Newbie
cant install any antivirus sorry if my english is bad,but no forum on my language.....
im having a problem with instaling antivirus program...i download it,but cant install(allways get "no internet conection,or simmilar")ive tryed almoust everything ive found by google.....
now im trying COMBO FIX
and i have a log file,but i dont know what to do with it...
someone please help me,what should i do(but please step,by step...im just a below average user)
this is the log:
ComboFix 10-05-30.08 - Gamer 05/29/2010 14:19:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.639.457 [GMT 4.5:30]
Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ndis.sys . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.
2010-05-29 08:15 . 2010-05-29 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-05-29 08:00 . 2010-05-29 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-05-29 08:00 . 2010-05-29 08:03 -------- d-----w- c:\program files\RegCure
2010-05-21 01:18 . 2010-05-21 01:18 503808 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-2df96c6c-n\msvcp71.dll
2010-05-21 01:18 . 2010-05-21 01:18 499712 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-2df96c6c-n\jmc.dll
2010-05-21 01:18 . 2010-05-21 01:18 348160 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-2df96c6c-n\msvcr71.dll
2010-05-21 01:18 . 2010-05-21 01:18 61440 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-18ee8b8f-n\decora-sse.dll
2010-05-21 01:18 . 2010-05-21 01:18 12800 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-18ee8b8f-n\decora-d3d.dll
2010-05-20 21:51 . 2004-08-03 23:56 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-05-29 09:28 . 2010-03-18 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-28 19:16 . 2010-01-18 14:12 -------- d-----w- c:\documents and settings\Gamer\Application Data\Skype
2010-05-15 06:44 . 2009-12-25 00:56 -------- d-----w- c:\program files\Lavalys
2010-05-10 17:09 . 2010-01-15 10:39 -------- d-----w- c:\program files\Yahoo! Games
2010-05-10 17:09 . 2010-02-08 18:01 -------- d-----w- c:\documents and settings\Gamer\Application Data\HLSW
2010-05-05 11:12 . 2009-12-26 12:58 -------- d-----w- c:\program files\Valve
2010-04-24 12:22 . 2010-04-24 12:22 -------- d-----w- c:\program files\AxBx
2010-04-24 12:14 . 2010-03-18 15:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-20 15:39 . 2010-04-20 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-04-20 09:12 . 2000-01-01 00:18 -------- d-----w- c:\documents and settings\Gamer\Application Data\BSplayer Pro
2010-04-15 06:23 . 2010-03-10 06:18 -------- d-----w- c:\program files\Full Tilt Poker
2010-04-15 05:03 . 2010-04-15 05:03 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 05:03 . 2010-04-15 05:03 -------- d-----w- c:\program files\Java
2010-04-14 17:15 . 2000-01-01 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 11:02 . 2010-01-21 05:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-20 13:17 . 2010-03-20 13:17 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-18 17:23 . 2010-03-18 17:19 45942928 ----a-w- C:\setup_av_free.exe
2010-03-18 17:15 . 2010-03-18 17:14 3396856 ----a-w- C:\ccsetup229.exe
2010-03-18 17:10 . 2010-03-18 17:10 9830 ----a-w- C:\exefix.reg
2010-03-18 16:49 . 2010-03-18 16:50 908248 ----a-w- C:\firefox.exe
2010-03-17 12:37 . 2004-08-03 22:14 212736 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-03-15 12:30 . 2010-01-19 16:23 0 ----a-w- c:\documents and settings\Gamer\Local Settings\Application Data\prvlcl.dat
2010-03-12 02:58 . 2010-03-12 02:58 503808 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-629c2f2b-n\msvcp71.dll
2010-03-12 02:58 . 2010-03-12 02:58 348160 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-629c2f2b-n\msvcr71.dll
2010-03-12 02:58 . 2010-03-12 02:58 499712 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-629c2f2b-n\jmc.dll
2010-03-12 02:58 . 2010-03-12 02:58 61440 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-47ded167-n\decora-sse.dll
2010-03-12 02:58 . 2010-03-12 02:58 12800 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-47ded167-n\decora-d3d.dll
2007-12-31 09:27 . 2007-12-31 09:27 167018 --sha-r- c:\windows\system32\dcioiln.dll
.
------- Sigcheck -------
[-] 2010-03-17 12:37 . A4BCBA984FBCA5604BF484B53C39293E . 212736 . . [------] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-03-17 12:37 . A4BCBA984FBCA5604BF484B53C39293E . 212736 . . [------] . . c:\windows\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-02-23 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\Gamer\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8039:TCP"= 8039:TCP:mwaqun
S2 vkifwbb;Windows Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:26 AM 14336]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscs i.sys [1/1/2000 4:54 AM 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/1/2000 4:53 AM 642560]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vkifwbb
.
Contents of the 'Scheduled Tasks' folder
2010-05-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]
2010-05-29 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]
2010-05-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gamer\Application Data\Mozilla\Firefox\Profiles\ogou1qf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc596.mail.yahoo.com/mc/login?ymv=0
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-29 14:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\v kifwbb]
"ServiceDll"="c:\windows\system32\dcioiln.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2010-05-29 14:29:54
ComboFix-quarantined-files.txt 2010-05-29 09:59
Pre-Run: 20,622,413,824 bytes free
Post-Run: 21,542,240,256 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - CC1F2FF0FCB6F8EFAFFDFAB0A70D295A
Senior Member
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Note: The log can also be found on your Desktop entitled SystemLook.txt
- Double-click SystemLook.exe to run it.
- Vista users:: Right click on SystemLook.exe, click Run As Administrator
- Copy the content of the following box into the main textfield:
Code::filefind ndis.sys- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Newbie
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:31 on 29/05/2010 by Gamer (Administrator - Elevation successful)
========== filefind ==========
Searching for "ndis.sys"
C:\WINDOWS\system32\dllcache\ndis.sys --a--c 182912 bytes [22:14 03/08/2004] [12:37 17/03/2010] 558635D3AF1C7546D26067D5D9B6959E
C:\WINDOWS\system32\drivers\ndis.sys --a--- 182912 bytes [22:14 03/08/2004] [12:37 17/03/2010] 558635D3AF1C7546D26067D5D9B6959E
-=End Of File=-
thanks for helping me
now what?
Senior Member
Attached is clean ndis.sys file (zipped) from my computer.
Unzip the file and paste ndis.sys file into C:\ directory (very important!!).
================================================== ==
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:File:: c:\windows\system32\dcioiln.dll FCopy:: c:\ndis.sys | c:\windows\system32\drivers\ndis.sys c:\ndis.sys | c:\windows\system32\dllcache\ndis.sys Driver:: vkifwbb Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=- "FirewallOverride"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"=- [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "8039:TCP"=- [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vkifwbb] NetSvc:: vkifwbb
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
Newbie
now...this is what i got:
ComboFix 10-05-30.09 - Gamer 05/29/2010 21:07:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.639.470 [GMT 4.5:30]
Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gamer\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\dcioiln.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\dcioiln.dll
c:\windows\system32\drivers\ndis.sys . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VKIFWBB
-------\Service_vkifwbb
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.
2010-05-29 16:24 . 2010-05-29 16:25 96696 ----a-w- C:\ndis.zip
2010-05-29 08:15 . 2010-05-29 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-05-29 08:00 . 2010-05-29 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-05-29 08:00 . 2010-05-29 08:03 -------- d-----w- c:\program files\RegCure
2010-05-21 01:18 . 2010-05-21 01:18 503808 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-2df96c6c-n\msvcp71.dll
2010-05-21 01:18 . 2010-05-21 01:18 499712 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-2df96c6c-n\jmc.dll
2010-05-21 01:18 . 2010-05-21 01:18 348160 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-2df96c6c-n\msvcr71.dll
2010-05-21 01:18 . 2010-05-21 01:18 61440 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-18ee8b8f-n\decora-sse.dll
2010-05-21 01:18 . 2010-05-21 01:18 12800 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-18ee8b8f-n\decora-d3d.dll
2010-05-20 21:51 . 2004-08-03 23:56 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-05-29 15:30 . 2010-01-18 14:12 -------- d-----w- c:\documents and settings\Gamer\Application Data\Skype
2010-05-29 09:28 . 2010-03-18 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-15 06:44 . 2009-12-25 00:56 -------- d-----w- c:\program files\Lavalys
2010-05-10 17:09 . 2010-01-15 10:39 -------- d-----w- c:\program files\Yahoo! Games
2010-05-10 17:09 . 2010-02-08 18:01 -------- d-----w- c:\documents and settings\Gamer\Application Data\HLSW
2010-05-05 11:12 . 2009-12-26 12:58 -------- d-----w- c:\program files\Valve
2010-04-24 12:22 . 2010-04-24 12:22 -------- d-----w- c:\program files\AxBx
2010-04-24 12:14 . 2010-03-18 15:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-20 15:39 . 2010-04-20 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-04-20 09:12 . 2000-01-01 00:18 -------- d-----w- c:\documents and settings\Gamer\Application Data\BSplayer Pro
2010-04-15 06:23 . 2010-03-10 06:18 -------- d-----w- c:\program files\Full Tilt Poker
2010-04-15 05:03 . 2010-04-15 05:03 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 05:03 . 2010-04-15 05:03 -------- d-----w- c:\program files\Java
2010-04-14 17:15 . 2000-01-01 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 11:02 . 2010-01-21 05:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-20 13:17 . 2010-03-20 13:17 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-18 17:23 . 2010-03-18 17:19 45942928 ----a-w- C:\setup_av_free.exe
2010-03-18 17:15 . 2010-03-18 17:14 3396856 ----a-w- C:\ccsetup229.exe
2010-03-18 17:10 . 2010-03-18 17:10 9830 ----a-w- C:\exefix.reg
2010-03-18 16:49 . 2010-03-18 16:50 908248 ----a-w- C:\firefox.exe
2010-03-17 12:37 . 2004-08-03 22:14 212736 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-03-15 12:30 . 2010-01-19 16:23 0 ----a-w- c:\documents and settings\Gamer\Local Settings\Application Data\prvlcl.dat
2010-03-12 02:58 . 2010-03-12 02:58 503808 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-629c2f2b-n\msvcp71.dll
2010-03-12 02:58 . 2010-03-12 02:58 348160 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-629c2f2b-n\msvcr71.dll
2010-03-12 02:58 . 2010-03-12 02:58 499712 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-629c2f2b-n\jmc.dll
2010-03-12 02:58 . 2010-03-12 02:58 61440 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-47ded167-n\decora-sse.dll
2010-03-12 02:58 . 2010-03-12 02:58 12800 ----a-w- c:\documents and settings\Gamer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-47ded167-n\decora-d3d.dll
.
------- Sigcheck -------
[-] 2010-03-17 . 558635D3AF1C7546D26067D5D9B6959E . 212736 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-03-17 . 558635D3AF1C7546D26067D5D9B6959E . 212736 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-29_09.57.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-29 16:43 . 2010-05-29 16:43 16384 c:\windows\Temp\Perflib_Perfdata_6c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-02-23 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\Gamer\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8039:TCP"= 8039:TCP:mwaqun
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscs i.sys [1/1/2000 4:54 AM 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/1/2000 4:53 AM 642560]
.
Contents of the 'Scheduled Tasks' folder
2010-05-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]
2010-05-29 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]
2010-05-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gamer\Application Data\Mozilla\Firefox\Profiles\ogou1qf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc596.mail.yahoo.com/mc/login?ymv=0
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-29 21:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x82B8A580]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8bf4f10
\Driver\ACPI -> ACPI.sys @ 0xf8b67cb8
\Driver\atapi -> atapi.sys @ 0xf8af97b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0025
ParseProcedure -> ntoskrnl.exe @ 0x8056d4fb
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0025
ParseProcedure -> ntoskrnl.exe @ 0x8056d4fb
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
************************************************** ************************
.
Completion time: 2010-05-29 21:19:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-29 16:49
ComboFix2.txt 2010-05-29 09:59
Pre-Run: 21,524,103,168 bytes free
Post-Run: 21,435,736,064 bytes free
- - End Of File - - 164F4F29139CBFA31D875E81E10A1F66
Senior Member
For some reason, FCopy command didn't work at all.
Are you sure, you placed my copy of ndis.sys file into your C:\ directory?
Re-run SystemLook with the very same code:
Code::filefind ndis.sys
Newbie
wooow.....now its working......im instaling avg.....
if there is somthin else i have to do...just say......and thank you very much
Newbie
im not sure that i have put it in the right place.....
when i unpacked it and tryd to copy it....
total cmd said:"eror writing......."
than i tryed with my comp. .....it said password protected
Newbie
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:37 on 29/05/2010 by Gamer (Administrator - Elevation successful)
========== filefind ==========
Searching for "ndis.sys"
C:\WINDOWS\system32\dllcache\ndis.sys --a--c 182912 bytes [22:14 03/08/2004] [12:37 17/03/2010] 558635D3AF1C7546D26067D5D9B6959E
C:\WINDOWS\system32\drivers\ndis.sys --a--- 182912 bytes [22:14 03/08/2004] [12:37 17/03/2010] 558635D3AF1C7546D26067D5D9B6959E
-=End Of File=-
Senior Member
Wait, wait, you're still infected.
Do nothing else, than I told you to do.
