before sorry for my english
hi
I've a trouble in my computer ,when my computer connected to internet a few minutes later I got a message that says "Services and Controller app has encountered a problem and needs to close." when I click on "close", a "system shutdown" message comes up, which says "The system process 'C:\WINDOWS\system32\services.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.", it is apparently initiated by NT AUTHORITY\SYSTEM. I can cancel the shutdown (by going to start/run and typing 'shutdown -a') but after this the system runs almost impossibly slowly, I have tried sasser&blaster removal tool from symantec no virus detected
my oprating system is XP sp2
this log from combofix
ComboFix 12-06-21.03 - S@phire 06/23/2012 12:31:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1290 [GMT 7:00]
Running from: c:\documents and settings\S@phire\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TNod User & Password Finder\TNODUP.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 02:17 . 2012-06-23 02:17 -------- d-----w- c:\program files\SystemRequirementsLab
2012-06-23 02:17 . 2012-06-23 02:17 -------- d-----w- c:\documents and settings\S@phire\Application Data\SystemRequirementsLab
2012-06-22 04:50 . 2012-06-22 04:50 -------- d-----w- c:\program files\ATI Technologies
2012-06-22 04:48 . 2012-06-22 04:48 -------- d-----w- C:\AMD
2012-06-20 07:21 . 2012-06-20 07:21 -------- d-----w- c:\documents and settings\S@phire\Application Data\IDM
2012-06-20 07:20 . 2012-06-22 13:18 -------- d-----w- c:\windows\system32\wbem\Logs
2012-06-20 04:56 . 2012-06-20 04:56 -------- d-----r- C:\ARTAV Lock
2012-06-20 04:56 . 2012-06-22 16:33 -------- d-----w- c:\program files\ARTAV Team
2012-06-20 04:32 . 2012-06-20 04:35 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\Rockstar Games
2012-06-20 04:29 . 2012-06-20 04:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-06-20 04:28 . 2012-06-20 04:28 -------- d-----w- c:\windows\system32\LogFiles
2012-06-20 04:27 . 2012-06-20 04:28 -------- d-----w- c:\windows\system32\drivers\umdf
2012-06-20 04:26 . 2012-06-20 04:26 -------- d-----w- c:\windows\system32\xlive
2012-06-20 04:26 . 2012-06-20 04:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2012-06-20 03:43 . 2012-06-20 03:43 -------- d-----w- c:\windows\system32\XPSViewer
2012-06-20 03:43 . 2012-06-20 03:43 -------- d-----w- c:\program files\Reference Assemblies
2012-06-20 03:43 . 2006-10-14 09:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-06-20 03:42 . 2006-06-29 06:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-06-17 11:04 . 2012-06-17 11:04 -------- d-----w- c:\documents and settings\S@phire\Application Data\Malwarebytes
2012-06-17 11:03 . 2012-06-17 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-17 11:03 . 2012-06-17 11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 11:03 . 2012-04-04 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\S@phire\Application Data\DriverCure
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\S@phire\Application Data\SpeedyPC Software
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-09 05:49 . 2012-06-09 05:49 43776 ----a-w- c:\windows\system32\drivers\catchurl.sys
2012-06-09 05:49 . 2012-03-15 11:03 209408 ----a-w- c:\windows\system32\PCMext.dll
2012-06-09 05:49 . 2012-06-09 05:49 2432 ----a-w- c:\windows\system32\drivers\KernelMemory.sys
2012-06-09 05:49 . 2012-06-09 05:49 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\PC Media Antivirus
2012-06-09 05:32 . 2012-06-23 01:09 -------- d-----w- c:\documents and settings\Administrator
2012-06-08 00:16 . 2012-06-08 00:16 -------- d-----w- c:\program files\EVDO Modem
2012-06-07 06:18 . 2012-01-27 00:48 104072 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\Wondershare
2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\program files\Common Files\Wondershare
2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\program files\Wondershare
2012-05-29 11:07 . 2000-12-05 23:00 415176 ----a-w- c:\windows\system32\comct332.ocx
2012-05-29 11:07 . 2000-05-21 15:00 244416 ----a-w- c:\windows\system32\msflxgrd.ocx
2012-05-29 11:07 . 2000-05-21 15:00 140488 ----a-w- c:\windows\system32\comdlg32.ocx
2012-05-29 11:07 . 2000-05-21 14:00 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2012-05-29 11:07 . 1999-09-28 09:42 1050896 ----a-w- c:\windows\system32\msjet35.dll
2012-05-29 11:07 . 1998-06-23 14:00 164144 ----a-w- c:\windows\system32\COMCT232.OCX
2012-05-29 11:07 . 1998-04-26 15:00 570128 ----a-w- c:\windows\system32\dao350.dll
2012-05-29 11:07 . 1998-04-23 15:00 24848 ----a-w- c:\windows\system32\msjter35.dll
2012-05-29 11:07 . 1998-04-23 15:00 123664 ----a-w- c:\windows\system32\msjint35.dll
2012-05-27 11:46 . 2012-05-27 11:46 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\ACD Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 05:09 . 2012-01-13 13:24 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-04-13 08:51 . 2012-04-13 08:51 81920 ----a-w- c:\documents and settings\S@phire\Application Data\ezpinst.exe
2012-04-13 08:51 . 2012-04-13 08:51 47360 ----a-w- c:\documents and settings\S@phire\Application Data\pcouffin.sys
2012-05-13 01:45 . 2011-12-23 13:43 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 05:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-07-02 03:18 2215960 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 19:46 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\S@phire\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-01-28 3462552]
"RGSC"="d:\games\Rockstar games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BiosNotice"="c:\program files\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
"RTHDCPL"="RTHDCPL.EXE" [2010-10-05 19580520]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"EVDOServer"="c:\windows\EVDOServer.exe" [2011-11-12 45056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-2-28 119296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 17:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 03:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 13:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Gemscool\\LostSaga\\autoupgrade.exe"=
"c:\\Gemscool\\LostSaga\\lostsaga.exe"=
"e:\\PES12\\pes2012.exe"=
"c:\\Documents and Settings\\S@phire\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"d:\\GAMES\\Copy of NFS\\NFS Most Wanted Setup\\Need for Speed Most Wanted Rip\\speed.exe"=
"d:\\GAMES\\IRON MAN\\IMRip_idocxxx\\IronMan.exe"=
"d:\\GAMES\\Rockstar games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\GAMES\\Rockstar games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [1/14/2012 9:43 AM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [1/14/2012 9:43 AM 5248]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/25/2011 4:43 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [11/25/2011 4:43 PM 6272]
R1 catchurl;catchurl;c:\windows\system32\drivers\catchurl.sys [6/9/2012 12:49 PM 43776]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6/7/2012 1:18 PM 104072]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [12/18/2011 9:50 AM 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/17/2012 6:03 PM 654408]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [12/14/2011 12:47 PM 1514304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/17/2012 6:03 PM 22344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [12/12/2011 7:31 PM 10064]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\S@phire\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\S@phire\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/25/2011 4:44 PM 1691480]
S3 AtiDCM;AtiDCM;c:\amd\ATI_Redwood-Pro2_WinXP_8.70_Feb3\Bin\atidcmxx.sys [1/14/2010 10:26 AM 23312]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GPUTool;GPUTool;\??\c:\docume~1\S@phire\LOCALS~1\Temp\GPUTool.sys --> c:\docume~1\S@phire\LOCALS~1\Temp\GPUTool.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/13/2012 8:45 AM 129976]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [12/24/2011 9:12 AM 114704]
S3 tctusbser;TCT Mobilephone USB Device for Legacy Serial Communication;c:\windows\system32\drivers\tctusbser.sys [12/13/2011 9:34 AM 107776]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [5/6/2012 3:54 PM 14416]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-03-22 04:21]
.
2012-06-17 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 19:00]
.
2012-06-17 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
uInternet Settings,ProxyServer = 118.97.165.234:8080
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{11885652-163E-4CA0-A76A-D9E4138A747B}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\S@phire\Application Data\Mozilla\Firefox\Profiles\y1vswott.default\
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TNOD UP - c:\program files\TNod User & Password Finder\TNODUP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 12:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{027489cb-52c0-4b44-929f-339c519c2976}]
@Denied: (Full) (Everyone)
"Model"=dword:00000056
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,ab,5b,af,68,df,8c,9d,4f,89,07,a4,fc,ba,83,74,14,bb,af,32,4e,
71,9e,15,12,e3,55,2b,99,56,fe,11,9f,82,b0,7d,ac,7d,bd,46,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1224)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-06-23 12:34:48
ComboFix-quarantined-files.txt 2012-06-23 05:34
ComboFix2.txt 2012-06-23 01:18
.
Pre-Run: 23,000,813,568 bytes free
Post-Run: 22,961,872,896 bytes free
.
- - End Of File - - BB67775E631EA0625923D112B52116E1
hi
I've a trouble in my computer ,when my computer connected to internet a few minutes later I got a message that says "Services and Controller app has encountered a problem and needs to close." when I click on "close", a "system shutdown" message comes up, which says "The system process 'C:\WINDOWS\system32\services.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.", it is apparently initiated by NT AUTHORITY\SYSTEM. I can cancel the shutdown (by going to start/run and typing 'shutdown -a') but after this the system runs almost impossibly slowly, I have tried sasser&blaster removal tool from symantec no virus detected
my oprating system is XP sp2
this log from combofix
ComboFix 12-06-21.03 - S@phire 06/23/2012 12:31:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1290 [GMT 7:00]
Running from: c:\documents and settings\S@phire\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TNod User & Password Finder\TNODUP.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 02:17 . 2012-06-23 02:17 -------- d-----w- c:\program files\SystemRequirementsLab
2012-06-23 02:17 . 2012-06-23 02:17 -------- d-----w- c:\documents and settings\S@phire\Application Data\SystemRequirementsLab
2012-06-22 04:50 . 2012-06-22 04:50 -------- d-----w- c:\program files\ATI Technologies
2012-06-22 04:48 . 2012-06-22 04:48 -------- d-----w- C:\AMD
2012-06-20 07:21 . 2012-06-20 07:21 -------- d-----w- c:\documents and settings\S@phire\Application Data\IDM
2012-06-20 07:20 . 2012-06-22 13:18 -------- d-----w- c:\windows\system32\wbem\Logs
2012-06-20 04:56 . 2012-06-20 04:56 -------- d-----r- C:\ARTAV Lock
2012-06-20 04:56 . 2012-06-22 16:33 -------- d-----w- c:\program files\ARTAV Team
2012-06-20 04:32 . 2012-06-20 04:35 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\Rockstar Games
2012-06-20 04:29 . 2012-06-20 04:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-06-20 04:28 . 2012-06-20 04:28 -------- d-----w- c:\windows\system32\LogFiles
2012-06-20 04:27 . 2012-06-20 04:28 -------- d-----w- c:\windows\system32\drivers\umdf
2012-06-20 04:26 . 2012-06-20 04:26 -------- d-----w- c:\windows\system32\xlive
2012-06-20 04:26 . 2012-06-20 04:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2012-06-20 03:43 . 2012-06-20 03:43 -------- d-----w- c:\windows\system32\XPSViewer
2012-06-20 03:43 . 2012-06-20 03:43 -------- d-----w- c:\program files\Reference Assemblies
2012-06-20 03:43 . 2006-10-14 09:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-06-20 03:42 . 2006-06-29 06:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-06-17 11:04 . 2012-06-17 11:04 -------- d-----w- c:\documents and settings\S@phire\Application Data\Malwarebytes
2012-06-17 11:03 . 2012-06-17 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-17 11:03 . 2012-06-17 11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 11:03 . 2012-04-04 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\S@phire\Application Data\DriverCure
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\S@phire\Application Data\SpeedyPC Software
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-09 05:49 . 2012-06-09 05:49 43776 ----a-w- c:\windows\system32\drivers\catchurl.sys
2012-06-09 05:49 . 2012-03-15 11:03 209408 ----a-w- c:\windows\system32\PCMext.dll
2012-06-09 05:49 . 2012-06-09 05:49 2432 ----a-w- c:\windows\system32\drivers\KernelMemory.sys
2012-06-09 05:49 . 2012-06-09 05:49 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\PC Media Antivirus
2012-06-09 05:32 . 2012-06-23 01:09 -------- d-----w- c:\documents and settings\Administrator
2012-06-08 00:16 . 2012-06-08 00:16 -------- d-----w- c:\program files\EVDO Modem
2012-06-07 06:18 . 2012-01-27 00:48 104072 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\Wondershare
2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\program files\Common Files\Wondershare
2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\program files\Wondershare
2012-05-29 11:07 . 2000-12-05 23:00 415176 ----a-w- c:\windows\system32\comct332.ocx
2012-05-29 11:07 . 2000-05-21 15:00 244416 ----a-w- c:\windows\system32\msflxgrd.ocx
2012-05-29 11:07 . 2000-05-21 15:00 140488 ----a-w- c:\windows\system32\comdlg32.ocx
2012-05-29 11:07 . 2000-05-21 14:00 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2012-05-29 11:07 . 1999-09-28 09:42 1050896 ----a-w- c:\windows\system32\msjet35.dll
2012-05-29 11:07 . 1998-06-23 14:00 164144 ----a-w- c:\windows\system32\COMCT232.OCX
2012-05-29 11:07 . 1998-04-26 15:00 570128 ----a-w- c:\windows\system32\dao350.dll
2012-05-29 11:07 . 1998-04-23 15:00 24848 ----a-w- c:\windows\system32\msjter35.dll
2012-05-29 11:07 . 1998-04-23 15:00 123664 ----a-w- c:\windows\system32\msjint35.dll
2012-05-27 11:46 . 2012-05-27 11:46 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\ACD Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 05:09 . 2012-01-13 13:24 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-04-13 08:51 . 2012-04-13 08:51 81920 ----a-w- c:\documents and settings\S@phire\Application Data\ezpinst.exe
2012-04-13 08:51 . 2012-04-13 08:51 47360 ----a-w- c:\documents and settings\S@phire\Application Data\pcouffin.sys
2012-05-13 01:45 . 2011-12-23 13:43 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 05:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-07-02 03:18 2215960 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 19:46 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\S@phire\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-01-28 3462552]
"RGSC"="d:\games\Rockstar games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BiosNotice"="c:\program files\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
"RTHDCPL"="RTHDCPL.EXE" [2010-10-05 19580520]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"EVDOServer"="c:\windows\EVDOServer.exe" [2011-11-12 45056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-2-28 119296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 17:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 03:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 13:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Gemscool\\LostSaga\\autoupgrade.exe"=
"c:\\Gemscool\\LostSaga\\lostsaga.exe"=
"e:\\PES12\\pes2012.exe"=
"c:\\Documents and Settings\\S@phire\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"d:\\GAMES\\Copy of NFS\\NFS Most Wanted Setup\\Need for Speed Most Wanted Rip\\speed.exe"=
"d:\\GAMES\\IRON MAN\\IMRip_idocxxx\\IronMan.exe"=
"d:\\GAMES\\Rockstar games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\GAMES\\Rockstar games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [1/14/2012 9:43 AM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [1/14/2012 9:43 AM 5248]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/25/2011 4:43 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [11/25/2011 4:43 PM 6272]
R1 catchurl;catchurl;c:\windows\system32\drivers\catchurl.sys [6/9/2012 12:49 PM 43776]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6/7/2012 1:18 PM 104072]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [12/18/2011 9:50 AM 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/17/2012 6:03 PM 654408]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [12/14/2011 12:47 PM 1514304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/17/2012 6:03 PM 22344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [12/12/2011 7:31 PM 10064]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\S@phire\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\S@phire\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/25/2011 4:44 PM 1691480]
S3 AtiDCM;AtiDCM;c:\amd\ATI_Redwood-Pro2_WinXP_8.70_Feb3\Bin\atidcmxx.sys [1/14/2010 10:26 AM 23312]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GPUTool;GPUTool;\??\c:\docume~1\S@phire\LOCALS~1\Temp\GPUTool.sys --> c:\docume~1\S@phire\LOCALS~1\Temp\GPUTool.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/13/2012 8:45 AM 129976]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [12/24/2011 9:12 AM 114704]
S3 tctusbser;TCT Mobilephone USB Device for Legacy Serial Communication;c:\windows\system32\drivers\tctusbser.sys [12/13/2011 9:34 AM 107776]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [5/6/2012 3:54 PM 14416]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-03-22 04:21]
.
2012-06-17 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 19:00]
.
2012-06-17 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
uInternet Settings,ProxyServer = 118.97.165.234:8080
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{11885652-163E-4CA0-A76A-D9E4138A747B}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\S@phire\Application Data\Mozilla\Firefox\Profiles\y1vswott.default\
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TNOD UP - c:\program files\TNod User & Password Finder\TNODUP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 12:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{027489cb-52c0-4b44-929f-339c519c2976}]
@Denied: (Full) (Everyone)
"Model"=dword:00000056
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,ab,5b,af,68,df,8c,9d,4f,89,07,a4,fc,ba,83,74,14,bb,af,32,4e,
71,9e,15,12,e3,55,2b,99,56,fe,11,9f,82,b0,7d,ac,7d,bd,46,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1224)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-06-23 12:34:48
ComboFix-quarantined-files.txt 2012-06-23 05:34
ComboFix2.txt 2012-06-23 01:18
.
Pre-Run: 23,000,813,568 bytes free
Post-Run: 22,961,872,896 bytes free
.
- - End Of File - - BB67775E631EA0625923D112B52116E1