|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-12-2007, 12:19 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 17
OS: xp service pack 2
|
System32 folder's in quarantine - Log
Last week my computer got infected by around 11 viruses, 7 of this troyans. I scanned it with my antivirus and it detected 11 more viruses in my system32 folder, all moved to quarantine or deleted. I did a scan with ComboFix and it detected around 11 files that were infected including 7 of the system32 folders, all of this were moved to quarantine. I really want to know if this is a serious problem or if it has a better solution that just restarting my whole system.
Heres is my activescan log: Incident Status Location Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eunice\Cookies\eunice@atwola[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Eunice\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Eunice\Desktop\ComboFix.exe[nircmd.cfexe] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.fastclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.xiti.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.zedo.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.atdmt.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.2o7.net/] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[Beyond.class] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Eunice Nieves\Cookies\eunice nieves@azjmp[2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Eunice Nieves\Cookies\eunice nieves@i.screensavers[2].txt Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\rev1\gbb83122.exe.vir Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ssqrrpq.dll.vir Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\vtuttrr.dll.vir Virus:Generic Malware Disinfected C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP268\A0070080.dll Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Adware:Adware/Amera Not disinfected C:\WINDOWS\system32\abc2\aisven2.exe[ISMPack6.exe] Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\system32\closeapp.exe Last edited by Ecinue; 10-12-2007 at 12:21 PM. |
|
     |
| Sponsored Links |
|
10-12-2007, 12:24 PM
|
#2 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 17
OS: xp service pack 2
|
Re: System32 folder's in quarantine - Log
Here's the DSS log:
Deckard's System Scanner v20070905.67 Run by Eunice on 2007-10-12 15  26Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 11: 2007-10-12 19 44 UTC - RP11 - Deckard's System Scanner Restore Point10: 2007-10-12 09:22:47 UTC - RP10 - System Checkpoint 9: 2007-10-10 19:01:48 UTC - RP9 - ComboFix created restore point 8: 2007-10-09 22:49:32 UTC - RP8 - Software Distribution Service 3.0 7: 2007-10-09 13:02:28 UTC - RP7 - System Checkpoint -- First Restore Point -- 1: 2007-10-05 21:52:35 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. Percentage of Memory in Use: 78% (more than 75%). Total Physical Memory: 248 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-10-12 15:09:01 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16544) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\bcmntray.EXE C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\HPQ\Shared\hpqwmi.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\RocketDock\RocketDock.exe C:\Documents and Settings\Eunice\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gaiaonline.com/ R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {37F0F8AE-AC34-462C-9EAE-D5E961ABF59B} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKEY_LOCAL_MACHINE\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKEY_LOCAL_MACHINE\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKEY_LOCAL_MACHINE\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKEY_LOCAL_MACHINE\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKEY_LOCAL_MACHINE\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.amaena.com (HKCU) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/ca..._2.3.3.102.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162464816078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: ssqrrpq - C:\WINDOWS\system32\ O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - "C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 ClntMgmt.sys - c:\windows\system32\drivers\clntmgmt.sys <Not Verified; Hewlett-Packard; Client Management Driver> R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3> R2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver> S3 catchme - c:\docume~1\eunice\locals~1\temp\catchme.sys (file missing) S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing) S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) S3 XDva004 - c:\windows\system32\xdva004.sys (file missing) S3 XIRLINK (Veo PC Camera) - c:\windows\system32\drivers\ucdnt.sys <Not Verified; Xirlink, Inc; Xirlink Digital Video PC Camera> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module> S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server> S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-10-05 17:26:36 392 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job -- Files created between 2007-09-12 and 2007-10-12 ----------------------------- 2007-10-12 01:12:37 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-12 01:12:32 0 d-------- C:\WINDOWS\LastGood 2007-10-10 13:54:33 313888 --a------ C:\WINDOWS\system32\jkkjk.dll 2007-10-10 00:57:18 313888 --a------ C:\WINDOWS\system32\pmkhf.dll 2007-10-09 16:56:29 303648 --a------ C:\WINDOWS\system32\mllmj.dll 2007-10-09 14:56:23 303648 --a------ C:\WINDOWS\system32\ddayv.dll 2007-10-09 13:56:22 303648 --a------ C:\WINDOWS\system32\jkhfg.dll 2007-10-06 13:26:52 0 d-------- C:\Documents and Settings\Eunice\Application Data\Printer Info Cache 2007-10-05 19:11:18 0 d-------- C:\Program Files\DIFX 2007-10-05 19:04:36 0 d-------- C:\Program Files\Common Files\Pure Networks Shared 2007-10-05 19:04:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks 2007-10-05 19:03:08 0 d-------- C:\Program Files\Pure Networks 2007-10-04 15:42:36 0 d-------- C:\Documents and Settings\Eunice\Application Data\Grisoft 2007-10-04 14:35:38 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-10-04 13:54:12 0 d-------- C:\Documents and Settings\Eunice\Application Data\WinPatrol 2007-10-04 13:53:38 0 d-------- C:\Program Files\BillP Studios 2007-10-04 06:55:12 0 d-------- C:\Documents and Settings\Eunice\Application Data\WinRAR 2007-10-04 00:48:37 0 dr-h----- C:\$VAULT$.AVG 2007-10-03 22:35:56 0 d-------- C:\Documents and Settings\Eunice\Application Data\AVG7 2007-10-03 22:35:25 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7 2007-10-03 22:34:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft 2007-10-03 22:34:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7 2007-10-03 22:10:31 0 d-------- C:\Program Files\Temporary 2007-10-03 22:07:00 0 d-------- C:\WINDOWS\system32\abc2 2007-10-03 22 13 0 d-------- C:\WINDOWS\system32\ep12007-10-03 22:05:40 0 d-------- C:\WINDOWS\system32\vMW02a 2007-10-03 22:05:39 0 d-------- C:\Temp 2007-10-03 22:00:06 0 d-------- C:\Documents and Settings\Eunice\.java 2007-09-26 02:11:22 0 d-------- C:\Documents and Settings\Eunice\Application Data\Ventrilo 2007-09-26 02 34 0 d-------- C:\Program Files\Ventrilo2007-09-12 22:40:47 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems 2007-09-12 22:40:01 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared -- Find3M Report --------------------------------------------------------------- 2007-10-12 02:54:30 0 d-------- C:\Program Files\RocketDock 2007-10-12 02:47:03 0 d-------- C:\Program Files\LClock 2007-10-12 02:45:36 0 d-------- C:\Program Files\iTunes 2007-10-06 18:58:10 0 d-------- C:\Documents and Settings\Eunice\Application Data\Screenshot Sender 2007-10-06 13:27:10 0 d-------- C:\Documents and Settings\Eunice\Application Data\Image Zone Express 2007-10-05 19:04:36 0 d-------- C:\Program Files\Common Files 2007-10-04 16:35:39 0 d-------- C:\Documents and Settings\Eunice\Application Data\Azureus 2007-10-04 14:31:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-04 00:48:40 0 d-------- C:\Documents and Settings\Eunice\Application Data\load else ooze 2007-10-03 23:53:19 0 d-------- C:\Program Files\Yahoo! 2007-10-03 22:03:52 0 d-------- C:\Program Files\Azureus 2007-09-29 04:29:59 0 d-------- C:\Program Files\Legacy Online 2007-09-15 13:04:37 0 d-------- C:\Documents and Settings\Eunice\Application Data\Adobe 2007-09-15 11:42:30 0 d-------- C:\Documents and Settings\Eunice\Application Data\AdobeUM 2007-09-12 22:46:10 0 d-------- C:\Program Files\Common Files\Adobe 2007-09-12 00:40:22 0 d-------- C:\Program Files\StepMania 2007-08-31 12:55:39 0 d-------- C:\Documents and Settings\Eunice\Application Data\Yahoo! 2007-08-22 10:44:11 0 d-------- C:\Program Files\In The Groove 2007-08-22 10:30:14 0 d-------- C:\Program Files\DAEMON Tools 2007-08-14 10:43:41 0 d-------- C:\Program Files\MSXML 6.0 2007-08-12 17:07:04 0 d-------- C:\Documents and Settings\Eunice\Application Data\MySpace -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37F0F8AE-AC34-462C-9EAE-D5E961ABF59B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 09:11 AM] "AGRSMMSG"="AGRSMMSG.exe" [04/13/2005 09:12 AM C:\WINDOWS\AGRSMMSG.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/20/2005 07:50 AM] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [09/07/2004 04:28 PM] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/08/2004 08:23 PM] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\bcmntray" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM] "Glass2k"="C:\Program Files\Glass2k\Glass2k.exe" [12/12/2003 11:43 PM] "LClock"="C:\Program Files\LClock\LClock.exe" [09/20/2004 01:27 AM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/03/2007 10:34 PM] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [09/07/2007 12:13 PM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [11/01/2006 12:04 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [03/19/2007 12:05 AM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/27/2007 04:19 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"= C:\WINDOWS\system32\ssqrrpq.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrrpq] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe "Persistence"=C:\WINDOWS\system32\igfxpers.exe "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start "WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1998dde-c68e-11db-a88f-0014a514a058}] AutoRun\command- F:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-10-12 15:11:25 ------------ Last edited by Ecinue; 10-12-2007 at 12:27 PM. |
|
|
|
|
10-13-2007, 05:39 PM
|
#3 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
Delete any existing copies of ComboFix
Then grab an updated copy from here > http://download.bleepingcomputer.com...a/ComboFix.exe Run it & show me the resultant log
__________________
|
|
|
|
|
10-14-2007, 01:13 PM
|
#4 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 17
OS: xp service pack 2
|
Re: System32 folder's in quarantine - Log
Ok I did the scan with ComboFix and this are the results:
ComboFix 07-10-14.4 - Eunice 2007-10-14 16:01:21.2 - NTFSx86 Script execution time was exceeded on script "C:\ComboFix\osid.vbs". Script execution was terminated. Running from: C:\Documents and Settings\Eunice\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\xOe C:\Temp\xOe\tOasF.log C:\WINDOWS\system32\vMW02a . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-12 15:06 <DIR> d-------- C:\Deckard 2007-10-12 01:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-12 01:12 <DIR> d-------- C:\WINDOWS\LastGood 2007-10-10 15:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 16:49 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-06 13:26 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\Printer Info Cache 2007-10-05 19:11 <DIR> d-------- C:\Program Files\DIFX 2007-10-05 19:11 25,792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys 2007-10-05 19:10 26,944 --a------ C:\WINDOWS\system32\drivers\purendis.sys 2007-10-05 19:04 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared 2007-10-05 19:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks 2007-10-05 19:03 <DIR> d-------- C:\Program Files\Pure Networks 2007-10-04 15:42 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\Grisoft 2007-10-04 15:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-10-04 13:54 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\WinPatrol 2007-10-04 13:53 <DIR> d-------- C:\Program Files\BillP Studios 2007-10-03 22:35 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7 2007-10-03 22:35 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\AVG7 2007-10-03 22:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft 2007-10-03 22:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7 2007-10-03 22:10 <DIR> d-------- C:\Program Files\Temporary 2007-10-03 22:07 <DIR> d-------- C:\WINDOWS\system32\abc2 2007-10-03 22:06 <DIR> d-------- C:\WINDOWS\system32\ep1 2007-10-03 22:05 <DIR> d-------- C:\Temp 2007-10-03 22:00 <DIR> d-------- C:\Documents and Settings\Eunice\.java 2007-09-29 21:59 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-09-29 21:59 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2007-09-26 02:11 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\Ventrilo 2007-09-26 02:06 <DIR> d-------- C:\Program Files\Ventrilo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-12 21:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-12 06:54 --------- d-----w C:\Program Files\RocketDock 2007-10-12 06:47 --------- d-----w C:\Program Files\LClock 2007-10-12 06:45 --------- d-----w C:\Program Files\iTunes 2007-10-09 23:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\hpqwmi 2007-10-09 23:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2007-10-06 22:58 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Screenshot Sender 2007-10-06 17:27 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Image Zone Express 2007-10-04 20:35 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Azureus 2007-10-04 04:48 --------- d-----w C:\Documents and Settings\Eunice\Application Data\load else ooze 2007-10-04 04:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\loadcopydatajunk 2007-10-04 03:53 --------- d-----w C:\Program Files\Yahoo! 2007-10-04 02:03 --------- d-----w C:\Program Files\Azureus 2007-09-29 08:29 --------- d-----w C:\Program Files\Legacy Online 2007-09-15 15:42 --------- d-----w C:\Documents and Settings\Eunice\Application Data\AdobeUM 2007-09-13 02:46 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-13 02:40 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-09-13 02:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems 2007-08-31 16:55 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Yahoo! 2007-08-31 02:13 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! 2007-08-22 14:44 --------- d-----w C:\Program Files\In The Groove 2007-08-22 14:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-14 14:43 --------- d-----w C:\Program Files\MSXML 6.0 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-01-05 03:29 32 -c--a-r C:\Documents and Settings\All Users\hash.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37F0F8AE-AC34-462C-9EAE-D5E961ABF59B}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 09:12 C:\WINDOWS\AGRSMMSG.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 07:50] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 16:28] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 20:23] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\bcmntray" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "Glass2k"="C:\Program Files\Glass2k\Glass2k.exe" [2003-12-12 23:43] "LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-03 22:34] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-07 12:13] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-27 16:19] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrrpq] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe "Persistence"=C:\WINDOWS\system32\igfxpers.exe "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start "WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime R1 ClntMgmt.sys;ClntMgmt.sys;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1998dde-c68e-11db-a88f-0014a514a058}] AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-10-12 21:20:24 C:\WINDOWS\Tasks\1-Click Maintenance.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 16:09:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????1?2?8?4??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-14 16:10:22 C:\ComboFix2.txt ... 2007-10-10 15:25 . --- E O F --- Additionally my computer crashed the internet. It appeared connected but it wasn't working. |
|
|
|
|
10-14-2007, 01:41 PM
|
#5 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
Open notepad and copy/paste the text in the quotebox below into it:
Code:
Folder::
C:\Program Files\Temporary
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\ep1
C:\Documents and Settings\Eunice\Application Data\load else ooze
C:\Documents and Settings\All Users.WINDOWS\Application Data\loadcopydatajunk
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37F0F8AE-AC34-462C-9EAE-D5E961ABF59B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrrpq]
 Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. --------------- Click here perform an online scan >> Online Scanner --------------- In your next post, please include fresh logs from:
__________________
|
|
|
|
|
10-14-2007, 05:37 PM
|
#6 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 17
OS: xp service pack 2
|
Re: System32 folder's in quarantine - Log
This is the HiJackThis log:
Deckard's System Scanner v20070905.67 Run by Eunice on 2007-10-14 20:11:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 85% (more than 75%). Total Physical Memory: 248 MiB (512 MiB recommended). -- HijackThis (run as Eunice.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:12:54 PM, on 10/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\bcmntray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\HPQ\Shared\hpqwmi.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Eunice\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Eunice.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gaiaonline.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: *.amaena.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.3.102.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162464816078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 8948 bytes -- Files created between 2007-09-14 and 2007-10-14 ----------------------------- 2007-10-14 20:12:19 0 d-------- C:\Program Files\Trend Micro 2007-10-14 17:17:25 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2007-10-14 17:17:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-12 01:12:37 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-12 01:12:32 0 d-------- C:\WINDOWS\LastGood 2007-10-06 13:26:52 0 d-------- C:\Documents and Settings\Eunice\Application Data\Printer Info Cache 2007-10-05 19:11:18 0 d-------- C:\Program Files\DIFX 2007-10-05 19:04:36 0 d-------- C:\Program Files\Common Files\Pure Networks Shared 2007-10-05 19:04:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks 2007-10-05 19:03:08 0 d-------- C:\Program Files\Pure Networks 2007-10-04 15:42:36 0 d-------- C:\Documents and Settings\Eunice\Application Data\Grisoft 2007-10-04 13:54:12 0 d-------- C:\Documents and Settings\Eunice\Application Data\WinPatrol 2007-10-04 13:53:38 0 d-------- C:\Program Files\BillP Studios 2007-10-04 06:55:12 0 d-------- C:\Documents and Settings\Eunice\Application Data\WinRAR 2007-10-04 00:48:37 0 dr-h----- C:\$VAULT$.AVG 2007-10-03 22:35:56 0 d-------- C:\Documents and Settings\Eunice\Application Data\AVG7 2007-10-03 22:35:25 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7 2007-10-03 22:34:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft 2007-10-03 22:34:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7 2007-10-03 22:05:39 0 d-------- C:\Temp 2007-10-03 22:00:06 0 d-------- C:\Documents and Settings\Eunice\.java 2007-09-26 02:11:22 0 d-------- C:\Documents and Settings\Eunice\Application Data\Ventrilo 2007-09-26 02 34 0 d-------- C:\Program Files\Ventrilo-- Find3M Report --------------------------------------------------------------- 2007-10-12 17:30:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-12 02:54:30 0 d-------- C:\Program Files\RocketDock 2007-10-12 02:47:03 0 d-------- C:\Program Files\LClock 2007-10-12 02:45:36 0 d-------- C:\Program Files\iTunes 2007-10-06 18:58:10 0 d-------- C:\Documents and Settings\Eunice\Application Data\Screenshot Sender 2007-10-06 13:27:10 0 d-------- C:\Documents and Settings\Eunice\Application Data\Image Zone Express 2007-10-05 19:04:36 0 d-------- C:\Program Files\Common Files 2007-10-04 16:35:39 0 d-------- C:\Documents and Settings\Eunice\Application Data\Azureus 2007-10-03 23:53:19 0 d-------- C:\Program Files\Yahoo! 2007-10-03 22:03:52 0 d-------- C:\Program Files\Azureus 2007-09-29 04:29:59 0 d-------- C:\Program Files\Legacy Online 2007-09-15 13:04:37 0 d-------- C:\Documents and Settings\Eunice\Application Data\Adobe 2007-09-15 11:42:30 0 d-------- C:\Documents and Settings\Eunice\Application Data\AdobeUM 2007-09-12 22:46:10 0 d-------- C:\Program Files\Common Files\Adobe 2007-09-12 22:40:01 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-08-31 12:55:39 0 d-------- C:\Documents and Settings\Eunice\Application Data\Yahoo! 2007-08-22 10:44:11 0 d-------- C:\Program Files\In The Groove 2007-08-14 10:43:41 0 d-------- C:\Program Files\MSXML 6.0 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 09:11 AM] "AGRSMMSG"="AGRSMMSG.exe" [04/13/2005 09:12 AM C:\WINDOWS\AGRSMMSG.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/20/2005 07:50 AM] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [09/07/2004 04:28 PM] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/08/2004 08:23 PM] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\bcmntray" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM] "Glass2k"="C:\Program Files\Glass2k\Glass2k.exe" [12/12/2003 11:43 PM] "LClock"="C:\Program Files\LClock\LClock.exe" [09/20/2004 01:27 AM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/03/2007 10:34 PM] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [09/07/2007 12:13 PM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [11/01/2006 12:04 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [03/19/2007 12:05 AM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/27/2007 04:19 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe "Persistence"=C:\WINDOWS\system32\igfxpers.exe "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start "WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1998dde-c68e-11db-a88f-0014a514a058}] AutoRun\command- F:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-10-14 20:13:41 ------------ This is ComboFix log: ComboFix 07-10-14.4 - Eunice 2007-10-14 16:01:21.2 - NTFSx86 Script execution time was exceeded on script "C:\ComboFix\osid.vbs". Script execution was terminated. Running from: C:\Documents and Settings\Eunice\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\xOe C:\Temp\xOe\tOasF.log C:\WINDOWS\system32\vMW02a . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-12 15:06 <DIR> d-------- C:\Deckard 2007-10-12 01:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-12 01:12 <DIR> d-------- C:\WINDOWS\LastGood 2007-10-10 15:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 16:49 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-06 13:26 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\Printer Info Cache 2007-10-05 19:11 <DIR> d-------- C:\Program Files\DIFX 2007-10-05 19:11 25,792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys 2007-10-05 19:10 26,944 --a------ C:\WINDOWS\system32\drivers\purendis.sys 2007-10-05 19:04 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared 2007-10-05 19:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks 2007-10-05 19:03 <DIR> d-------- C:\Program Files\Pure Networks 2007-10-04 15:42 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\Grisoft 2007-10-04 15:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-10-04 13:54 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\WinPatrol 2007-10-04 13:53 <DIR> d-------- C:\Program Files\BillP Studios 2007-10-03 22:35 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7 2007-10-03 22:35 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\AVG7 2007-10-03 22:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft 2007-10-03 22:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7 2007-10-03 22:10 <DIR> d-------- C:\Program Files\Temporary 2007-10-03 22:07 <DIR> d-------- C:\WINDOWS\system32\abc2 2007-10-03 22:06 <DIR> d-------- C:\WINDOWS\system32\ep1 2007-10-03 22:05 <DIR> d-------- C:\Temp 2007-10-03 22:00 <DIR> d-------- C:\Documents and Settings\Eunice\.java 2007-09-29 21:59 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-09-29 21:59 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2007-09-26 02:11 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\Ventrilo 2007-09-26 02:06 <DIR> d-------- C:\Program Files\Ventrilo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-12 21:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-12 06:54 --------- d-----w C:\Program Files\RocketDock 2007-10-12 06:47 --------- d-----w C:\Program Files\LClock 2007-10-12 06:45 --------- d-----w C:\Program Files\iTunes 2007-10-09 23:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\hpqwmi 2007-10-09 23:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2007-10-06 22:58 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Screenshot Sender 2007-10-06 17:27 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Image Zone Express 2007-10-04 20:35 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Azureus 2007-10-04 04:48 --------- d-----w C:\Documents and Settings\Eunice\Application Data\load else ooze 2007-10-04 04:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\loadcopydatajunk 2007-10-04 03:53 --------- d-----w C:\Program Files\Yahoo! 2007-10-04 02:03 --------- d-----w C:\Program Files\Azureus 2007-09-29 08:29 --------- d-----w C:\Program Files\Legacy Online 2007-09-15 15:42 --------- d-----w C:\Documents and Settings\Eunice\Application Data\AdobeUM 2007-09-13 02:46 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-13 02:40 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-09-13 02:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems 2007-08-31 16:55 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Yahoo! 2007-08-31 02:13 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! 2007-08-22 14:44 --------- d-----w C:\Program Files\In The Groove 2007-08-22 14:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-14 14:43 --------- d-----w C:\Program Files\MSXML 6.0 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-01-05 03:29 32 -c--a-r C:\Documents and Settings\All Users\hash.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37F0F8AE-AC34-462C-9EAE-D5E961ABF59B}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 09:12 C:\WINDOWS\AGRSMMSG.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 07:50] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 16:28] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 20:23] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\bcmntray" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "Glass2k"="C:\Program Files\Glass2k\Glass2k.exe" [2003-12-12 23:43] "LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-03 22:34] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-07 12:13] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-27 16:19] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrrpq] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe "Persistence"=C:\WINDOWS\system32\igfxpers.exe "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start "WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime R1 ClntMgmt.sys;ClntMgmt.sys;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1998dde-c68e-11db-a88f-0014a514a058}] AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-10-12 21:20:24 C:\WINDOWS\Tasks\1-Click Maintenance.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 16:09:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????1?2?8?4??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-14 16:10:22 C:\ComboFix2.txt ... 2007-10-10 15:25 . --- E O F --- During the online scan my antivirus register an infection: C: System Volume Information\_restore\7572D66-EEA1-46BB-BBF5-E93C933DI354}RP7\A0000118.dll VIrus found Lop This appeared like more than 10 times and the last 3 numbers went up to 120. Last edited by Ecinue; 10-14-2007 at 05:42 PM. |
|
|
|
|
10-14-2007, 10:36 PM
|
#7 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
Quote:
Would also appreciate if you would post the log from the Kaspersky scan
__________________
|
|
|
|
|
|
10-15-2007, 12:15 AM
|
#8 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 17
OS: xp service pack 2
|
Re: System32 folder's in quarantine - Log
My bad theres 2 saved down the same date didn't quite noticed the time. Here's the right one. Additionally I putted the scan log as an attachment cause is too big to fit it here. Should I split it in 2 posts?
ComboFix 07-10-14.4 - Eunice 2007-10-14 16:55:35.3 - NTFSx86 Script execution time was exceeded on script "C:\ComboFix\osid.vbs". Script execution was terminated. Running from: C:\Documents and Settings\Eunice\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Eunice\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.WINDOWS\Application Data\loadcopydatajunk C:\Documents and Settings\All Users.WINDOWS\Application Data\loadcopydatajunk\ooze barb logo C:\Documents and Settings\Eunice\Application Data\load else ooze C:\Documents and Settings\Eunice\Application Data\load else ooze\A75008 C:\Program Files\Temporary C:\WINDOWS\system32\abc2 C:\WINDOWS\system32\abc2\aisven2.exe C:\WINDOWS\system32\ep1 . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-12 15:06 <DIR> d-------- C:\Deckard 2007-10-12 01:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-12 01:12 <DIR> d-------- C:\WINDOWS\LastGood 2007-10-10 15:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 16:49 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-06 13:26 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\Printer Info Cache 2007-10-05 19:11 <DIR> d-------- C:\Program Files\DIFX 2007-10-05 19:11 25,792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys 2007-10-05 19:10 26,944 --a------ C:\WINDOWS\system32\drivers\purendis.sys 2007-10-05 19:04 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared 2007-10-05 19:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks 2007-10-05 19:03 <DIR> d-------- C:\Program Files\Pure Networks 2007-10-04 15:42 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\Grisoft 2007-10-04 15:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-10-04 13:54 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\WinPatrol 2007-10-04 13:53 <DIR> d-------- C:\Program Files\BillP Studios 2007-10-03 22:35 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7 2007-10-03 22:35 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\AVG7 2007-10-03 22:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft 2007-10-03 22:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7 2007-10-03 22:05 <DIR> d-------- C:\Temp 2007-10-03 22:00 <DIR> d-------- C:\Documents and Settings\Eunice\.java 2007-09-29 21:59 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-09-29 21:59 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2007-09-26 02:11 <DIR> d-------- C:\Documents and Settings\Eunice\Application Data\Ventrilo 2007-09-26 02:06 <DIR> d-------- C:\Program Files\Ventrilo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-12 21:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-12 06:54 --------- d-----w C:\Program Files\RocketDock 2007-10-12 06:47 --------- d-----w C:\Program Files\LClock 2007-10-12 06:45 --------- d-----w C:\Program Files\iTunes 2007-10-09 23:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\hpqwmi 2007-10-09 23:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2007-10-06 22:58 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Screenshot Sender 2007-10-06 17:27 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Image Zone Express 2007-10-04 20:35 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Azureus 2007-10-04 03:53 --------- d-----w C:\Program Files\Yahoo! 2007-10-04 02:03 --------- d-----w C:\Program Files\Azureus 2007-09-29 08:29 --------- d-----w C:\Program Files\Legacy Online 2007-09-15 15:42 --------- d-----w C:\Documents and Settings\Eunice\Application Data\AdobeUM 2007-09-13 02:46 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-13 02:40 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-09-13 02:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems 2007-08-31 16:55 --------- d-----w C:\Documents and Settings\Eunice\Application Data\Yahoo! 2007-08-31 02:13 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! 2007-08-22 14:44 --------- d-----w C:\Program Files\In The Groove 2007-08-22 14:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-08-14 14:43 --------- d-----w C:\Program Files\MSXML 6.0 2007-01-05 03:29 32 -c--a-r C:\Documents and Settings\All Users\hash.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 09:12 C:\WINDOWS\AGRSMMSG.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 07:50] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 16:28] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 20:23] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\bcmntray" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "Glass2k"="C:\Program Files\Glass2k\Glass2k.exe" [2003-12-12 23:43] "LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-03 22:34] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-07 12:13] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-27 16:19] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe "Persistence"=C:\WINDOWS\system32\igfxpers.exe "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start "WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime R1 ClntMgmt.sys;ClntMgmt.sys;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1998dde-c68e-11db-a88f-0014a514a058}] AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-10-12 21:20:24 C:\WINDOWS\Tasks\1-Click Maintenance.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 17:01:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????1?2?8?4??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-14 17:03:15 C:\ComboFix2.txt ... 2007-10-14 16:10 C:\ComboFix3.txt ... 2007-10-10 15:25 . --- E O F --- Last edited by Ecinue; 10-15-2007 at 12:18 AM. |
|
|
|
|
10-15-2007, 12:34 AM
|
#9 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
Quote:
__________________
|
|
|
|
|
|
10-15-2007, 12:08 PM
|
#10 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 17
OS: xp service pack 2
|
Re: System32 folder's in quarantine - Log
If I open more than just one program in my computer it starts going really slow. For example if I'm using firefox and I open the messenger after like 10 minutes of not using the firefox it goes on non-responding. But it can happen too if I'm only using the web browser it just goes on non-responding for like 2 minutes. Besides that I'm having trouble connecting to full screen features (games) since my laptop is taking a lot of time to actually load something.
Could that mean I need more space or that something is still wrong? |
|
|
|
|
10-15-2007, 12:38 PM
|
#11 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
@Eunice, launch Windows Task Manager by depressing these 3 keys - Ctrl+ Alt + Del
Select the Performance tab & look under Physical Memory (K) Tell me how much Available Memory you have
__________________
|
|
|
|
|
10-15-2007, 12:47 PM
|
#12 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 17
OS: xp service pack 2
|
Re: System32 folder's in quarantine - Log
Ok
Total 253296 Available 26200 (was the top it keeps changing) System Cache 63844 For some reason the task manager window doesn't hide behind the other windows. |
|
|
|
|
10-15-2007, 01:03 PM
|
#13 (permalink) | ||
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
Quote:
Look in the top left portion of the Window. Click on Options. Untick "Always On Top" Quote:
In your case, 26,200 is way too little. Anytime that figures dips below 50,000 Window gets starved of physical memory & behaves laggy. You have only 256 MB of RAM installed on this machine. By today's standard, that's not enough for an XP machine. Ideally you should have at least 512 MB, 1 GiB is even better.
__________________
|
||
|
|
|
|
10-15-2007, 01:11 PM
|
#14 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
Are there any programs that you installed recently? Try uninstalling them to free up more memory.
No matter what, you should increase your RAM stock. RAM is dirt cheap now
__________________
|
|
|
|
|
10-15-2007, 01:49 PM
|
#15 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 17
OS: xp service pack 2
|
Re: System32 folder's in quarantine - Log
Ok I will do that with the task manager thing.
Last program I installed was Photoshop CS2 since I need it for my classes. I currently have 3 games installed in my computer one takes a gig of space the other one close to the 700mb and the last one take a gig of memory too. Probably that why is so full? Recently I cleaned up all my folders cause I was considering rebooting my entire computer and starting for scratch. Right now out of 40g I have 17g free of memory. |
|
|
|
|
10-15-2007, 02:01 PM
|
#16 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
Quote:
A hard disk looks like this -->  RAM looks like this -->  Was AVG AntiSpyware a recent addition?
__________________
|
|
|
|
|
|
10-15-2007, 02:21 PM
|
#18 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
That's probably what's causing the current slowdown. You're on bare minimum resources. The machine simply won't support additional burden.
Uninstalling it should alleviate your current slowness.
__________________
|
|
|
|
|
10-15-2007, 03:06 PM
|
#20 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,264
OS: N/A
|
Re: System32 folder's in quarantine - Log
Quote:
There's no such thing as a real time monitor that doesn't demand machine resources.
__________________
|
|
|
|
|
| Thread Tools | |
|
|
