Okay, I'll do that later tonight.
Swamplog-Finally caught up
(14 items) |
|
Swamplog-Finally caught up
(14 items) |
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Infected with a Rootkit?
Featured Sponsors
Recent Reviews
-
Picked these up for my TRON Legacy theme build. Got the optional light bar upgrade kit(s). Note, for a quad channel package you will need two light bar kits as each covers two sticks. No issues...
-
I honestly love this cooler, but I think I'm gonna move on to another one soon, it just looks... A bit to bland compared to other flaming red (literally) coolers on the market.
-
Metro 2033 is one of the greatest FPS games ever made. Although not usually recognized as such, due to the horrible state the gaming industry is in, it succeeds largely on its storytelling,... -
This is an update of the original Fractal Design Arc Midi. The solid left panel has been replaced by a panel with a plexiglass window and the top USB ports are now USB-3.0. Let me state at the...
-
I've used this headset extensively for MAG on PS3. The sounds were wonderful, the mic was crisp, and the ability to adjust peoples voice volume is absolutely invaluable. For $100 ( or less ) this...
Infected with a Rootkit? - Page 6
- Playapplepie
- 4.0 GHz
-
- Joined: Dec 2007
- Location: Gainesville, Fl
- Posts: 2,675
- Rep: 53 (Unique: 48)
- Select All Posts By This User
Here is the ComboFix report:
|
Swamplog-Finally caught up
(14 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| AMD Phenom II X4 Black Edition | ASUS M5A97 | PNY GTX465 | G. Skill Ripjaws 4gbx2 DDR3 1600 |
| Hard Drive | Optical Drive | Cooling | OS |
| Western Digital Caviar Black 1TB | LG DVD Burner | ThermalTake DuOrb | Windows 7 Professional x64 |
| Monitor | Power | Case | |
| ViewSonic 19" LCD | ThermalTake Purepower 500W | Ark PA08 Mid Tower case | |
| View all | |||
|
Swamplog-Finally caught up
(14 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| AMD Phenom II X4 Black Edition | ASUS M5A97 | PNY GTX465 | G. Skill Ripjaws 4gbx2 DDR3 1600 |
| Hard Drive | Optical Drive | Cooling | OS |
| Western Digital Caviar Black 1TB | LG DVD Burner | ThermalTake DuOrb | Windows 7 Professional x64 |
| Monitor | Power | Case | |
| ViewSonic 19" LCD | ThermalTake Purepower 500W | Ark PA08 Mid Tower case | |
| View all | |||
post #53 of 58
10/1/10 at 8:19pm
- crunchie
- 2.4ghz
- Joined: May 2008
- Location: Australia
- Posts: 496
- Rep: 20 (Unique: 16)
- Select All Posts By This User
Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.
c:\\windows\\system32\\pthswmcp.dll
==================
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
========
1. Please open Notepad
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
c:\\windows\\system32\\pthswmcp.dll
==================
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
========
1. Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
Code:
KillAll::
File::
c:\emp\\drivers.exe
RegLock::
[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\\software\\Classes\\Interface\\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\\software\\Classes\\J*h%O*_*a*u*t*o*_*f*i*l*e*\\shell\\Read\\command]3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
- Combofix.txt
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Black Beauty
(13 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| 1090T 6 core @ 4050Mhz 1.375vcore | GA-890FXA-UD5 | Gigabyte HD6870's in cf | Flares @ 1800Mhz 6-8-6-22-1T |
| Hard Drive | Optical Drive | OS | Monitor |
| GSkill Phoenix Pro 120Gb SSD | Toshiba DVD | XP Pro and W7 Pro | BenQ G2420HD |
| Keyboard | Power | Case | Mouse |
| Logitech Wave | Corsair HX850 | CM HAF-X | Intellimouse |
| View all | |||
|
Black Beauty
(13 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| 1090T 6 core @ 4050Mhz 1.375vcore | GA-890FXA-UD5 | Gigabyte HD6870's in cf | Flares @ 1800Mhz 6-8-6-22-1T |
| Hard Drive | Optical Drive | OS | Monitor |
| GSkill Phoenix Pro 120Gb SSD | Toshiba DVD | XP Pro and W7 Pro | BenQ G2420HD |
| Keyboard | Power | Case | Mouse |
| Logitech Wave | Corsair HX850 | CM HAF-X | Intellimouse |
| View all | |||
- Playapplepie
- 4.0 GHz
-
-
- Joined: Dec 2007
- Location: Gainesville, Fl
- Posts: 2,675
- Rep: 53 (Unique: 48)
- Select All Posts By This User
There was nothing malicious found for pthswmcp.dll
I'll post the results of ComboFix later on.
EDIT:
Here is the log.
Edited by Playapplepie - 10/2/10 at 4:52pm
I'll post the results of ComboFix later on.
EDIT:
Here is the log.
Edited by Playapplepie - 10/2/10 at 4:52pm
|
Swamplog-Finally caught up
(14 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| AMD Phenom II X4 Black Edition | ASUS M5A97 | PNY GTX465 | G. Skill Ripjaws 4gbx2 DDR3 1600 |
| Hard Drive | Optical Drive | Cooling | OS |
| Western Digital Caviar Black 1TB | LG DVD Burner | ThermalTake DuOrb | Windows 7 Professional x64 |
| Monitor | Power | Case | |
| ViewSonic 19" LCD | ThermalTake Purepower 500W | Ark PA08 Mid Tower case | |
| View all | |||
|
Swamplog-Finally caught up
(14 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| AMD Phenom II X4 Black Edition | ASUS M5A97 | PNY GTX465 | G. Skill Ripjaws 4gbx2 DDR3 1600 |
| Hard Drive | Optical Drive | Cooling | OS |
| Western Digital Caviar Black 1TB | LG DVD Burner | ThermalTake DuOrb | Windows 7 Professional x64 |
| Monitor | Power | Case | |
| ViewSonic 19" LCD | ThermalTake Purepower 500W | Ark PA08 Mid Tower case | |
| View all | |||
post #55 of 58
10/2/10 at 5:50pm
- W4LNUT5
- јïṃṃïε ṡτατυṡ: υṉɾυṡτlεḋ
-
- Joined: Mar 2009
- Location: вuffαlσ
- Posts: 6,143
- Trader Rating: 14
- Select All Posts By This User
Quote:
|
Originally Posted by Playapplepie
There was nothing malicious found for pthswmcp.dll
I'll post the results of ComboFix later on. EDIT: Here is the log. |
The only thing I'm unsure of in that log is this entry
Code:
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\\0SsiEfr.e
W4LH4X The Lunchbox
(14 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| I5-2500k 4.8Ghz @ 1.38v | Z68X-UD4-B3 | PNY 480 | 8GB Dominator 1600's |
| Hard Drive | Optical Drive | OS | Monitor |
| Intel 510 + 300GB Velociraptor | LG DVD RW | Server 2012 | HP 25" + HP 20" |
| Keyboard | Power | Case | Mouse |
| Deck Legend | TX850W | XClio Coolbox | Mamba |
| Mouse Pad | Audio | ||
| Dolica | HD550's | ||
| View all | |||
|
W4LH4X The Lunchbox
(14 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| I5-2500k 4.8Ghz @ 1.38v | Z68X-UD4-B3 | PNY 480 | 8GB Dominator 1600's |
| Hard Drive | Optical Drive | OS | Monitor |
| Intel 510 + 300GB Velociraptor | LG DVD RW | Server 2012 | HP 25" + HP 20" |
| Keyboard | Power | Case | Mouse |
| Deck Legend | TX850W | XClio Coolbox | Mamba |
| Mouse Pad | Audio | ||
| Dolica | HD550's | ||
| View all | |||
post #56 of 58
10/2/10 at 6:50pm
- crunchie
- 2.4ghz
-
- Joined: May 2008
- Location: Australia
- Posts: 496
- Rep: 20 (Unique: 16)
- Select All Posts By This User
I'm happy enough to call that clean.
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
|
Black Beauty
(13 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| 1090T 6 core @ 4050Mhz 1.375vcore | GA-890FXA-UD5 | Gigabyte HD6870's in cf | Flares @ 1800Mhz 6-8-6-22-1T |
| Hard Drive | Optical Drive | OS | Monitor |
| GSkill Phoenix Pro 120Gb SSD | Toshiba DVD | XP Pro and W7 Pro | BenQ G2420HD |
| Keyboard | Power | Case | Mouse |
| Logitech Wave | Corsair HX850 | CM HAF-X | Intellimouse |
| View all | |||
|
Black Beauty
(13 items) |
| CPU | Motherboard | Graphics | RAM |
|---|---|---|---|
| 1090T 6 core @ 4050Mhz 1.375vcore | GA-890FXA-UD5 | Gigabyte HD6870's in cf | Flares @ 1800Mhz 6-8-6-22-1T |
| Hard Drive | Optical Drive | OS | Monitor |
| GSkill Phoenix Pro 120Gb SSD | Toshiba DVD | XP Pro and W7 Pro | BenQ G2420HD |
| Keyboard | Power | Case | Mouse |
| Logitech Wave | Corsair HX850 | CM HAF-X | Intellimouse |
| View all | |||
post #57 of 58
6/11/12 at 10:09am
comodo says ive a rootkit and ive tried almost all i can think off to fix it
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:31, on 11/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Howard\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe
C:\Users\Howard\Downloads\9tfy387r.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
c:\Users\Howard\Downloads\HijackThis.exe
C:\Users\Howard\AppData\Local\Temp\xtvkgp.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85DC0A78-D098-4B5B-BE97-B1FAD50946FB}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{88EC7205-032E-4EDD-ADF7-884B2D27DBAA}: NameServer = 149.254.230.7 149.254.192.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2D0393B-250E-4561-8E0E-4222277E24FA}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{85DC0A78-D098-4B5B-BE97-B1FAD50946FB}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files (x86)\Webroot\WRSA.exe
--
End of file - 11482 bytes
this is from hijackthis im running sophos and gmer at the moment ill post results when its done but i know im infected this is the 4th time ive tried to post this on here also
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-11 21:48:22
Windows 6.0.6002 Service Pack 2
Running: 9tfy387r.exe
---- Files - GMER 1.0.15 ----
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\03427451-02C5-4E50-A97F-27561435C4F8.data 1236 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\03427451-02C5-4E50-A97F-27561435C4F8.data.info 278 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\055B78A2-6802-4E2F-91E3-5609385DBB6C.data 67350 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\055B78A2-6802-4E2F-91E3-5609385DBB6C.data.info 278 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\06BF1A48-96F0-4E69-B493-DD3331318CAA.data 74703 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\06BF1A48-96F0-4E69-B493-DD3331318CAA.data.info 172 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0E2023FB-31E4-48D9-97C8-303025BD78A4.data 1236 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\95E5CF61-02CD-4379-B76B-D6DC46AEDEFF.data 1284 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\95E5CF61-02CD-4379-B76B-D6DC46AEDEFF.data.info 338 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Comodo 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Comodo\Firewall Pro 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Comodo\Firewall Pro\Data 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Comodo\Firewall Pro\Data\TempFiles 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\DataCardMonitor.tmp 321 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Howard.bmp 31832 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\hsperfdata_Howard 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\jusched.log 780 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\RtkBtMnt.exe 301056 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\WPDNSE 0 bytes
File C:\Windows\temp\TMP0000512D00257EE36A4B2C07 524288 bytes
---- EOF - GMER 1.0.15 ----
Edited by Nikon112 - 6/11/12 at 1:50pm
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:31, on 11/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Howard\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe
C:\Users\Howard\Downloads\9tfy387r.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
c:\Users\Howard\Downloads\HijackThis.exe
C:\Users\Howard\AppData\Local\Temp\xtvkgp.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85DC0A78-D098-4B5B-BE97-B1FAD50946FB}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{88EC7205-032E-4EDD-ADF7-884B2D27DBAA}: NameServer = 149.254.230.7 149.254.192.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2D0393B-250E-4561-8E0E-4222277E24FA}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{85DC0A78-D098-4B5B-BE97-B1FAD50946FB}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files (x86)\Webroot\WRSA.exe
--
End of file - 11482 bytes
this is from hijackthis im running sophos and gmer at the moment ill post results when its done but i know im infected this is the 4th time ive tried to post this on here also
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-11 21:48:22
Windows 6.0.6002 Service Pack 2
Running: 9tfy387r.exe
---- Files - GMER 1.0.15 ----
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\03427451-02C5-4E50-A97F-27561435C4F8.data 1236 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\03427451-02C5-4E50-A97F-27561435C4F8.data.info 278 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\055B78A2-6802-4E2F-91E3-5609385DBB6C.data 67350 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\055B78A2-6802-4E2F-91E3-5609385DBB6C.data.info 278 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\06BF1A48-96F0-4E69-B493-DD3331318CAA.data 74703 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\06BF1A48-96F0-4E69-B493-DD3331318CAA.data.info 172 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0E2023FB-31E4-48D9-97C8-303025BD78A4.data 1236 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\95E5CF61-02CD-4379-B76B-D6DC46AEDEFF.data 1284 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\95E5CF61-02CD-4379-B76B-D6DC46AEDEFF.data.info 338 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Comodo 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Comodo\Firewall Pro 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Comodo\Firewall Pro\Data 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Comodo\Firewall Pro\Data\TempFiles 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\DataCardMonitor.tmp 321 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\Howard.bmp 31832 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\hsperfdata_Howard 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\jusched.log 780 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\RtkBtMnt.exe 301056 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\974138E6-E7CE-44AE-BD49-BDD8A538C0B6.data\WPDNSE 0 bytes
File C:\Windows\temp\TMP0000512D00257EE36A4B2C07 524288 bytes
---- EOF - GMER 1.0.15 ----
Edited by Nikon112 - 6/11/12 at 1:50pm
post #58 of 58
6/11/12 at 5:57pm
Please do not bump a two year old thread with your own issue as you've already created a thread.
- Infected with a Rootkit?
This thread is locked
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Infected with a Rootkit?
Currently, there are 2179 Active Users
(821 Members and 1358 Guests)
Recent Discussions
- › Yet another ROG [Build Log] Phantom 820, MVE, 3770k, Crossfire... 1 second ago
- › [Ars] FiOS customer discovers the limits of “unlimited” data: 77TB... 12 seconds ago
- › [Various] GTX 780 Reviews 12 seconds ago
- › The Korean PLS Monitor Club (Qnix & X-Star) 14 seconds ago
- › [VN] 10 million Galaxy S4 phones sold in less than a month 19 seconds ago
- › SG09 / SG10 Owners Thread 21 seconds ago
- › [Build Log] - The Big Budget Boomer Box (aka, the "BBBB") 24 seconds ago
- › [Sponsored] Excessive Insanity 4 computers in a Case Labs TX10-D... 26 seconds ago
- › [PSU] Call of Duty: Ghosts doesn't use a brand new engine after all 50 seconds ago
- › Official Computer Room Pics 1 minute ago
View: New Posts | All Discussions
Recent Reviews
- › CORSAIR Dominator Platinum 16GB (4 x 4GB) 240-Pin DDR3 SDRAM DDR3... by TLHarrell
- › Cooler Master Hyper 212 EVO CPU Cooler (RR-212E-20PK-R1) by junhawng
- › Metro: Last Light - Standard Edition by boredgunner
- › Fractal Design Arc Midi R2 FD-CA-ARC-R2-BL-W Computer Case With... by Alan G
- › Wireless Stereo Headset by DoomDash
- › GIGABYTE Radeon HD 7870 GHz Edition GV-R787OC-2GD Video Card by VitalShot
- › Crucial Ballistix sport 16GB (2 x 8GB) 240-Pin DDR3 SDRAM DDR3 1600... by Fieldsweeper
- › Creative 70SB150000000 Sound Card by Fieldsweeper
- › ASUS PB Series PB278Q 27"" 5ms (GTG) WQHD Widescreen LED... by R3apR369
- › SilverStone Aluminum Body ATX Full Tower Computer Case TJ07B -... by R3apR369
View: More Reviews
New Articles
- › Rackmount Storage Devices for your mypccase by chriseddins
- › Online free image resizer by morgan0021
- › Maid Service Stroud by jacob5564
- › METRO 2033 STARTUP CRASH FIX WORKS by xiangelo
- › Why are DNS Servers Important? How to make... by exzacklyright
- › Titanium Backup Guide For Newbies by exzacklyright
- › How to install ADB (Android Debug Bridge) by exzacklyright
- › How to take ownership of a file, folder, or... by exzacklyright
- › How to disable the open file security warning... by exzacklyright
- › Clean and Make a USB Bootable Flash Drive for... by exzacklyright
View: New Articles | All Articles
Home | Reviews | Forums | Articles | My Profile
About Overclock.net | Join the Community | Advertise | Contact Us | All Staff
© 2013 Shogun Interactive Development Overclock.net is powered by Huddler Tech | FAQ | Support | Privacy | ToS | DMCA | Site Map
About Overclock.net | Join the Community | Advertise | Contact Us | All Staff
© 2013 Shogun Interactive Development Overclock.net is powered by Huddler Tech | FAQ | Support | Privacy | ToS | DMCA | Site Map
