Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91679 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Wondering what I can do


  • This topic is locked This topic is locked
9 replies to this topic

#1 Raymondr1264

Raymondr1264

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 September 2009 - 12:09 AM

Hey I was wondering what to do. I had the windows police pro that was installed some how and I followed the instructions you had gave someone. I did the combofix it worked, but I run the scan in the kaspersky 2010 trial but it still comes up as a virus so I did the mbam and this id the Log. wondering if it is still a threat. thanks th advance! Malwarebytes' Anti-Malware 1.41 Database version: 2834 Windows 5.1.2600 Service Pack 3 9/20/2009 11:03:07 PM mbam-log-2009-09-20 (23-02-55).txt Scan type: Quick Scan Objects scanned: 105180 Time elapsed: 6 minute(s), 41 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sofatnet (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sofatnet (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\btwsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\netdde.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\wmdtc.exe (Backdoor.Bot) -> No action taken.

    Advertisements

Register to Remove


#2 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 21 September 2009 - 02:59 PM

Hello.

Please run a DDS scan followed by RootRepeal for me.

Download and run DDS

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results soon.
  • Follow the instructions that pop up for posting the results and then click Ok.
  • The black and message box window shall then disappear.
  • Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.


  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Posted Image tab at the bottom.
  • Now press the Posted Image button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.

With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#3 Raymondr1264

Raymondr1264

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 September 2009 - 03:29 PM

Hey thank you very much for your time! The bitdefender is no where to be found to be uninstalled. but still listed as a A/V. DDS (Ver_09-07-30.01) - NTFSx86 Run by Raymond Rodriguez at 14:15:05.18 on Mon 09/21/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.386 [GMT -7:00] AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Documents and Settings\Raymond Rodriguez\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avp] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\raymon~1\applic~1\mozilla\firefox\profiles\xmnoylat.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\mozilla firefox\components\FFComm.dll FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-12-18 296976] R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-7-3 303376] R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696] R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-8-30 91392] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104456] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112] S3 KProcWatch;KProcWatch;\??\c:\windows\system32\drivers\kprocwatch.sys --> c:\windows\system32\drivers\KProcWatch.sys [?] S3 mfsdisk;mfsdisk;c:\windows\system32\mfsdisk.sys [2006-3-15 2304] =============== Created Last 30 ================ 2009-09-20 22:55 <DIR> --d----- c:\docume~1\raymon~1\applic~1\Malwarebytes 2009-09-20 22:55 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-20 22:55 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-20 22:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-20 22:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-09-20 18:48 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat 2009-09-20 18:01 <DIR> a-dshr-- C:\cmdcons 2009-09-20 17:59 229,888 a------- c:\windows\PEV.exe 2009-09-20 17:59 161,792 a------- c:\windows\SWREG.exe 2009-09-20 17:59 98,816 a------- c:\windows\sed.exe 2009-09-11 08:47 153,088 -------- c:\windows\system32\dllcache\triedit.dll 2009-08-30 11:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2009-08-30 11:51 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-08-30 11:50 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll 2009-08-30 11:44 26,112 a------- c:\windows\system32\drivers\usbser.sys 2009-08-30 11:44 26,112 a------- c:\windows\system32\dllcache\usbser.sys 2009-08-30 11:33 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll 2009-08-30 11:33 23,680 a------- c:\windows\system32\drivers\motmodem.sys 2009-08-30 11:31 <DIR> --d----- c:\program files\Motorola 2009-08-30 11:31 <DIR> --d----- c:\program files\common files\Motorola Shared ==================== Find3M ==================== 2009-09-18 18:57 107,547 a------- c:\windows\system32\drivers\klin.dat 2009-09-18 18:57 95,259 a------- c:\windows\system32\drivers\klick.dat 2009-08-21 16:27 104,456 a------- c:\windows\system32\drivers\bdfndisf.sys 2009-08-17 10:43 53,712 a---h--- c:\windows\system32\mlfcache.dat 2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-21 12:57 4,608 a------- c:\windows\system32\w95inf32.dll 2009-07-21 12:57 2,272 a------- c:\windows\system32\w95inf16.dll 2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll 2009-07-19 06:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll 2009-07-10 06:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll 2009-07-03 16:48 219,664 a------- c:\windows\system32\klogon.dll 2009-07-03 10:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll 2009-07-03 10:09 915,456 -------- c:\windows\system32\wininet.dll 2009-07-03 10:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-07-03 10:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll 2009-07-03 10:09 206,848 a------- c:\windows\system32\dllcache\occache.dll 2009-07-03 10:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll 2009-07-03 10:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll 2009-07-03 10:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll 2009-07-03 10:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll 2009-07-03 10:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll 2009-07-03 10:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-07-03 10:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll 2009-07-03 04:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-25 01:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll 2009-06-25 01:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll 2009-06-25 01:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll 2009-06-25 01:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-06-25 01:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2009-06-25 01:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll 2009-06-24 04:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys 2009-05-06 16:02 81,920 a------- c:\docume~1\raymon~1\applic~1\ezpinst.exe 2009-05-06 16:02 47,360 a------- c:\docume~1\raymon~1\applic~1\pcouffin.sys 2009-12-18 18:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121820091219\index.dat ============= FINISH: 14:15:49.65 ===============

Attached Files



#4 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 22 September 2009 - 02:26 PM

Hello.

Please post the Combofix log you ran. It can be found in your C:\ drive entitled Combofix.txt

--

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.


Your previous Malwarebytes scan shows "no-action taken"

Re-run scan with MalwareBytes Anti-Malware

Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#5 Raymondr1264

Raymondr1264

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 22 September 2009 - 04:29 PM

Here is the Combofix

ComboFix 09-09-20.01 - Raymond Rodriguez 09/22/2009 15:05.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.323 [GMT -7:00]
Running from: c:\documents and settings\Raymond Rodriguez\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\irc.txt
c:\windows\system32\Install.txt

.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-12-19 02:40 . 2009-12-19 02:45 -------- d-----w- C:\Binaries
2009-12-19 02:36 . 2009-09-22 14:26 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-19 02:36 . 2009-09-22 14:26 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-19 02:33 . 2009-12-19 02:33 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-19 01:11 . 2009-09-22 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-19 01:11 . 2009-12-19 01:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-19 01:06 . 2009-12-19 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-22 14:44 . 2009-09-22 14:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-22 14:44 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-09-22 14:44 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-09-22 14:43 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-09-22 14:43 . 2009-09-22 14:44 -------- d-----w- c:\windows\system32\ZoneLabs
2009-09-22 14:43 . 2009-09-22 14:43 -------- d-----w- c:\program files\Zone Labs
2009-09-22 14:41 . 2009-09-22 22:19 -------- d-----w- c:\windows\Internet Logs
2009-09-21 21:26 . 2009-09-21 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-21 21:26 . 2009-09-21 21:26 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Local Settings\Application Data\WinZip
2009-09-21 05:55 . 2009-09-21 05:55 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\Malwarebytes
2009-09-21 05:55 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 05:55 . 2009-09-21 05:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 05:55 . 2009-09-21 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-21 05:55 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-21 01:48 . 2009-09-21 01:48 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-11 15:47 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-08-30 18:50 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-08-30 18:44 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-08-30 18:44 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-08-30 18:44 . 2009-09-21 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-30 18:33 . 2009-01-30 00:15 23680 ----a-w- c:\windows\system32\drivers\motmodem.sys
2009-08-30 18:33 . 2008-03-28 00:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-08-30 18:31 . 2009-08-30 18:31 -------- d-----w- c:\program files\Motorola
2009-08-30 18:31 . 2009-08-30 18:31 -------- d-----w- c:\program files\Common Files\Motorola Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 02:40 . 2009-04-23 22:35 -------- d-----w- c:\program files\BitDefender
2009-12-19 01:07 . 2009-04-17 04:47 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\uTorrent
2009-12-18 07:02 . 2009-04-23 22:42 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-22 21:40 . 2009-04-17 04:47 -------- d-----w- c:\program files\uTorrent
2009-09-21 01:17 . 2006-09-01 05:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 00:57 . 2009-05-06 18:21 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-11 20:18 . 2009-07-27 19:56 -------- d-----w- c:\program files\PokerStars
2009-09-11 20:14 . 2009-05-31 18:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-30 18:51 . 2009-08-30 18:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-08-30 18:51 . 2009-08-30 18:51 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-21 23:27 . 2009-02-12 23:52 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-08-17 17:43 . 2009-08-17 17:43 53712 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-17 17:43 . 2009-05-31 16:44 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\Apple Computer
2009-08-17 17:33 . 2009-08-17 17:32 -------- d-----w- c:\program files\Safari
2009-08-17 17:30 . 2009-08-17 17:29 -------- d-----w- c:\program files\iTunes
2009-08-17 17:30 . 2009-08-17 17:30 -------- d-----w- c:\program files\iPod
2009-08-17 17:30 . 2009-05-31 16:41 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 15:25 . 2009-08-17 15:25 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\PokerCreations
2009-08-17 15:24 . 2009-08-17 15:24 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\NLOP
2009-08-12 22:53 . 2009-04-03 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-05 09:01 . 2006-03-16 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-21 19:58 . 2009-07-21 19:58 620 ----a-w- c:\windows\EReg515.dat
2009-07-21 19:57 . 2009-07-21 19:57 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-07-21 19:57 . 2009-07-21 19:57 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-07-17 19:01 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-03-16 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 17:02 . 2009-06-09 19:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-03 23:48 . 2009-07-03 23:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 23:45 . 2009-07-03 23:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-07-03 17:09 . 2006-03-16 04:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-03-16 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-03-16 04:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-03-16 04:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-03-16 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-03-16 04:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-03-06 01:08 . 2009-04-23 22:39 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-21_02.06.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-22 14:44 . 2009-02-16 07:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-09-22 14:44 . 2008-11-17 09:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-09-22 14:43 . 2009-02-16 07:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 35208 c:\windows\system32\vswmi.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 58248 c:\windows\system32\vsregexp.dll
+ 2009-09-22 14:41 . 2009-09-22 14:41 62464 c:\windows\Installer\1de7f6.msi
+ 2009-09-21 21:27 . 2009-09-21 21:27 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B9}\IconCD95F6617.exe
+ 2009-09-22 14:43 . 2009-02-16 07:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 10:51 . 2008-07-29 10:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-09-22 14:41 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-09-22 14:44 . 2007-10-11 23:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-09-22 14:44 . 2008-11-17 09:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-09-22 14:44 . 2008-11-17 09:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-09-22 14:41 . 2009-02-05 01:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-09-22 14:44 . 2008-03-17 23:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 109960 c:\windows\system32\vsxml.dll
+ 2009-09-22 14:41 . 2009-02-16 07:10 482184 c:\windows\system32\vsutil.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-09-22 14:41 . 2009-02-16 07:10 229256 c:\windows\system32\vsinit.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-09-22 14:41 . 2009-02-16 07:10 110472 c:\windows\system32\vsdata.dll
+ 2009-09-21 21:27 . 2009-09-21 21:27 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B9}\IconCD95F66110.exe
+ 2009-09-22 14:44 . 2009-02-16 07:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-09-22 14:44 . 2008-11-17 09:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-09-21 21:27 . 2009-09-21 21:27 1541120 c:\windows\Installer\103fbdb.msi
+ 2009-09-22 14:44 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-09-22 14:44 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 9:41 PM 33808]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [10/6/2008 6:16 PM 82696]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/30/2009 11:31 AM 91392]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2/12/2009 4:52 PM 104456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 6:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 9:59 PM 19472]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 1:39 PM 61952]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [1/20/2009 7:16 PM 172032]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [9/18/2008 12:09 PM 111112]
S3 KProcWatch;KProcWatch;\??\c:\windows\system32\drivers\KProcWatch.sys --> c:\windows\system32\drivers\KProcWatch.sys [?]
S3 mfsdisk;mfsdisk;c:\windows\system32\mfsdisk.sys [3/15/2006 9:00 PM 2304]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SRESCAN
*NewlyCreated* - VSMON
*Deregistered* - FKFAP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Raymond Rodriguez\Application Data\Mozilla\Firefox\Profiles\xmnoylat.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 15:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-22 15:23
ComboFix-quarantined-files.txt 2009-09-22 22:23
ComboFix2.txt 2009-09-21 05:34
ComboFix3.txt 2009-09-21 02:13

Pre-Run: 43,847,761,920 bytes free
Post-Run: 43,798,863,872 bytes free

254 --- E O F --- 2009-09-22 14:51


And here is the mbam

Malwarebytes' Anti-Malware 1.41
Database version: 2834
Windows 5.1.2600 Service Pack 3

9/22/2009 2:50:29 PM
mbam-log-2009-09-22 (14-50-29).txt

Scan type: Quick Scan
Objects scanned: 105230
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 23 September 2009 - 06:49 PM

Hello. What seems to be the problem right now? May I also see the Kaspersky log on what it detected please? Does it still detect them? Take a new DDS run and post the logs here for my review afterwards. With Regards, Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#7 Raymondr1264

Raymondr1264

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 23 September 2009 - 07:45 PM

I did the scan on kaspersky and it said no infections detected. So I guess I'm in the clear . I just wanted to know if I had any infections. thanks for the help and time

#8 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 23 September 2009 - 07:57 PM

Okay. Thanks for letting me know. If you want to make sure you're completely clean, please take a new DDS run for me and post the results here in your next reply and we'll see what we can still do before I give you my final speech. Getting late here so I need to leave, will look at the results tomorrow and post the next set of instructions. ~Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#9 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 27 September 2009 - 03:24 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#10 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 29 September 2009 - 02:43 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users