Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
CONHOST.EXE
Comments
-
install
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
and for an anti-virus use
http://www.avast.com/en-eu/free-antivirus-download
and use a browser like SRWare Iron
http://www.srware.net/en/software_srware_iron.php
thanks again for all your help and knowledge!:)0 -
ComboFix 11-09-01.03 - Sanja 08.09.2011 15:24:41.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.751 [GMT 2:00]
Running from: c:\documents and settings\Sanja\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
.
.
2011-09-03 20:16 . 2010-07-16 12:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-09-03 20:16 . 2010-07-16 12:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-09-03 20:16 . 2011-01-17 07:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-03 20:16 . 2010-12-10 14:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-03 20:16 . 2010-12-10 11:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-03 20:15 . 2010-12-16 06:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-03 20:15 . 2011-09-04 15:08
d
w- c:\program files\PC Tools Security
2011-09-03 20:15 . 2011-09-03 21:37
d
w- c:\program files\Common Files\PC Tools
2011-09-03 20:15 . 2011-09-03 20:15
d
w- c:\documents and settings\Sanja\Application Data\PC Tools
2011-09-03 19:37 . 2011-09-03 20:16
d
w- c:\documents and settings\All Users\Application Data\PC Tools
2011-09-03 14:31 . 2011-09-03 14:31 512 ----a-w- C:\PhysicalMBR.bin
2011-09-03 14:05 . 2011-09-03 14:05
d
w- C:\_OTL
2011-09-03 11:54 . 2011-09-03 11:54
d
w- c:\documents and settings\Administrator\Application Data\IObit
2011-08-30 18:22 . 2011-08-30 18:22
d
w- c:\windows\system32\wbem\Repository
2011-08-15 10:31 . 2011-08-15 10:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2010-01-28 14:45 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2010-01-28 14:45 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2011-06-08 04:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-06-08 04:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2010-01-28 15:05 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2010-01-28 14:45 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2010-01-28 14:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2010-01-28 14:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2010-01-28 14:45 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2010-01-28 14:45 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-01 16:17 . 2011-04-04 16:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.<pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\AVG\AVG10\avgtray .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\DAEMON Tools Lite\DTLite .exe c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe c:\program files\Launch Manager\LManager .exe c:\program files\Microsoft Office\Office12\GrooveMonitor .exe c:\program files\Realtek\Audio\Drivers\AzMixerSel .exe c:\program files\Spybot - Search & Destroy\TeaTimer .exe c:\program files\Synaptics\SynTP\SynTPEnh .exe c:\program files\uTorrent\uTorrent .exe c:\windows\PLFSetL .exe </pre>
.
((((((((((((((((((((((((((((( SnapShot@2011-09-04_17.19.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-28 14:45 . 2011-09-08 09:57 73004 c:\windows\system32\perfc009.dat
- 2010-01-28 14:45 . 2011-09-04 16:58 73004 c:\windows\system32\perfc009.dat
+ 2010-01-28 14:45 . 2011-09-08 09:57 445798 c:\windows\system32\perfh009.dat
- 2010-01-28 14:45 . 2011-09-04 16:58 445798 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-1-28 708608]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 13:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
c:\progra~1\AVG\AVG9\avgtray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16.3.2011 16:03 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3.9.2011 22:16 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3.9.2011 22:16 338880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25.4.2011 1:15 218688]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28.1.2010 16:46 38912]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 6:41 248656]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [28.1.2010 20:37 17840]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [28.1.2010 20:37 15280]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [28.1.2010 20:37 58800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.3.2010 0:33 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [14.4.2010 18:15 90112]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [28.1.2010 20:50 253952]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3.9.2011 22:15 366840]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [13.5.2010 15:05 4497704]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [28.1.2010 20:29 240160]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4.11.2008 12:39 14336]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [13.5.2010 15:05 113448]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.1.2010 20:09 1684736]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18.3.2010 0:33 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [19.3.2010 21:45 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8.6.2011 6:06 41272]
S3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [10.9.2009 15:42 305448]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [14.4.2010 18:15 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [14.4.2010 18:15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [14.4.2010 18:15 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [14.4.2010 18:15 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [14.4.2010 18:15 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [14.4.2010 18:15 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [14.4.2010 18:15 109736]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [13.5.2010 15:05 16168]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [19.3.2010 21:45 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [19.3.2010 21:45 104960]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 22:32]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 22:32]
.
.
Supplementary Scan
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Sanja\Application Data\Mozilla\Firefox\Profiles\mgsiy0n3.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-08 15:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(304)
c:\windows\system32\WININET.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\XmlLite.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2011-09-08 15:35:42
ComboFix-quarantined-files.txt 2011-09-08 13:35
.
Pre-Run: 67.427.901.440 bytes free
Post-Run: 67.408.773.120 bytes free
.
- - End Of File - - 1B9F5500D580E47674D4D9F939B825130 -
you didn't do that step properly hermiona, lets try it once more, also you can do it in normal mode, and let combofix update if it asks
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\AVG\AVG10\avgtray .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\DAEMON Tools Lite\DTLite .exe c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe c:\program files\Launch Manager\LManager .exe c:\program files\Microsoft Office\Office12\GrooveMonitor .exe c:\program files\Realtek\Audio\Drivers\AzMixerSel .exe c:\program files\Spybot - Search & Destroy\TeaTimer .exe c:\program files\Synaptics\SynTP\SynTPEnh .exe c:\program files\uTorrent\uTorrent .exe c:\windows\PLFSetL .exe
Save this as CFScript.txt, in the same location as ComboFix.exe
drag CFScript into ComboFix.exe, like in the picture below
http://imageshack.us/photo/my-images/11/cfscript.gif/
Combofix will run itself after that.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.0
Advertisement