updating and running Malwarebytes again and it worked, removing three or four bad things. I am not sure if I am at 100%, but I am a functional level, so I'll save the new logs and such for the weekdays.


the easiest way would have been to download the link I gave you and burn it to a CD.


Image
 
View user's profileSend private messageAIM Address
Syd Lexia
Site Admin
Title: Pop Culture Junkie
Joined: Jul 30 2005
Location: Wakefield, MA
PostPosted: Nov 22 2009 08:17 am Reply with quote Back to top

Doddsino wrote:
Yeah, I have a fucking problem. I clicked on that wristband thread and about 100 videos fucking popped up and completely slowed the shit out of my computer. I'm not usually the type to call someone out, but fucking ban that piece of shit.

Ask and ye shall receive.



Find Syd Lexia on: Twitter - Facebook - Tumblr - MySpace - == LIKE SYDLEXIA.COM ON FACEBOOK ==
 
View user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
Blackout
Title: Captain Oblivious
Joined: Sep 01 2007
Location: That Rainy State
PostPosted: Nov 22 2009 11:51 am Reply with quote Back to top

Syd wins, BANALITY



 
View user's profileSend private messageAIM AddressYahoo MessengerMSN Messenger
BruceSmith
Joined: Nov 29 2009
PostPosted: Dec 01 2009 12:38 am Reply with quote Back to top

Hello,
The problem seems really bad.
The problem you faced is because of deletion of files by your antivirus or malware.
As per my knowledge what you have to do is reinstall the operating system.
Don't waste you time in safe mode or any other thing.
I got this problem many times and always there is one option that is to Install the operating system.


camcorder taschen
 
View user's profileSend private message
Display posts from previous:      
Reply to topic

 
 Jump to:   

SydLexia.com :: Credits