[Closed] Wondering what I can do
#1
Posted 21 September 2009 - 12:09 AM
Register to Remove
#2
Posted 21 September 2009 - 02:59 PM
Please run a DDS scan followed by RootRepeal for me.
Download and run DDS
We need to see some information about what is happening in your machine. Please perform the following scan:
- Download DDS by sUBs from one of the following links. Save it to your desktop.
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explanation about the tool. No input is needed, the scan is running.
- Notepad will open with the results soon.
- Follow the instructions that pop up for posting the results and then click Ok.
- The black and message box window shall then disappear.
- Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.
Download and run RootRepeal CR
Please download RootRepeal from the following location and save it to your desktop.
- Direct Download (Recommended)
- Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
- Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
- Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
- Physically disconnect your machine from the internet as your system will be unprotected.
- Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
- Click the tab at the bottom.
- Now press the button.
- A box will pop up, check the boxes beside All Seven options/scan area
- Now click OK.
- Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
- The scan will take a little while to run, so let it go unhindered.
- Once it is done, click the Save Report button.
- Save it as RepealScan and save it to your desktop
- Reconnect to the internet.
- Post the contents of that log in your reply please.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#3
Posted 21 September 2009 - 03:29 PM
Attached Files
#4
Posted 22 September 2009 - 02:26 PM
Please post the Combofix log you ran. It can be found in your C:\ drive entitled Combofix.txt
--
Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.
It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.
It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.
Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."
It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.
Your previous Malwarebytes scan shows "no-action taken"
Re-run scan with MalwareBytes Anti-Malware
Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#5
Posted 22 September 2009 - 04:29 PM
ComboFix 09-09-20.01 - Raymond Rodriguez 09/22/2009 15:05.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.323 [GMT -7:00]
Running from: c:\documents and settings\Raymond Rodriguez\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\irc.txt
c:\windows\system32\Install.txt
.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.
2009-12-19 02:40 . 2009-12-19 02:45 -------- d-----w- C:\Binaries
2009-12-19 02:36 . 2009-09-22 14:26 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-19 02:36 . 2009-09-22 14:26 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-19 02:33 . 2009-12-19 02:33 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-19 01:11 . 2009-09-22 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-19 01:11 . 2009-12-19 01:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-19 01:06 . 2009-12-19 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-22 14:44 . 2009-09-22 14:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-22 14:44 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-09-22 14:44 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-09-22 14:43 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-09-22 14:43 . 2009-09-22 14:44 -------- d-----w- c:\windows\system32\ZoneLabs
2009-09-22 14:43 . 2009-09-22 14:43 -------- d-----w- c:\program files\Zone Labs
2009-09-22 14:41 . 2009-09-22 22:19 -------- d-----w- c:\windows\Internet Logs
2009-09-21 21:26 . 2009-09-21 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-21 21:26 . 2009-09-21 21:26 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Local Settings\Application Data\WinZip
2009-09-21 05:55 . 2009-09-21 05:55 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\Malwarebytes
2009-09-21 05:55 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 05:55 . 2009-09-21 05:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 05:55 . 2009-09-21 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-21 05:55 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-21 01:48 . 2009-09-21 01:48 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-11 15:47 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-08-30 18:50 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-08-30 18:44 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-08-30 18:44 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-08-30 18:44 . 2009-09-21 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-30 18:33 . 2009-01-30 00:15 23680 ----a-w- c:\windows\system32\drivers\motmodem.sys
2009-08-30 18:33 . 2008-03-28 00:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-08-30 18:31 . 2009-08-30 18:31 -------- d-----w- c:\program files\Motorola
2009-08-30 18:31 . 2009-08-30 18:31 -------- d-----w- c:\program files\Common Files\Motorola Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 02:40 . 2009-04-23 22:35 -------- d-----w- c:\program files\BitDefender
2009-12-19 01:07 . 2009-04-17 04:47 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\uTorrent
2009-12-18 07:02 . 2009-04-23 22:42 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-22 21:40 . 2009-04-17 04:47 -------- d-----w- c:\program files\uTorrent
2009-09-21 01:17 . 2006-09-01 05:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 00:57 . 2009-05-06 18:21 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-11 20:18 . 2009-07-27 19:56 -------- d-----w- c:\program files\PokerStars
2009-09-11 20:14 . 2009-05-31 18:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-30 18:51 . 2009-08-30 18:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-08-30 18:51 . 2009-08-30 18:51 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-21 23:27 . 2009-02-12 23:52 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-08-17 17:43 . 2009-08-17 17:43 53712 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-17 17:43 . 2009-05-31 16:44 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\Apple Computer
2009-08-17 17:33 . 2009-08-17 17:32 -------- d-----w- c:\program files\Safari
2009-08-17 17:30 . 2009-08-17 17:29 -------- d-----w- c:\program files\iTunes
2009-08-17 17:30 . 2009-08-17 17:30 -------- d-----w- c:\program files\iPod
2009-08-17 17:30 . 2009-05-31 16:41 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 15:25 . 2009-08-17 15:25 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\PokerCreations
2009-08-17 15:24 . 2009-08-17 15:24 -------- d-----w- c:\documents and settings\Raymond Rodriguez\Application Data\NLOP
2009-08-12 22:53 . 2009-04-03 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-05 09:01 . 2006-03-16 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-21 19:58 . 2009-07-21 19:58 620 ----a-w- c:\windows\EReg515.dat
2009-07-21 19:57 . 2009-07-21 19:57 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-07-21 19:57 . 2009-07-21 19:57 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-07-17 19:01 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-03-16 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 17:02 . 2009-06-09 19:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-03 23:48 . 2009-07-03 23:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 23:45 . 2009-07-03 23:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-07-03 17:09 . 2006-03-16 04:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-03-16 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-03-16 04:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-03-16 04:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-03-16 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-03-16 04:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-03-06 01:08 . 2009-04-23 22:39 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-21_02.06.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-22 14:44 . 2009-02-16 07:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-09-22 14:44 . 2008-11-17 09:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-09-22 14:43 . 2009-02-16 07:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 35208 c:\windows\system32\vswmi.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 58248 c:\windows\system32\vsregexp.dll
+ 2009-09-22 14:41 . 2009-09-22 14:41 62464 c:\windows\Installer\1de7f6.msi
+ 2009-09-21 21:27 . 2009-09-21 21:27 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B9}\IconCD95F6617.exe
+ 2009-09-22 14:43 . 2009-02-16 07:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 10:51 . 2008-07-29 10:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-09-22 14:41 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-09-22 14:44 . 2007-10-11 23:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-09-22 14:44 . 2008-11-17 09:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-09-22 14:44 . 2008-11-17 09:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-09-22 14:41 . 2009-02-05 01:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-09-22 14:44 . 2009-02-16 07:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-09-22 14:44 . 2008-03-17 23:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 109960 c:\windows\system32\vsxml.dll
+ 2009-09-22 14:41 . 2009-02-16 07:10 482184 c:\windows\system32\vsutil.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-09-22 14:41 . 2009-02-16 07:10 229256 c:\windows\system32\vsinit.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-09-22 14:41 . 2009-02-16 07:10 110472 c:\windows\system32\vsdata.dll
+ 2009-09-21 21:27 . 2009-09-21 21:27 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B9}\IconCD95F66110.exe
+ 2009-09-22 14:44 . 2009-02-16 07:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-09-22 14:44 . 2008-11-17 09:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-09-22 14:43 . 2009-02-16 07:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-09-21 21:27 . 2009-09-21 21:27 1541120 c:\windows\Installer\103fbdb.msi
+ 2009-09-22 14:44 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-09-22 14:44 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 9:41 PM 33808]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [10/6/2008 6:16 PM 82696]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/30/2009 11:31 AM 91392]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2/12/2009 4:52 PM 104456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 6:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 9:59 PM 19472]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 1:39 PM 61952]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [1/20/2009 7:16 PM 172032]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [9/18/2008 12:09 PM 111112]
S3 KProcWatch;KProcWatch;\??\c:\windows\system32\drivers\KProcWatch.sys --> c:\windows\system32\drivers\KProcWatch.sys [?]
S3 mfsdisk;mfsdisk;c:\windows\system32\mfsdisk.sys [3/15/2006 9:00 PM 2304]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SRESCAN
*NewlyCreated* - VSMON
*Deregistered* - FKFAP
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Raymond Rodriguez\Application Data\Mozilla\Firefox\Profiles\xmnoylat.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 15:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-09-22 15:23
ComboFix-quarantined-files.txt 2009-09-22 22:23
ComboFix2.txt 2009-09-21 05:34
ComboFix3.txt 2009-09-21 02:13
Pre-Run: 43,847,761,920 bytes free
Post-Run: 43,798,863,872 bytes free
254 --- E O F --- 2009-09-22 14:51
And here is the mbam
Malwarebytes' Anti-Malware 1.41
Database version: 2834
Windows 5.1.2600 Service Pack 3
9/22/2009 2:50:29 PM
mbam-log-2009-09-22 (14-50-29).txt
Scan type: Quick Scan
Objects scanned: 105230
Time elapsed: 6 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#6
Posted 23 September 2009 - 06:49 PM
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#7
Posted 23 September 2009 - 07:45 PM
#8
Posted 23 September 2009 - 07:57 PM
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#9
Posted 27 September 2009 - 03:24 PM
Are you still there?
If you are please follow the instructions in my previous post.
If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.
Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.
Thanks for understanding.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#10
Posted 29 September 2009 - 02:43 PM
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users